[OAUTH-WG] IETF 84 versions of JOSE and JWT specifications
I've made a minor release of the JSON WEB
{Signature,Encryption,Key,Algorithms,Token} (JWS, JWE, JWK, JWA, JWT)
specifications to support the working group discussions at IETF 84 in
Vancouver, BC. This release
incorporates working group feedback since the minor release on July
16th and updates the lists of open issues in
the JWE and JWA specifications.
The specifications are available at:
*http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05
*http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05
*http://tools.ietf.org/html/draft-ietf-jose-json-web-key-05
*http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-05
*http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03
The document history entries (also in the specifications) are as follows:
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-05
* Added statement that "StringOrURI values are compared as case-sensitive
strings with no transformations or canonicalizations applied".
* Indented artwork elements to better distinguish them from the body text.
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05
* Support both direct encryption using a shared or agreed upon symmetric
key, and the use of a shared or agreed upon symmetric key to key wrap the CMK.
* Added statement that "StringOrURI values are compared as case-sensitive
strings with no transformations or canonicalizations applied".
* Updated open issues.
* Indented artwork elements to better distinguish them from the body text.
http://tools.ietf.org/html/draft-ietf-jose-json-web-key-05
* Indented artwork elements to better distinguish them from the body text.
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-05
* Support both direct encryption using a shared or agreed upon symmetric
key, and the use of a shared or agreed upon symmetric key to key wrap the CMK.
Specifically, added the alg values dir, ECDH-ES+A128KW, and ECDH-ES+A256KW to
finish filling in this set of capabilities.
* Updated open issues.
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03
* Added statement that "StringOrURI values are compared as case-sensitive
strings with no transformations or canonicalizations applied".
* Indented artwork elements to better distinguish them from the body text.
-- Mike
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : JSON Web Token (JWT) Author(s) : Michael B. Jones John Bradley Nat Sakimura Filename: draft-ietf-oauth-json-web-token-03.txt Pages : 24 Date: 2012-07-30 Abstract: JSON Web Token (JWT) is a means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is digitally signed or MACed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE). The suggested pronunciation of JWT is the same as the English word "jot". The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-json-web-token-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
Some of us met before the Plenary. I have Dinner plans, but people can keep Hannes company. He seems a touch stressed, but it is all good. John B. On 2012-07-30, at 6:26 PM, Nat Sakimura wrote: > Let me know if we are meeting after the plenary. > > =nat via iPhone > > On 2012/07/30, at 16:39, Brian Campbell wrote: > >> Is there any consensus about this? >> >> On Mon, Jul 30, 2012 at 2:49 PM, Leif Johansson wrote: >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> On 07/30/2012 10:43 PM, Phil Hunt wrote: I can't do it before 5 >>> >>> Maybe find another day Hannes? >>> -BEGIN PGP SIGNATURE- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>> >>> iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf >>> exQAn2PQ//shnMa86u1YOEHrnC193UBJ >>> =/Jyp >>> -END PGP SIGNATURE- >>> ___ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
Let me know if we are meeting after the plenary. =nat via iPhone On 2012/07/30, at 16:39, Brian Campbell wrote: > Is there any consensus about this? > > On Mon, Jul 30, 2012 at 2:49 PM, Leif Johansson wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 07/30/2012 10:43 PM, Phil Hunt wrote: >>> I can't do it before 5 >> >> Maybe find another day Hannes? >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.11 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf >> exQAn2PQ//shnMa86u1YOEHrnC193UBJ >> =/Jyp >> -END PGP SIGNATURE- >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
Is there any consensus about this? On Mon, Jul 30, 2012 at 2:49 PM, Leif Johansson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/30/2012 10:43 PM, Phil Hunt wrote: >> I can't do it before 5 > > Maybe find another day Hannes? > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf > exQAn2PQ//shnMa86u1YOEHrnC193UBJ > =/Jyp > -END PGP SIGNATURE- > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
Thanks for the feedback. I therefore propose to meet * before the IAB plenary in front of the Regency C/D room at 17:10, AND * after the IAB plenary at the Constable room for those who are available. Ciao Hannes On Jul 30, 2012, at 9:33 AM, Hannes Tschofenig wrote: > Hi all, > > for those who are attending the IETF meeting in Vancouver I am proposing to > have an informal chat about ongoing activities. > > I am proposing to meet after the Monday IAB technical plenary (which finishes > at 19:30). I reserved the room Constable on the 4th floor. > > Ciao > Hannes > ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/30/2012 10:43 PM, Phil Hunt wrote: > I can't do it before 5 Maybe find another day Hannes? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAW814ACgkQ8Jx8FtbMZndKcwCeLgJdj4EEZOtmrStdXzCHaVXf exQAn2PQ//shnMa86u1YOEHrnC193UBJ =/Jyp -END PGP SIGNATURE- ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
I can't do it before 5 Phil On 2012-07-30, at 13:41, "Klaas Wierenga (kwiereng)" wrote: > > On Jul 30, 2012, at 10:37 PM, Lucy Lynch wrote: > >> On Mon, 30 Jul 2012, Leif Johansson wrote: >> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> On 07/30/2012 06:35 PM, Anthony Nadalin wrote: You providing beer? -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject: [OAUTH-WG] Informal OAuth Chat @ IETF#84 Hi all, for those who are attending the IETF meeting in Vancouver I am proposing to have an informal chat about ongoing activities. I am proposing to meet after the Monday IAB technical plenary (which finishes at 19:30). I reserved the room Constable on the 4th floor. >>> >>> Is there any way we can do this in the break before the plenary >>> instead? My brain will be toast by 19:30 >> >> better for me as well my week is pretty booked, so late additions are hard >> to accomedate. > > same here, unfortunately I can not do after the plenary, before would work > for me. > > Klaas > >> >>> -BEGIN PGP SIGNATURE- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>> >>> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL >>> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr >>> =hsLb >>> -END PGP SIGNATURE- >>> ___ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
On Jul 30, 2012, at 10:37 PM, Lucy Lynch wrote: > On Mon, 30 Jul 2012, Leif Johansson wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 07/30/2012 06:35 PM, Anthony Nadalin wrote: >>> You providing beer? >>> >>> -Original Message- From: oauth-boun...@ietf.org >>> [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig >>> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject: >>> [OAUTH-WG] Informal OAuth Chat @ IETF#84 >>> >>> Hi all, >>> >>> for those who are attending the IETF meeting in Vancouver I am >>> proposing to have an informal chat about ongoing activities. >>> >>> I am proposing to meet after the Monday IAB technical plenary >>> (which finishes at 19:30). I reserved the room Constable on the >>> 4th floor. >>> >> >> Is there any way we can do this in the break before the plenary >> instead? My brain will be toast by 19:30 > > better for me as well my week is pretty booked, so late additions are hard to > accomedate. same here, unfortunately I can not do after the plenary, before would work for me. Klaas > >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.11 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL >> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr >> =hsLb >> -END PGP SIGNATURE- >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
fine with me. On 2012-07-30, at 1:37 PM, Lucy Lynch wrote: > On Mon, 30 Jul 2012, Leif Johansson wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 07/30/2012 06:35 PM, Anthony Nadalin wrote: >>> You providing beer? >>> >>> -Original Message- From: oauth-boun...@ietf.org >>> [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig >>> Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject: >>> [OAUTH-WG] Informal OAuth Chat @ IETF#84 >>> >>> Hi all, >>> >>> for those who are attending the IETF meeting in Vancouver I am >>> proposing to have an informal chat about ongoing activities. >>> >>> I am proposing to meet after the Monday IAB technical plenary >>> (which finishes at 19:30). I reserved the room Constable on the >>> 4th floor. >>> >> >> Is there any way we can do this in the break before the plenary >> instead? My brain will be toast by 19:30 > > better for me as well my week is pretty booked, so late additions are hard to > accomedate. > >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.11 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL >> dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr >> =hsLb >> -END PGP SIGNATURE- >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
On Mon, 30 Jul 2012, Leif Johansson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/30/2012 06:35 PM, Anthony Nadalin wrote: You providing beer? -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject: [OAUTH-WG] Informal OAuth Chat @ IETF#84 Hi all, for those who are attending the IETF meeting in Vancouver I am proposing to have an informal chat about ongoing activities. I am proposing to meet after the Monday IAB technical plenary (which finishes at 19:30). I reserved the room Constable on the 4th floor. Is there any way we can do this in the break before the plenary instead? My brain will be toast by 19:30 better for me as well my week is pretty booked, so late additions are hard to accomedate. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr =hsLb -END PGP SIGNATURE- ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/30/2012 06:35 PM, Anthony Nadalin wrote: > You providing beer? > > -Original Message- From: oauth-boun...@ietf.org > [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject: > [OAUTH-WG] Informal OAuth Chat @ IETF#84 > > Hi all, > > for those who are attending the IETF meeting in Vancouver I am > proposing to have an informal chat about ongoing activities. > > I am proposing to meet after the Monday IAB technical plenary > (which finishes at 19:30). I reserved the room Constable on the > 4th floor. > Is there any way we can do this in the break before the plenary instead? My brain will be toast by 19:30 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAW7ucACgkQ8Jx8FtbMZnegQACgxb8llX8S84irE5Wk7DVM5nmL dloAnioNKJiRXVQihvlJ31Bqz/0Qj8sr =hsLb -END PGP SIGNATURE- ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Proposed note to RFC Editor
+1 Reason: Clarity is always good! Igor On 7/28/2012 5:56 PM, Torsten Lodderstedt wrote: Hi John, I would prefer to make it a MUST. regards, Torsten. Am 27.07.2012 18:42, schrieb John Bradley: The text in 3.2.1 is informational to explain why there is a REQUIRED is in 4.1.3. Putting the explanation in the parameter description seems awkward that is why I left it in 3.2.1 where the description that public clients can send client_id originally lived. I also note that there is no other normative text in Sec 3.2.1 other than the first MUST that refers to sec 2.3, the rest of the text reads as an explanation of rationale for client authentication. That is why I phrased it that way. I personally try to make normative requirements once as I get enough stick about long specs:) I am OK with making it normative by adding a MUST, though I will leave it up to the Editor to decide on if duplicating normative text is the preferred style. On 2012-07-27, at 7:36 AM, Torsten Lodderstedt wrote: Hi Brian, I know. But there is this sentence in 3.2.1, -- In the "authorization_code" grant_type request to the token endpoint, an unauthenticated client sends "client_id" to prevent itself from inadvertently accepting a code intended for a client with a different "client_id". --- which explicitely discusses the authz code w/o saying this behavior is mandatory. People might "feel" a contradiction or difference to 4.1.3. I would suggest to either remove this sentence in 3.2.1 or change it to: -- In the "authorization_code" grant_type request to the token endpoint, an unauthenticated client MUST send its "client_id" to prevent itself from inadvertently accepting a code intended for a client with a different "client_id". --- regards, Torsten. Am 27.07.2012 15:47, schrieb Brian Campbell: Hey Torsten, The requirement that public clients send their client_id with an authz code grant is in 4.1.3 (Where the Access Token Request for the code grant is defined) of John's proposed text: 4.1.3. Access Token Request client_id REQUIRED if the client is NOT authenticating with the authorization server as described in Section 3.2.1 On Thu, Jul 26, 2012 at 11:40 PM, Torsten Lodderstedt wrote: Hi John, I would expect sending a client_id is a MUST for public clients in the authz code grant type. That's not how I read the proposed text for section 3.1. regards, Torsten. John Bradley schrieb: The changes introduced in Draft 29 had unintended consequences on parts of the spec caused by Sec 4.3, 4.4 and 6 referencing Sec 3.2.1 as part of client authentication. This change restricts the requirement to send client_id to only Sec 4.1.4 for clients that are not authenticated per Sec 3.2.1 Section 3.2.1 A public client that was not issued a client password MUST use the "client_id" request parameter to identify itself when sending requests to the token endpoint. This allows the authorization server to ensure that the code was issued to the same client. Sending "client_id" prevents the client from inadvertently accepting a code intended for a client with a different "client_id". This protects the client from substitution of the authentication code. (It provides no additional security for the protected resource.) Change to A client MAY use the "client_id" request parameter to identify itself when sending requests to the token endpoint. In the "authorization_code" grant_type request to the token endpoint, an unauthenticated client sends "client_id" to prevent itself from inadvertently accepting a code intended for a client with a different "client_id". This protects the client from substitution of the authentication code. (It provides no additional security for the protected resource.) ** This allows any client to send client ID and explains the threat to code. 4.1.3. Access Token Request Add client_id REQUIRED if the client is NOT authenticating with the authorization server as described in Section 3.2.1 ** This makes client_id only REQUIRED for the code flow if the client is not otherwise authenticated. Change ensure the authorization code was issued to the authenticated confidential client or to the public client identified by the "client_id" in the request, To: ensure the authorization code was issued to the authenticated confidential client, or if the client is public, ensure the code was issued to "client_id" in the request, ** That removes the implication of authentication. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org
Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting requested
We will have a WebEx available if you can attend remotely? That's my plan, as I cannot make Vancouver this week. -derek Torsten Lodderstedt writes: > Hi Hannes, > > I'm unfortunately had to cancel my trip to IETF-84. Phil will cover the status > of the threat model document. But none of the authors of the Revocation Draft > will be attending. So I would ask you to postpone the presentation of this I-D > to the next IETF meeting as well. > > best regards, > Torsten. > > Am 23.07.2012 17:02, schrieb Thomas Hardjono: > > Hannes, Derek, > > Would it possible to postpone presentation/discussion of the Dyn-Reg > draft (Dynamic Client Registration Protocol) to the Atlanta/November > IETF meeting? > > The reason is that none of the proposers will be attending the > Vancouver IETF in-person. > > Thanks. > > /thomas/ > > __ > > -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > > Behalf > > Of Hannes Tschofenig > Sent: Sunday, July 15, 2012 1:58 PM > To: John Bradley > Cc: oauth@ietf.org WG > Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF meeting > requested > > Hi all, > > I have uploaded an agenda for the meeting. > > I am assuming that all these items do not require discussion time > anymore: > * draft-ietf-oauth-assertions > * draft-ietf-oauth-saml2-bearer > * draft-ietf-oauth-urn-sub-ns > * draft-ietf-oauth-v2 > * draft-ietf-oauth-v2-bearer > > Hence, we can focus on the new items. As discussed in the mail below > > I > > put a separate slot for discussion of the holder-of-the-key/MAC > > token > > security discussion on the agenda. I would suggest that a couple of > > us > > meeting during the IETF week to work together on a presentation that > provides some concrete suggestions for next steps to the rest of the > group. > > I also put the following persons on the spot for the presentations > > of > > working group items: > > - OAuth Dynamic Client Registration Protocol (Thomas) > - JSON Web Token (JWT) (Mike) > - JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 (Mike) > - Token Revocation (Torsten) > - SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (Brian) > - OAuth Use Cases (Zachary) > > Let me know if you want someone else to give the presentation. > > As a preparation for the meeting it would be good if you could > (a) identify the open issues with your document, and > (b) find one or two reviewers to have a look at your document during > the next two weeks. > > Ciao > Hannes > > On Jul 15, 2012, at 5:59 PM, John Bradley wrote: > > Yes we need to get clearer on the the threats and use cases. > > I think Phil Hunt has some though there is likely overlap. > > Part of the problem with MAC was people never agreed on the > > threats > > it was mitigating. > > I can present something or coordinate with Tony or Phil. > > John B. > > On 2012-07-14, at 9:36 PM, Anthony Nadalin wrote: > > How about a few min on proof-of-possession requirements? I can > > present our use cases and requirements > > -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] > On > > Behalf Of Mike Jones > > Sent: Friday, July 13, 2012 4:42 PM > To: Hannes Tschofenig; oauth@ietf.org WG > Subject: Re: [OAUTH-WG] Meeting slot for the Vancouver IETF > > meeting > > requested > > I'm willing to do 5 minutes on the status of the Core and > Bearer > > documents. > > I'm willing to give an update on JWT and the JWT Bearer - > > probably > > 15 minutes. It's probably good that we're a day after the JOSE WG > meeting, given the JWT dependency upon the JOSE specs. > > I'm willing to be part of a discussion on the Assertions > draft, > > but > > would appreciate doing this with Brian and/or Chuck - I'm guessing > > 15 > > minutes for that as well. (I'm not certain this will be needed, but > I'd lik
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/30/2012 06:35 PM, Anthony Nadalin wrote: > You providing beer? > OAUTH provides enough buzz as it is -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAWuhQACgkQ8Jx8FtbMZneXGgCeKp/ASjnJLuAon0jtkIMD2fc3 K8cAnRIy3lvcja0Vh4zwvIwgcb+rnWEf =VjmD -END PGP SIGNATURE- ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Informal OAuth Chat @ IETF#84
You providing beer? -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Monday, July 30, 2012 9:33 AM To: oauth@ietf.org WG Subject: [OAUTH-WG] Informal OAuth Chat @ IETF#84 Hi all, for those who are attending the IETF meeting in Vancouver I am proposing to have an informal chat about ongoing activities. I am proposing to meet after the Monday IAB technical plenary (which finishes at 19:30). I reserved the room Constable on the 4th floor. Ciao Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Informal OAuth Chat @ IETF#84
Hi all, for those who are attending the IETF meeting in Vancouver I am proposing to have an informal chat about ongoing activities. I am proposing to meet after the Monday IAB technical plenary (which finishes at 19:30). I reserved the room Constable on the 4th floor. Ciao Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
