Re: [OAUTH-WG] Agenda for Atlanta Meeting
fine for me Am 05.10.2012 10:03, schrieb Hannes Tschofenig: Hi all, here is an agenda proposal for the Atlanta IETF meeting: (The indicated names are proposals.) -- Agenda: 1. Status Update, Agenda Bashing (Chairs) 2. Token Revocation (Thorsten) 3. Assertions (Brian + Mike) 4. OAuth Use Cases (Zachary) 5. JWT (Mike) 6. Security (Phil) 7. Dynamic Client Registration (Thomas) 8. Roadmap -- In the last item we would like to discuss the bigger picture of how to get OAuth 2.0 deployment improved. There are at least 2 parts to this, namely (a) what other specifications do we need to work on, and (b) how do we improve interoperability. Let us know whether you think that this fits your needs. Ciao Hannes Derek PS: I am hoping to see daft updates of the WG items soon. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Resource owner initiated OAuth delegation
Hi folks, I would like to know your thoughts on the $subject.. For me it looks like a concrete use case where OAuth conceptually does address - but protocol does not well defined.. Please find [1] for further details... [1]: http://blog.facilelogin.com/2012/10/ationwhat-oauth-lacks-resource-owner.html -- Thanks Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] I-D Action: draft-ietf-oauth-revocation-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : Token Revocation Author(s) : Torsten Lodderstedt Stefanie Dronia Marius Scurtescu Filename: draft-ietf-oauth-revocation-01.txt Pages : 7 Date: 2012-10-06 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-revocation-01 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-revocation-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-revocation-01.txt
Hi all, the new revision addresses two issues raised on the list: - The draft now gives a more precise description of the semantics of the revocation request based on the concept of the underlying access grant. - We incoporated CORS (in addition to JSONP) and renamed the respective section to Cross-Origin Support regards, Torsten. Am 06.10.2012 19:30, schrieb internet-dra...@ietf.org: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : Token Revocation Author(s) : Torsten Lodderstedt Stefanie Dronia Marius Scurtescu Filename: draft-ietf-oauth-revocation-01.txt Pages : 7 Date: 2012-10-06 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-revocation-01 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-revocation-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Agenda for Atlanta Meeting
+1 Phil On 2012-10-06, at 10:07, Torsten Lodderstedt tors...@lodderstedt.net wrote: fine for me Am 05.10.2012 10:03, schrieb Hannes Tschofenig: Hi all, here is an agenda proposal for the Atlanta IETF meeting: (The indicated names are proposals.) -- Agenda: 1. Status Update, Agenda Bashing (Chairs) 2. Token Revocation (Thorsten) 3. Assertions (Brian + Mike) 4. OAuth Use Cases (Zachary) 5. JWT (Mike) 6. Security (Phil) 7. Dynamic Client Registration (Thomas) 8. Roadmap -- In the last item we would like to discuss the bigger picture of how to get OAuth 2.0 deployment improved. There are at least 2 parts to this, namely (a) what other specifications do we need to work on, and (b) how do we improve interoperability. Let us know whether you think that this fits your needs. Ciao Hannes Derek PS: I am hoping to see daft updates of the WG items soon. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] I-D Action: draft-ietf-oauth-v2-threatmodel-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : OAuth 2.0 Threat Model and Security Considerations Author(s) : Torsten Lodderstedt Mark McGloin Phil Hunt Filename: draft-ietf-oauth-v2-threatmodel-08.txt Pages : 71 Date: 2012-10-06 Abstract: This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 Protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-08 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-threatmodel-08 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-threatmodel-08.txt
Hi all, this revision addresses the comments from IESG review. regards, Torsten. Am 06.10.2012 22:48, schrieb internet-dra...@ietf.org: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : OAuth 2.0 Threat Model and Security Considerations Author(s) : Torsten Lodderstedt Mark McGloin Phil Hunt Filename: draft-ietf-oauth-v2-threatmodel-08.txt Pages : 71 Date: 2012-10-06 Abstract: This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification, based on a comprehensive threat model for the OAuth 2.0 Protocol. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-08 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-threatmodel-08 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth