Re: [OAUTH-WG] Conclusion of 'OAuth Security Topics' Call for Adoption
Yes, this matches my understanding of the discussions at the Seoul meeting. On 03/04/2017 07:10 PM, Torsten Lodderstedt wrote: > Hi Hannes, > > just for clarification: as far as I remember the proposal in Seoul was to > turn the document into a BCP. > > Is this consistent with your expectation? > > kind regards, > Torsten. > >> Am 20.02.2017 um 12:02 schrieb Hannes Tschofenig: >> >> Hi all, >> >> earlier this month we issued a call for adoption of the OAuth security >> topics draft, see draft-lodderstedt-oauth-security-topics-00, and the >> response was quite positive on the list (as well as during the last f2f >> meeting). >> >> For this reason, we ask the authors to submit a WG version of the >> document and to discuss new content for the document in preparation for >> the next meeting. >> >> Note that the intention of the document is to discuss security topics as >> they relate to the work in the OAuth working group. As this initial >> document already does, it describes a problem statement and outlines >> various ways to mitigate the problems. I expect the working group to >> decide which solution approach is most appropriate and to detail it (at >> a specification level) in a separate document (some of those documents >> already exist in the working group). This should help us make decisions >> that are not just point solutions for specific problems but rather >> consider the big picture. >> >> Ciao >> Hannes & Derek >> >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > signature.asc Description: OpenPGP digital signature ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Conclusion of 'OAuth Security Topics' Call for Adoption
A BCP is still assigned a RFC number. The intent is to have BCP number as well. EG BCP195’s current instance is RFC 7525. The intent is to have a BCP series but the process is largely the same as I understand it. John B. > On Mar 4, 2017, at 3:10 PM, Torsten Lodderstedt> wrote: > > Hi Hannes, > > just for clarification: as far as I remember the proposal in Seoul was to > turn the document into a BCP. > > Is this consistent with your expectation? > > kind regards, > Torsten. > >> Am 20.02.2017 um 12:02 schrieb Hannes Tschofenig : >> >> Hi all, >> >> earlier this month we issued a call for adoption of the OAuth security >> topics draft, see draft-lodderstedt-oauth-security-topics-00, and the >> response was quite positive on the list (as well as during the last f2f >> meeting). >> >> For this reason, we ask the authors to submit a WG version of the >> document and to discuss new content for the document in preparation for >> the next meeting. >> >> Note that the intention of the document is to discuss security topics as >> they relate to the work in the OAuth working group. As this initial >> document already does, it describes a problem statement and outlines >> various ways to mitigate the problems. I expect the working group to >> decide which solution approach is most appropriate and to detail it (at >> a specification level) in a separate document (some of those documents >> already exist in the working group). This should help us make decisions >> that are not just point solutions for specific problems but rather >> consider the big picture. >> >> Ciao >> Hannes & Derek >> >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth smime.p7s Description: S/MIME Cryptographic Signature ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Conclusion of 'OAuth Security Topics' Call for Adoption
Hi Hannes, just for clarification: as far as I remember the proposal in Seoul was to turn the document into a BCP. Is this consistent with your expectation? kind regards, Torsten. > Am 20.02.2017 um 12:02 schrieb Hannes Tschofenig: > > Hi all, > > earlier this month we issued a call for adoption of the OAuth security > topics draft, see draft-lodderstedt-oauth-security-topics-00, and the > response was quite positive on the list (as well as during the last f2f > meeting). > > For this reason, we ask the authors to submit a WG version of the > document and to discuss new content for the document in preparation for > the next meeting. > > Note that the intention of the document is to discuss security topics as > they relate to the work in the OAuth working group. As this initial > document already does, it describes a problem statement and outlines > various ways to mitigate the problems. I expect the working group to > decide which solution approach is most appropriate and to detail it (at > a specification level) in a separate document (some of those documents > already exist in the working group). This should help us make decisions > that are not just point solutions for specific problems but rather > consider the big picture. > > Ciao > Hannes & Derek > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth smime.p7s Description: S/MIME cryptographic signature ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Conclusion of 'OAuth Security Topics' Call for Adoption
Great! On Mon, Feb 20, 2017 at 8:02 PM Hannes Tschofenigwrote: > Hi all, > > earlier this month we issued a call for adoption of the OAuth security > topics draft, see draft-lodderstedt-oauth-security-topics-00, and the > response was quite positive on the list (as well as during the last f2f > meeting). > > For this reason, we ask the authors to submit a WG version of the > document and to discuss new content for the document in preparation for > the next meeting. > > Note that the intention of the document is to discuss security topics as > they relate to the work in the OAuth working group. As this initial > document already does, it describes a problem statement and outlines > various ways to mitigate the problems. I expect the working group to > decide which solution approach is most appropriate and to detail it (at > a specification level) in a separate document (some of those documents > already exist in the working group). This should help us make decisions > that are not just point solutions for specific problems but rather > consider the big picture. > > Ciao > Hannes & Derek > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Nat Sakimura Chairman of the Board, OpenID Foundation ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Conclusion of 'OAuth Security Topics' Call for Adoption
Hi all, earlier this month we issued a call for adoption of the OAuth security topics draft, see draft-lodderstedt-oauth-security-topics-00, and the response was quite positive on the list (as well as during the last f2f meeting). For this reason, we ask the authors to submit a WG version of the document and to discuss new content for the document in preparation for the next meeting. Note that the intention of the document is to discuss security topics as they relate to the work in the OAuth working group. As this initial document already does, it describes a problem statement and outlines various ways to mitigate the problems. I expect the working group to decide which solution approach is most appropriate and to detail it (at a specification level) in a separate document (some of those documents already exist in the working group). This should help us make decisions that are not just point solutions for specific problems but rather consider the big picture. Ciao Hannes & Derek signature.asc Description: OpenPGP digital signature ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth