subject:"\[OAUTH\-WG\] New assertion drafts published"

[OAUTH-WG] New Assertion Drafts Published

2014-10-21 Thread Brian Campbell

New versions of all three OAuth assertion documents (listed below) have
been published with changes incorporating feedback received during IESG
Evaluation.

Assertion Framework for OAuth 2.0 Client Authentication and Authorization
Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/
http://tools.ietf.org/html/draft-ietf-oauth-assertions-18

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and
Authorization Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-11

SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization
Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-22


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] New Assertion Drafts Published

2014-07-23 Thread Brian Campbell

New versions of all three OAuth related assertion documents (listed below)
have been published with Privacy Considerations added to each. The request
for Privacy Considerations came out of AD review and, with this update, all
known issues/comments have now been addressed.

Assertion Framework for OAuth 2.0 Client Authentication and Authorization
Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and
Authorization Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/

SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization
Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] New Assertion Drafts Published

2013-12-09 Thread Brian Campbell

New versions of all three OAuth related assertion documents have been
published. Links to the htmlized drafts and change logs (mostly
clarification resulting from Shepherd review in early November) are listed
below. Thanks to Mike Jones for the preliminary review and updates/fixes.

Assertion Framework for OAuth 2.0 Client Authentication and Authorization
Grants
http://tools.ietf.org/html/draft-ietf-oauth-assertions-13

   draft-ietf-oauth-assertions-13


   o  Clean up language around subject per the subject part of http://

  www.ietf.org/mail-archive/web/oauth/current/msg12155.html

   o  Replace "Client Credentials flow" by "Client Credentials _Grant_"
  as suggested in
http://www.ietf.org/mail-archive/web/oauth/current

  /msg12155.html


   o  For consistency with SAML and JWT per http://www.ietf.org/mail-

  archive/web/oauth/current/msg12251.html
 and
http://www.ietf.org/

  mail-archive/web/oauth/current/msg12253.html

Stated that "In the
  absence of an application profile specifying otherwise, compliant
  applications MUST compare the audience values using the Simple
  String Comparison method defined in Section 6.2.1 of RFC 3986
."

   o  Added one-time use, maximum lifetime, and specific subject and
  attribute requirements to Interoperability Considerations.



JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and
Authorization Grants
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-07

   draft-ietf-oauth-jwt-bearer-07


   o  Clean up language around subject per http://www.ietf.org/mail-

  archive/web/oauth/current/msg12250.html
.

   o  As suggested in
http://www.ietf.org/mail-archive/web/oauth/current

  /msg12251.html

stated that "In the absence of an application
  profile specifying otherwise, compliant applications MUST compare
  the audience values using the Simple String Comparison method
  defined in Section 6.2.1 of RFC 3986
."

   o  Added one-time use, maximum lifetime, and specific subject and
  attribute requirements to Interoperability Considerations based on
  http://www.ietf.org/mail-archive/web/oauth/current/msg12252.html.

   o  Remove "or its subject confirmation requirements cannot be met"
  text.

   o  Reword security considerations and mention that replay protection
  is not mandated based on http://www.ietf.org/mail-archive/web/

  oauth/current/msg12259.html
.



SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization
Grants
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-18

   draft-ietf-oauth-saml2-bearer-18


   o  Clean up language around subject per http://www.ietf.org/mail-

  archive/web/oauth/current/msg12254.html
.

   o  As suggested in
http://www.ietf.org/mail-archive/web/oauth/current

  /msg12253.html

stated that "In the absence of an application
  profile specifying otherwise, compliant applications MUST compare
  the audience/issuer values using the Simple String Comparison
  method defined in Section 6.2.1 of RFC 3986
."

   o  Clarify the potentially confusing language about the AS confirming
  the assertion
http://www.ietf.org/mail-archive/web/oauth/current/

  msg12255.html
.

   o  Combine the two items about AuthnStatement and drop the word
  presenter as discussed in http://www.ietf.org/mail-archive/web/

[OAUTH-WG] New Assertion Drafts Published

2013-03-29 Thread Brian Campbell

New versions of all three OAuth related assertion documents have been
published.  New document titles, URLs and change logs are listed below.
I've tried to address the comments and discuss issues from the IESG review
as well as subsequent discussion and decisions that took place in Orlando.
There have also been some comments and questions on the WG list, which I've
attempted to address and clarify things where possible. Special thanks to
Mike Jones for the editorial help with these.


Assertion Framework for OAuth 2.0 Client Authentication and Authorization
Grants
http://tools.ietf.org/html/draft-ietf-oauth-assertions-11

SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization
Grants
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-16

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and
Authorization Grants
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-05


   draft-ietf-oauth-assertions-11


   o  Addressed comments from IESG evaluation https://

  datatracker.ietf.org/doc/draft-ietf-oauth-assertions/ballot/.

   o  Reworded Interoperability Considerations to state what
  identifiers, keys, endpoints, etc. need to be exchanged/agreed
  upon.

   o  Added brief description of assertion to the into and included a
  reference to Section 3

(Framework) where it's described more.

   o  Changed such that a self-issued assertion must (was should) have
  the client id as the issuer.

   o  Changed "Specific Assertion Format and Processing Rules" to
  "Common Scenarios" and reworded to be more suggestive of common
  practices, rather than trying to be normative.  Also removed lots
  of repetitive text in that section.

   o  Refined language around audience, subject, client identifiers,
  etc. to hopefully be clearer and less redundant.


   o  Changed title from "Assertion Framework for OAuth 2.0" to
  "Assertion Framework for OAuth 2.0 Client Authentication and
  Authorization Grants" to be more explicit about the scope of the
  document per
  http://www.ietf.org/mail-archive/web/oauth/current/msg11063.html.

   o  Noted that authentication of the client per Section 3.2.1

of OAuth
  is optional for an access token request with an assertion as an
  authorization grant and removed client_id from the associated
  example.


   draft-ietf-oauth-saml2-bearer-16


   o  Changed title from "SAML 2.0 Bearer Assertion Profiles for OAuth
  2.0" to "SAML 2.0 Profile for OAuth 2.0 Client Authentication and
  Authorization Grants" to be more explicit about the scope of the
  document per http://www.ietf.org/mail-archive/web/oauth/current/

  msg11063.html
.

   o  Fixed typo in text identifying the presenter from "or similar
  element, the" to "or similar element in the".

   o  Numbered the list of processing rules.


   o  Smallish editorial cleanups to try and improve readability and
  comprehensibility.

   o  Cleaner split out of the processing rules in cases where they
  differ for client authentication and authorization grants.

   o  Clarified the parameters that are used/available for authorization
  grants.

   o  Added Interoperability Considerations section and info reference
  to SAML Metadata.

   o  Added more explanatory context to the example in Section 4
.




   draft-ietf-oauth-jwt-bearer-05

   o  Changed title from "JSON Web Token (JWT) Bearer Token Profiles for
  OAuth 2.0" to "JSON Web Token (JWT) Profile for OAuth 2.0 Client
  Authentication and Authorization Grants" to be more explicit about
  the scope of the document per
http://www.ietf.org/mail-archive/web

  /oauth/current/msg11063.html
.

   o  Numbered the list of processing rules.

   o  Smallish editorial cleanups to try and improve readability and
  comprehensibility.

   o  Cleaner split out of the processing rules in cases where they
  differ for client authentication and authorization grants.

   o  Clarified the parameters that are used/available for authorization
  grants.


   o  Added Interoperability Considerations section.

   o  Added more explanatory context to the example in Section 4
.
_

[OAUTH-WG] New assertion drafts published

2012-09-14 Thread Brian Campbell

New versions of the three OAuth assertion related drafts have been
published. The documents are available in the usual locations:

Assertion Framework for OAuth 2.0
http://tools.ietf.org/html/draft-ietf-oauth-assertions-06

SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-14

JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-02

Text was added to the introduction of all three further explaining that an
assertion grant type can be used with or without client
authentication/identification and that client assertion authentication is
nothing more than an alternative way for a client to authenticate to the
token endpoint. Two new examples were added to each of the JWT and SAML
drafts. References were updated in all three.

Hopefully now draft-ietf-oauth-assertions-06 and
draft-ietf-oauth-saml2-bearer-14 are ready to go to WGLC.

Thanks to Mike Jones for the preliminary review and updates/fixes.

Regards,
Brian Campbell
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] New Assertion Drafts Published

[OAUTH-WG] New Assertion Drafts Published

[OAUTH-WG] New Assertion Drafts Published

[OAUTH-WG] New Assertion Drafts Published

[OAUTH-WG] New assertion drafts published

5 matches

Site Navigation

Mail list logo

Footer information