I would like to see us proceed with the symmetric PoP work in Oauth WG and stop
the HTTP Signing work all together
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell
Sent: Wednesday, October 19, 2016 12:54 PM
To: Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] F
In my opinion, at this time, the OAuth WG should not proceed with the
symmetric implementation of PoP and should not continue work on HTTP
signing.
On Wed, Oct 19, 2016 at 12:45 PM, Hannes Tschofenig <
hannes.tschofe...@gmx.net> wrote:
> Hi all,
>
> two questions surfaced at the last IETF meeting
While the tokbind seems strategic, there are concerns about universality. A
chief barrier is getting all tls termination points to support - a matter of
substantial time.
There are also those that argue that we still need an app layer end-to-end
solution that pop provides.
That said, I am no
1. We should continue the PoP work in the OAuth working group and not move it
to ACE. (This was also discussed in the minutes at
https://www.ietf.org/proceedings/96/minutes/minutes-96-oauth.)
2. We should abandon the HTTP signing work. It is both overly complicated
*and* incomplete - not a
Hi all,
two questions surfaced at the last IETF meeting, namely
1) Do we want to proceed with the symmetric implementation of PoP or,
alternatively, do we want to move it over to the ACE working group?
2) Do we want to continue the work on HTTP signing?
We would appreciate your input on these t
FYI: I have just submitted the OAuth AMR to the IESG.
Forwarded Message
Subject: Publication has been requested for draft-ietf-oauth-amr-values-03
Date: Wed, 19 Oct 2016 08:07:03 -0700
From: Hannes Tschofenig
To: kathleen.moriarty.i...@gmail.com
CC: Hannes Tschofenig ,
hannes.ts