On Thu, Oct 27, 2016 at 12:00 AM, Samuel Erdtman wrote:
> I think it is awesome that this document has been written since this is
> one of the solutions that exists in the wild.
>
>
Thanks. To some extent I was working to codify those existing solutions,
which is one of the reasons why the specif
Not wanting to add more meta parameters was a motivation. Also not being
sure of how to enumerate the possible approaches. My thinking was also that
there are a lot of factors involved and that it'd probably be better left
to service documentation to describe things like what authorities are
truste
Trying to get ahead of the I-D submission rush on Monday, I've published
draft -06 of "OAuth 2.0 Token Exchange" with the following relatively small
set of changes:
-06
o Drop "An STS for the REST of Us" from the title.
o Drop "heavyweight" and "lightweight" from the abstract and
in
Hello,
I reviewed draft-ietf-oauth-amr-values and have a few comments. First,
thanks for your work on this draft!
Several of the authentication methods mentioned are typically used (or
recommended for use) as a second or third factor. I see in section 3 that
multiple methods can be contained in
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : OAuth 2.0 Token Exchange
Authors : Michael B. Jones
Anthony Nadalin
Hello,
I just reviewed draft-ietf-oauth-jwsreq, and it looks great and seems to be
a nice addition to help with security. Thanks for your work on it.
I only have a few comments.
The first is just about some wording that is awkward in the TLS section.
What's there now:
Client implementations s
