Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Incremental Authorization

+1 > Am 24.04.2018 um 05:33 schrieb Nat Sakimura : > > +1 > > On Thu, Apr 19, 2018 at 3:28 AM Richard Backman, Annabelle > mailto:richa...@amazon.com>> wrote: > I support adoption of OAuth 2.0 Incremental Authorization as a WG document. > > > > -- > > Annabelle Richard Backman > > Amazon

Re: [OAUTH-WG] JWT BCP Acknowledgements (was Fwd: New Version Notification for draft-ietf-oauth-jwt-bcp-02.txt)

Thanks Brian for the reminder. Will update the draft. Yaron On 05/05/18 01:06, Brian Campbell wrote: AFAIK, Tim McLean was the first to bring the HMAC/RSA switching attack to the attention of JWS/JWT implementers - https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libra