Re: [OAUTH-WG] About JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

Hello, As an implementor, I considered that JWT is a way to serialize token claims so for me - JWT Profile for OAuth 2.0 Access Tokens became Rich Token Profile for OAuth 2.0 Access Tokens. I have implemented different token encoders (JWT / CWT / PASETO / Macaroon) which are all finally just rich

[OAUTH-WG] Lars Eggert's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Lars Eggert has entered the following ballot position for draft-ietf-oauth-jwsreq-32: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https

Re: [OAUTH-WG] [Last-Call] Genart last call review of draft-ietf-oauth-access-token-jwt-11

Roni, thank you for your review. I have entered a No Objection ballot for this document. Lars > On 2021-2-7, at 11:28, Roni Even via Datatracker wrote: > > Reviewer: Roni Even > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Te

Re: [OAUTH-WG] [Last-Call] Genart last call review of draft-ietf-oauth-jwsreq-30

Joel, thank you for your review. I have entered a No Objection ballot for this document. Lars > On 2020-9-24, at 23:00, Joel Halpern via Datatracker wrote: > > Reviewer: Joel Halpern > Review result: Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team

[OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-17.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Security Best Current Practice Authors : Torsten Lodderstedt J

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-17.txt

Hi all, this version most importantly updates the recommendations for Mix-Up mitigation, building upon https://tools.ietf.org/html/draft-ietf-oauth-iss-auth-resp-00. The description of Mix-Up attacks has also been improved. Smaller changes:    * Make the use of metadata RECOMMENDED for both serv

[OAUTH-WG] Éric Vyncke's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Éric Vyncke has entered the following ballot position for draft-ietf-oauth-jwsreq-32: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https

[OAUTH-WG] Benjamin Kaduk's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Benjamin Kaduk has entered the following ballot position for draft-ietf-oauth-jwsreq-32: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to ht

[OAUTH-WG] Martin Duke's No Objection on draft-ietf-oauth-jwsreq-32: (with COMMENT)

Martin Duke has entered the following ballot position for draft-ietf-oauth-jwsreq-32: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https

[OAUTH-WG] Benjamin Kaduk's No Objection on draft-ietf-oauth-access-token-jwt-12: (with COMMENT)

Benjamin Kaduk has entered the following ballot position for draft-ietf-oauth-access-token-jwt-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please r