[OAUTH-WG] I-D Action: draft-ietf-oauth-step-up-authn-challenge-14.txt

2023-04-05 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title : OAuth 2.0 Step-up Authentication Challenge Protocol Authors : Vittorio Bertocci

Re: [OAUTH-WG] Httpdir telechat review of draft-ietf-oauth-step-up-authn-challenge-13

2023-04-05 Thread Brian Campbell
Thanks Mark. And thank you again for your review, which will improve the document. We'll we merge the and publish an updated draft soon incorporating your suggestions. On Wed, Apr 5, 2023 at 5:44 PM Mark Nottingham wrote: > Thanks -- that looks good. > > Cheers, > > > On 6 Apr 2023, at 5:31

Re: [OAUTH-WG] Httpdir telechat review of draft-ietf-oauth-step-up-authn-challenge-13

2023-04-05 Thread Mark Nottingham
___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Httpdir telechat review of draft-ietf-oauth-step-up-authn-challenge-13

2023-04-05 Thread Brian Campbell
And that PR is here https://github.com/oauth-wg/oauth-step-up-authn-challenge/pull/3/files On Wed, Apr 5, 2023 at 10:59 AM Brian Campbell wrote: > Thank you for the review Mark. I've replied inline below with some context > or explanation as best I can. And I'll put together a PR with

Re: [OAUTH-WG] [IANA #1270370] Request to register OAuth Authorization Server Metadata: dpop_signing_alg_values_supported

2023-04-05 Thread Mike Jones
I also approve this request. -- Mike From: John Bradley Sent: Wednesday, April 5, 2023 11:13 AM To: dick.ha...@gmail.com Cc: drafts-expert-review-comm...@iana.org; oauth-ext-rev...@ietf.org; Mike Jones ; n...@sakimura.org;

Re: [OAUTH-WG] [IANA #1270370] Request to register OAuth Authorization Server Metadata: dpop_signing_alg_values_supported

2023-04-05 Thread John Bradley
I approve the request. Sent from my iPhoneOn Apr 5, 2023, at 1:59 PM, Dick Hardt wrote:I approve this request. On Wed, Apr 5, 2023 at 8:47 AM David Dong via RT wrote:Dear Michael, Nat, John and Dick (cc: oauth WG / review mailing list), As the designated

Re: [OAUTH-WG] [IANA #1270370] Request to register OAuth Authorization Server Metadata: dpop_signing_alg_values_supported

2023-04-05 Thread Dick Hardt
I approve this request. On Wed, Apr 5, 2023 at 8:47 AM David Dong via RT < drafts-expert-review-comm...@iana.org> wrote: > Dear Michael, Nat, John and Dick (cc: oauth WG / review mailing list), > > As the designated experts for the OAuth Authorization Server Metadata > registry, can you review

Re: [OAUTH-WG] Httpdir telechat review of draft-ietf-oauth-step-up-authn-challenge-13

2023-04-05 Thread Brian Campbell
Thank you for the review Mark. I've replied inline below with some context or explanation as best I can. And I'll put together a PR with corresponding changes/clarifications. On Tue, Apr 4, 2023 at 11:18 PM Mark Nottingham via Datatracker < nore...@ietf.org> wrote: > Reviewer: Mark Nottingham >

Re: [OAUTH-WG] Httpdir telechat review of draft-ietf-oauth-step-up-authn-challenge-13

2023-04-05 Thread Aaron Parecki
Hi Mark, thanks for the review. On the terminology nits, I wanted to add some context. "Resource server" is a term used throughout the OAuth specs, defined in RFC6749. The term "resource" is used to distinguish the resource server from the authorization server. It would be incredibly confusing

[OAUTH-WG] [IANA #1270370] Request to register OAuth Authorization Server Metadata: dpop_signing_alg_values_supported

2023-04-05 Thread David Dong via RT
Dear Michael, Nat, John and Dick (cc: oauth WG / review mailing list), As the designated experts for the OAuth Authorization Server Metadata registry, can you review the proposed registration in draft-ietf-oauth-dpop for us? Please see: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/

Re: [OAUTH-WG] [IANA #1267318] expert review for draft-ietf-oauth-step-up-authn-challenge (oauth-parameters)

2023-04-05 Thread Hannes Tschofenig
Hi Amanda, I reviewed the request and I approve it. Thanks for the work. Ciao Hannes Am 05.04.2023 um 13:04 schrieb Amanda Baber via RT: Hi Hannes, Have you had a chance to review the OAuth Extensions Error registration in this document? It's on next week's telechat agenda.

[OAUTH-WG] Native Apps UX and HTML alternatives

2023-04-05 Thread George Fletcher
I'm trying to catch Justin's attention with that subject header :-) This is more just for historical purposes. The desktop AOL client was basically a rendering engine of a binary protocol called FDO (two versions 88 and 91). This protocol supported both markup and scripting optimized for transfer

[OAUTH-WG] [IANA #1267318] expert review for draft-ietf-oauth-step-up-authn-challenge (oauth-parameters)

2023-04-05 Thread Amanda Baber via RT
Hi Hannes, Have you had a chance to review the OAuth Extensions Error registration in this document? It's on next week's telechat agenda. https://datatracker.ietf.org/doc/draft-ietf-oauth-step-up-authn-challenge/ thanks, Amanda Baber IANA Operations Manager On Tue Mar 28 16:21:32 2023,

[OAUTH-WG] Ambiguity in draft-ietf-oauth-v2-1-08 when code_challenge is omitted

2023-04-05 Thread M Hickford
https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-08.html#name-countermeasures-2 says > To prevent injection of authorization codes into the client, using > code_challenge and code_verifier is REQUIRED for clients, and authorization > servers MUST enforce their use unless both of the