Re: [OAUTH-WG] [Ace] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00

2016-05-09 Thread Kepeng Li
We got several supports and no objections, so it is concluded that the draft is adopted as an ACE WG item, with the change that we remove the "web“ from the name. Authors: please resubmit the current draft as draft-ietf-ace-cbor-token-00.txt; we will start processing further changes in the WG

Re: [OAUTH-WG] Proof of Possession Tokens: Next Steps

2016-01-19 Thread Kepeng Li
> * to make a decision about other extensions. Nat and Kepeng submitted > the Sender Constrained JWT for OAuth2 2.0 document, see > https://tools.ietf.org/html/draft-sakimura-oauth-rjwtprof-06 > We asked the working group for feedback during IETF #93 and we couldn't > get enough feedback at that

Re: [OAUTH-WG] OAuth Recharting

2015-12-17 Thread Kepeng Li
Hi Hannes, Thanks for putting this together. >and specifications that mitigate security attacks, such as Proof Key for >Code Exchange. I propose to change it to: and specifications that mitigate security attacks, such as Proof Key for Code Exchange, and Sender Constraint JSON Web Token.

Re: [OAUTH-WG] Proof-of-Possession Key Semantics for JWTs spec addressing final shepherd comment

2015-11-04 Thread Kepeng Li
Thank you Mike. The diagrams look good to me. Kind Regards Kepeng 发件人: Mike Jones 日期: Thursday, 5 November, 2015 12:32 am 至: "oauth@ietf.org" 抄送: Li Kepeng 主题: Proof-of-Possession Key Semantics for JWTs spec

[OAUTH-WG] FW: New Version Notification for draft-sakimura-oauth-rjwtprof-06.txt

2015-10-20 Thread Kepeng Li
Hi Mike, Thanks for your review. It is very helpful, and I also forward it to the whole list. We will make a update when the submission window opens. Kind Regards Kepeng 发件人: Mike Jones 日期: Wednesday, 21 October, 2015 1:07 am 至: Li Kepeng

Re: [OAUTH-WG] Review comments to PoP document

2015-10-08 Thread Kepeng Li
至: Li Kepeng <kepeng@alibaba-inc.com>, "oauth@ietf.org" <oauth@ietf.org> 主题: RE: Review comments to PoP document Thanks for the useful review, Kepeng. Responses inline… From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Kepeng Li Sent: Wednesday, October 07, 201

[OAUTH-WG] Review comments to PoP document

2015-10-07 Thread Kepeng Li
Hello all, Please find my review comments to PoP document: http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-04 1、Title: Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) [Kepeng] Should we add OAuth 2.0 in the title? Also, in the whole document, we use JWT,

[OAUTH-WG] PoP document: IPR Confirmation

2015-09-30 Thread Kepeng Li
Hi Mike, John and Hannes, I am working on the shepherd writeup for the PoP document: http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-04 One item in the template requires me to indicate whether each document author

Re: [OAUTH-WG] Review comments to PoP Architecture

2015-09-19 Thread Kepeng Li
Additional comments: 6. Section 4: 1) An attacker may generate a bogus tokens … [Kepeng] Change “tokens” to “token”. 2) A client may also re-use access tokens for some other resource servers. [Kepeng] Change “re-use” to “reuse”. The pragraph title says “reuse”. Also in other places. 3) To

[OAUTH-WG] Review comments to PoP Architecture

2015-09-18 Thread Kepeng Li
Hello authors, Please find my review comments to PoP Architecture document: https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-02 1.Introduction: At the time of writing the OAuth 2.0 protocol family ([RFC6749], [RFC6750], and [RFC6819]) offer a single standardized security

[OAUTH-WG] PoP Architecture: IPR Confirmation

2015-09-16 Thread Kepeng Li
Hi Phil, Justin, William, Prateek ahd Hannes, I am working on the shepherd writeup for the PoP Architecture document: https://www.ietf.org/id/draft-ietf-oauth-pop-architecture-02.txt One item in the template requires me to indicate whether each document author has confirmed that any and all

Re: [OAUTH-WG] RS as a client guidance

2015-08-19 Thread Kepeng Li
From what I see, authorized presenter is a subset of authorized party. That is also my understanding. Kind Regards Kepeng 发件人: Nat Sakimura sakim...@gmail.com 日期: Thursday, 20 August, 2015 9:01 am 至: Mike Jones michael.jo...@microsoft.com 抄送: OAuth WG oauth@ietf.org 主题: Re: [OAUTH-WG] RS

Re: [OAUTH-WG] Proposed OAuth agenda items

2015-07-09 Thread Kepeng Li
I’d like to add one short agenda item (5 min), to discuss the way forward: http://datatracker.ietf.org/doc/draft-sakimura-oauth-rjwtprof/ Thanks, Kind Regards Kepeng 发件人: Mike Jones michael.jo...@microsoft.com 日期: Friday, 10 July, 2015 5:09 am 至: oauth@ietf.org oauth@ietf.org 主题: [OAUTH-WG]