Nope, device flow still requires interactive login flow from the user, just
on another device. My flow aims for strong device authentication, without
any user interaction. My flow has some similarity to oauth client assertion
flow - https://tools.ietf.org/html/rfc7523, with modifications for
mobile
hey lose all
> their data. Also, IMHO, I don't think the private key protections you have
> in place are a net positive.
>
>
>
>
> On Mon, Nov 12, 2018 at 3:08 AM Omer Levi Hevroni
> wrote:
>
>> Ok, let me try.
>>
>> At the company where I work, we have
://blog.solutotlv.com/userless-mobile-authentication/
Does this help?
Also, thank you for your time and feedback. I appreciate it!
On Fri, Nov 9, 2018 at 1:54 AM Dick Hardt wrote:
> More detail on the scenario would help.
>
> On Fri, Nov 9, 2018 at 2:04 AM Omer Levi Hevroni wrote:
>
>> Ye
Yes, that is correct.
I'm sorry the confusion, I think this confusion is built into
oauth framework itself.
You understood well the scenario - I have an application running on an
untrusted device in an untrusted network. I looked for a way to
authenticate the requests from the device to AS.
Does it
RFC2289 A One-Time Password System <https://tools.ietf.org/html/rfc2289>
>
> Are you actually using the referenced RFC2289 (that seems to use
> H(H(H(H(…H(password + challenge + stuff)…)?
>
> I don’t think so. I think you are using normal crypto signing keys, plus a
>
Hey
My name is Omer, and I want to ask a time to present a draft I'm working on
at IETF 103. This is a new oauth extension, that suppose to allows devices
to authenticate without any user interaction. There are many use cases,
especially in IoT world, where there are devices which need a strong
aut
Hey
New version of the draft published. Looking forward to hear feedback about
it.
-- Forwarded message -
From:
Date: Thu, Aug 2, 2018 at 12:15 PM
Subject: New Version Notification for
draft-hevroni-oauth-seamless-flow-01.txt
To: Omer Levi Hevroni
A new version of I-D, draft
0.txt
To: Omer Levi Hevroni
A new version of I-D, draft-hevroni-oauth-seamless-flow-00.txt
has been successfully submitted by Omer Hevroni and posted to the
IETF repository.
Name: draft-hevroni-oauth-seamless-flow
Revision: 00
Title: Seamless OAuth 2.0 Client Assertion
Hey
After presenting the flow yesterday, I've submitted the first draft:
https://tools.ietf.org/html/draft-seamless-flow-00
I tried to answer all the question that raised during the session.
Looking forward to hear your feedback.
Omer
___
OAuth mailing li
Hey and Good Morning
I've created a first version of the draft, hope to finish it and send a
draft soon. This is the protocol I'm going to present on Wednesday OAuth WG
meeting. Feedback is highly appreciated - this is the first time I'm
writing a draft.
You can find it here:
https://soluto.github.
;
> On 14/02/18 22:48, Omer Levi Hevroni wrote:
> > Hello
> > My name is Omer, and I am working at Soluto. We wanted to find a way to
> > authenticate our mobile application, without any user interaction - as
> this
> > will affect the user experience. We developed a new
Hello
My name is Omer, and I am working at Soluto. We wanted to find a way to
authenticate our mobile application, without any user interaction - as this
will affect the user experience. We developed a new authentication flow,
similar to JWT client assertion. I've gave a talk about this flow in a f
12 matches
Mail list logo
