subject:"\[OAUTH\-WG\] About Big Brother and draft\-campbell\-oauth\-resource\-indicators\-00"

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-22 Thread George Fletcher

Hi Denis, If I understand your arguments correctly, you'd like a way to ask the AS to add an RS supplied nonce to the access_token. This is done in OpenID Connect with the id_token but nothing like this exists within OAuth2. Largely because the entity asking for the token (client) is

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-22 Thread Denis

Hi John, The privacy problem is a touch hypothetical the way that OAuth currently works. There is not standard access token, a AS producing access tokens that could be used across a number of RS in different security domains would be a security disaster, unless they are proof of possession

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-22 Thread Mike Jones

rom: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Steinegger, Roland Heinz (TM) Sent: Friday, November 18, 2016 12:49 AM To: oauth@ietf.org Subject: Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00 On the new parameter. I agree. The description of a "Collision

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-22 Thread John Bradley

The privacy problem is a touch hypothetical the way that OAuth currently works. There is not standard access token, a AS producing access tokens that could be used across a number of RS in different security domains would be a security disaster, unless they are proof of possession tokens. If

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-22 Thread Denis

Hi Hannes, I do not deny the fact that it is necessary to provide some information to the authorization server to indicate the resource server where the access token shall only be used. Let us illustrate the concept with a simple scenario. A user first connects to a resource server and

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-22 Thread Hannes Tschofenig

Hi Denis draft-campbell-oauth-resource-indicators gives the authorization server information about the resource server the access token will be used with. Without this information there is the risk that the access token is replayed at other resource servers and with the proof-of-possession /

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-18 Thread Denis

otect. Hence, a logical name can be an absolute URI or a String as well. Regards Vivek Biswas, CISSP Consulting Member, Security Oracle Corporation. *From:* Denis [mailto:denis.i...@free.fr] *Sent:* Tuesday, November 15, 2016 3:50 AM *To:* oauth@ietf.org *Subject:* [OAUTH-WG] About Big Brother and

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-18 Thread Steinegger, Roland Heinz (TM)

y not be a problem from my point of view. > Date: Thu, 17 Nov 2016 11:25:15 -0800 > From: Jim Willeke <j...@willeke.com> > To: oauth@ietf.org > Subject: Re: [OAUTH-WG] About Big Brother and > draft-campbell-oauth-resource-indicators-00 > > I liked the usage in h

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-17 Thread Jim Willeke

a String as well. > > Regards > Vivek Biswas, CISSP > Consulting Member, Security > Oracle Corporation. > > > > *From:* Denis [mailto:denis.i...@free.fr] > *Sent:* Tuesday, November 15, 2016 3:50 AM > *To:* oauth@ietf.org > *Subject:* [OAUTH-WG] About Big Brother

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-17 Thread Vivek Biswas

e can be an absolute URI or a String as well. Regards Vivek Biswas, CISSP Consulting Member, Security Oracle Corporation. From: Denis [mailto:denis.i...@free.fr] Sent: Tuesday, November 15, 2016 3:50 AM To: oauth@ietf.org Subject: [OAUTH-WG] About Big Brother and draft-campbell-oauth-res

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-15 Thread Brian Campbell

In this document the information is very much intended for the authorization server so that it can make appropriate policy choices about the token to be issued. On Tue, Nov 15, 2016 at 4:50 AM, Denis wrote: > Hello everybody, > > Since I am not present at the meeting, I read

[OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

2016-11-15 Thread Denis

Hello everybody, Since I am not present at the meeting, I read the minutes from the first session, in particular: Brian Campbell and John did a draft allowing the client to tell the AS where it plans to use the token draft-campbell-oauth-resource-indicators This

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

Re: [OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

[OAUTH-WG] About Big Brother and draft-campbell-oauth-resource-indicators-00

12 matches

Site Navigation

Mail list logo

Footer information