Hi all,
the new version of the security document is mostly dedicated to the
alignment with the core draft -22.
* Alignment of terminology with core draft 22 (private/public client,
redirect URI validation policy, replaced definition of the client
categories by reference to respective core section)
* Synchronisation with the core's security consideration section
(UPDATE 10.12 CSRF, NEW 10.14/15)
* Added Resource Owner Impersonation
* Improved section 5
* Renamed Refresh Token Replacement to Refresh Token Rotation
Thanks to all people involved!
regards,
Torsten.
Am 26.10.2011 21:11, schrieb internet-dra...@ietf.org:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Threat Model and Security Considerations
Author(s) : Torsten Lodderstedt
Mark McGloin
Phil Hunt
Filename : draft-ietf-oauth-v2-threatmodel-01.txt
Pages : 64
Date : 2011-10-26
This document gives security considerations based on a comprehensive
threat model for the OAuth 2.0 Protocol.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-threatmodel-01.txt
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
