What was wrong with HOK? Aside: Why was “the” so important in HOTK?
Phil @independentid www.independentid.com phil.h...@oracle.com On Apr 3, 2014, at 9:37 AM, Anil Saldhana <anil.saldh...@redhat.com> wrote: > Prateek, > why not just use "proof"? > > draft-hunt-oauth-proof-architecture-00.txt > > Is that allowed by IETF? > > > Regards, > Anil > > On 04/03/2014 11:30 AM, Prateek Mishra wrote: >> "key confirmed" or "key confirmation" is another term that is widely used >> for these use-cases >>> I really *like* the name "proof of possession", but I think the acronym PoP >>> is going to be confused with POP. HOTK has the advantage of not being a >>> homonym for aything else. What about "Possession Proof"? >>> >>> -bill >>> >>> >>> -------------------------------- >>> William J. Mills >>> "Paranoid" MUX Yahoo! >>> >>> On Thursday, April 3, 2014 1:38 AM, "internet-dra...@ietf.org" >>> <internet-dra...@ietf.org> wrote: >>> >>> A new version of I-D, draft-hunt-oauth-pop-architecture-00.txt >>> has been successfully submitted by Hannes Tschofenig and posted to the >>> IETF repository. >>> >>> Name: draft-hunt-oauth-pop-architecture >>> Revision: 00 >>> Title: OAuth 2.0 Proof-of-Possession (PoP) Security Architecture >>> Document date: 2014-04-03 >>> Group: Individual Submission >>> Pages: 21 >>> URL: >>> http://www.ietf.org/internet-drafts/draft-hunt-oauth-pop-architecture-00.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/ >>> Htmlized: >>> http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00 >>> >>> >>> Abstract: >>> The OAuth 2.0 bearer token specification, as defined in RFC 6750, >>> allows any party in possession of a bearer token (a "bearer") to get >>> access to the associated resources (without demonstrating possession >>> of a cryptographic key). To prevent misuse, bearer tokens must to be >>> protected from disclosure in transit and at rest. >>> >>> Some scenarios demand additional security protection whereby a client >>> needs to demonstrate possession of cryptographic keying material when >>> accessing a protected resource. This document motivates the >>> development of the OAuth 2.0 proof-of-possession security mechanism. >>> >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> The IETF Secretariat >>> >>> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
