Hi Lewis, good that you ask.
In the London IETF meeting we have proposed a plan on how to proceed with the proof-of-possession (PoP) work. John had already explained that the main document is draft-hunt-oauth-pop-architecture-00. It pains the big picture and points to the relevant documents, in particular to a) draft-bradley-oauth-pop-key-distribution b) draft-jones-oauth-proof-of-possession c) a not-yet-published HTTP signature mechanism. (a) explains how the client obtains keys from the authorization server. (b) describes a mechanism for binding a key to the access token. (c) illustrates the procedure for the client to interact with the resource server (based on the PoP mechanism). These documents replace prior work on draft-ietf-oauth-v2-http-mac-05 and draft-tschofenig-oauth-hotk-03. We are getting closer to have all relevant parts published. Ciao Hannes On 04/24/2014 05:14 PM, Lewis Adam-CAL022 wrote: > Hi, > > > > Lots of crypto drafts on OAuth popping up that I need to come up to > speed on. > > draft-bradley-oauth-pop-key-distribution-00 > <http://datatracker.ietf.org/doc/draft-bradley-oauth-pop-key-distribution/> > > draft-hunt-oauth-pop-architecture-00 > <http://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/> > > draft-jones-oauth-proof-of-possession-00 > <http://datatracker.ietf.org/doc/draft-jones-oauth-proof-of-possession/> > > draft-sakimura-oauth-rjwtprof-01 > <http://datatracker.ietf.org/doc/draft-sakimura-oauth-rjwtprof/> > > draft-sakimura-oauth-tcse-03 > <http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse/> > > draft-tschofenig-oauth-hotk-03 > <http://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk/> > > > > Glad to see all the work, but is there a preferred reading order here? > Which ones build on each other vs. which ones are out there on their own? > > > > > > -adam > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
