Re: [OAUTH-WG] HOTK/POP/etc drafts

[Sergey Beryozkin]

Hi Hannes

Is the MAC token effort you were leading still on the map ?

Thanks, Sergey

On 24/04/14 20:42, Hannes Tschofenig wrote:

Btw, the HTTP signature mechanism now also got published as
http://tools.ietf.org/html/draft-richer-oauth-signed-http-request-01

I think we now have a pretty good collection of documents to look at.

Ciao
Hannes


On 04/24/2014 06:40 PM, Hannes Tschofenig wrote:

Hi Lewis,

good that you ask.

In the London IETF meeting we have proposed a plan on how to proceed
with the proof-of-possession (PoP) work.

John had already explained that the main document is
draft-hunt-oauth-pop-architecture-00. It pains the big picture and
points to the relevant documents, in particular to
  a) draft-bradley-oauth-pop-key-distribution
  b) draft-jones-oauth-proof-of-possession
  c) a not-yet-published HTTP signature mechanism.

(a) explains how the client obtains keys from the authorization server.
(b) describes a mechanism for binding a key to the access token.
(c) illustrates the procedure for the client to interact with the
resource server (based on the PoP mechanism).

These documents replace prior work on draft-ietf-oauth-v2-http-mac-05
and draft-tschofenig-oauth-hotk-03.

We are getting closer to have all relevant parts published.

Ciao
Hannes

On 04/24/2014 05:14 PM, Lewis Adam-CAL022 wrote:

Hi,



Lots of crypto drafts on OAuth popping up that I need to come up to
speed on.

draft-bradley-oauth-pop-key-distribution-00
<http://datatracker.ietf.org/doc/draft-bradley-oauth-pop-key-distribution/>

draft-hunt-oauth-pop-architecture-00
<http://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/>

draft-jones-oauth-proof-of-possession-00
<http://datatracker.ietf.org/doc/draft-jones-oauth-proof-of-possession/>

draft-sakimura-oauth-rjwtprof-01
<http://datatracker.ietf.org/doc/draft-sakimura-oauth-rjwtprof/>

draft-sakimura-oauth-tcse-03
<http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse/>

draft-tschofenig-oauth-hotk-03
<http://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk/>



Glad to see all the work, but is there a preferred reading order here?
Which ones build on each other vs. which ones are out there on their own?





-adam



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth