I agree with Phil. As currently described it replicates a lot of the work we have done in PoP.
Ciao Hannes On 12/06/2014 09:52 AM, John Bradley wrote: > No, this is the the work formerly known as origin bound certificates & > Channel ID. We need this to bind id_tokens and or access tokens to TLS > sessions. > > So it is an alternative TLS binding mechanism. We still need to describe > how to use it with OAuth and JWT. > > It is a building block we can use for PoP. > > John B. >> On Dec 5, 2014, at 10:48 PM, Phil Hunt <phil.h...@oracle.com> wrote: >> >> Doesn't that duplicate our current work? >> >> Phil >> >>> On Dec 5, 2014, at 11:17, Hannes Tschofenig <hannes.tschofe...@gmx.net> >>> wrote: >>> >>> >>> >>> >>> -------- Forwarded Message -------- >>> Subject: [websec] unbearable - new mailing list to discuss better than >>> bearer tokens... >>> Date: Fri, 05 Dec 2014 16:43:19 +0000 >>> From: Stephen Farrell <stephen.farr...@cs.tcd.ie> >>> Reply-To: Stephen Farrell <stephen.farr...@cs.tcd.ie> >>> To: s...@ietf.org <s...@ietf.org>, websec <web...@ietf.org>, >>> u...@ietf.org <u...@ietf.org>, ietf-http...@w3.org Group >>> <ietf-http...@w3.org>, http-a...@ietf.org <http-a...@ietf.org> >>> >>> >>> Hiya, >>> >>> Following up on the presentation at IETF-91 on this topic, [1] >>> we've created a new list [2] for moving that along. The list >>> description is: >>> >>> "This list is for discussion of proposals for doing better than bearer >>> tokens (e.g. HTTP cookies, OAuth tokens etc.) for web applications. >>> The specific goal is chartering a WG focused on preventing security >>> token export and replay attacks." >>> >>> If you're interested please join in. >>> >>> Thanks to Vinod and Andrei for agreeing to admin the list. >>> >>> We'll kick off discussion in a few days when folks have had >>> a chance to subscribe. >>> >>> Cheers, >>> S. >>> >>> PS: Please don't reply-all to this, join the new list, wait >>> a few days and then say what you need to say:-) >>> >>> [1] https://tools.ietf.org/agenda/91/slides/slides-91-uta-2.pdf >>> [2] https://www.ietf.org/mailman/listinfo/unbearable >>> >>> _______________________________________________ >>> websec mailing list >>> web...@ietf.org >>> https://www.ietf.org/mailman/listinfo/websec >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
