Yes it did, as part of the PoP suite. It's the current stab at an HTTP presentation mechanism for PoP tokens.
-- Justin On Dec 22, 2014, at 11:21 AM, Bill Mills <wmills_92...@yahoo.com<mailto:wmills_92...@yahoo.com>> wrote: Did this get adopted as a WG item already and I missed it? On Monday, December 22, 2014 4:33 AM, Justin Richer <jric...@mit.edu<mailto:jric...@mit.edu>> wrote: That's easy: any headers. That's why the signer specifies which ones. Would be good to have since guidance tough, and examples. -- Justin / Sent from my phone / -------- Original message -------- From: Sergey Beryozkin <sberyoz...@gmail.com<mailto:sberyoz...@gmail.com>> Date:12/22/2014 7:08 AM (GMT-05:00) To: oauth@ietf.org<mailto:oauth@ietf.org> Cc: Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signed-http-request-00.txt Hi Justin I see a fair bit of interest toward this work now being shown from my colleagues; it would help if the next draft could clarify which HTTP headers can be signed given it is difficult to get hold of some of HTTP headers typically created by a low level HTTP transport component. Thanks, Sergey On 21/07/14 14:58, internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol Working Group > of the IETF. > > Title : A Method for Signing an HTTP Requests for OAuth > Authors : Justin Richer > John Bradley > Hannes Tschofenig > Filename : draft-ietf-oauth-signed-http-request-00.txt > Pages : 11 > Date : 2014-07-21 > > Abstract: > This document a method for offering data origin authentication and > integrity protection of HTTP requests. To convey the relevant data > items in the request a JSON-based encapsulation is used and the JSON > Web Signature (JWS) technique is re-used. JWS offers integrity > protection using symmetric as well as asymmetric cryptography. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at > tools.ietf.org<http://tools.ietf.org>. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org<mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
