Hi all, does anyone have free cycles to review draft-ietf-tram-turn-third-party-authz, which happens to use OAuth 2.0 in a way that is similar to the proof-of-possession work with a new access token format.
Ciao Hannes -------- Forwarded Message -------- Subject: [saag] tram draft - anyone willing to help out? Date: Fri, 06 Mar 2015 15:43:57 +0000 From: Stephen Farrell <stephen.farr...@cs.tcd.ie> To: s...@ietf.org <s...@ietf.org> Hiya, There's a draft in IESG eval that attracted a bunch of perhaps fundamental discusses and comments [1] about its security properties. I think this may be one where the authors could do with a bit more help from the security mafia^H^H^H^H^Hcommunity. (I looked at their wg list and only see a v. thin smattering of names I'd recognise from this list.) So if you're willing and have a little time, please let me know and/or get in touch with the authors. And btw - this might not seem so important but I'd worry it may end up being a major source of system level vulnerabilities for WebRTC deployments if we get it wrong and many sites don't deploy usefully good security for this bit of the WebRTC story. Thanks in advance, S. [1] https://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party-authz/ballot/ _______________________________________________ saag mailing list s...@ietf.org https://www.ietf.org/mailman/listinfo/saag
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
