oauth-requ...@ietf.org schrieb:
>Send OAuth mailing list submissions to > oauth@ietf.org > >To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/oauth >or, via email, send a message with subject or body 'help' to > oauth-requ...@ietf.org > >You can reach the person managing the list at > oauth-ow...@ietf.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of OAuth digest..." > > >Today's Topics: > > 1. Fwd: Last Call: <draft-ietf-kitten-sasl-oauth-22.txt> (A set > of SASL Mechanisms for OAuth) to Proposed Standard (Benjamin Kaduk) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Thu, 30 Apr 2015 14:37:35 -0400 (EDT) >From: Benjamin Kaduk <ka...@mit.edu> >To: oauth@ietf.org >Subject: [OAUTH-WG] Fwd: Last Call: > <draft-ietf-kitten-sasl-oauth-22.txt> (A set of SASL Mechanisms for > OAuth) to Proposed Standard >Message-ID: <alpine.gso.1.10.1504301434550.22...@multics.mit.edu> >Content-Type: TEXT/PLAIN; charset=US-ASCII > >Hi all, > >I just wanted to call attention to this IETF Last Call; there were some >changes since the -18 which is the last one that we sent to this list. > >-Ben > >---------- Forwarded message ---------- >Date: Thu, 30 Apr 2015 14:31:47 -0400 >From: The IESG <iesg-secret...@ietf.org> >Reply-To: i...@ietf.org >To: IETF-Announce <ietf-annou...@ietf.org> >Cc: kit...@ietf.org >Subject: [kitten] Last Call: <draft-ietf-kitten-sasl-oauth-22.txt> (A set of > SASL Mechanisms for OAuth) to Proposed Standard > > >The IESG has received a request from the Common Authentication Technology >Next Generation WG (kitten) to consider the following document: >- 'A set of SASL Mechanisms for OAuth' > <draft-ietf-kitten-sasl-oauth-22.txt> as Proposed Standard > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send substantive comments to the >i...@ietf.org mailing lists by 2015-05-14. Exceptionally, comments may be >sent to i...@ietf.org instead. In either case, please retain the >beginning of the Subject line to allow automated sorting. > >Abstract > > > OAuth enables a third-party application to obtain limited access to a > protected resource, either on behalf of a resource owner by > orchestrating an approval interaction, or by allowing the third-party > application to obtain access on its own behalf. > > This document defines how an application client uses credentials > obtained via OAuth over the Simple Authentication and Security Layer > (SASL) to access a protected resource at a resource serve. Thereby, > it enables schemes defined within the OAuth framework for non-HTTP- > based application protocols. > > Clients typically store the user's long-term credential. This does, > however, lead to significant security vulnerabilities, for example, > when such a credential leaks. A significant benefit of OAuth for > usage in those clients is that the password is replaced by a shared > secret with higher entropy, i.e., the token. Tokens typically > provide limited access rights and can be managed and revoked > separately from the user's long-term password. > > > > >The file can be obtained via >https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/ > >IESG discussion can be tracked via >https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/ballot/ > > >No IPR declarations have been submitted directly on this I-D. > >This defines a way to use the obsolete OAUTH1.0a mechanism >as well an OAUTH2 mechanism. That is deliberate and reasonable. > >_______________________________________________ >Kitten mailing list >kit...@ietf.org >https://www.ietf.org/mailman/listinfo/kitten > > > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > >------------------------------ > >End of OAuth Digest, Vol 78, Issue 31 >************************************* _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
