Thanks, Phil. Hopefully we can wrap up that discussion soon as well. Best regards, Kathleen
On Tue, Nov 24, 2015 at 3:07 PM, Phil Hunt <phil.h...@oracle.com> wrote: > This draft addresses review comments from Kathleen and Erik raised since the > last draft. > > It may not include some of the discussion from yesterday/today. I will add > that as the group decides. > > Cheers, > > Phil > > @independentid > www.independentid.com > phil.h...@oracle.com > >> On Nov 24, 2015, at 12:05 PM, internet-dra...@ietf.org wrote: >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Web Authorization Protocol Working Group of >> the IETF. >> >> Title : OAuth 2.0 Proof-of-Possession (PoP) Security >> Architecture >> Authors : Phil Hunt >> Justin Richer >> William Mills >> Prateek Mishra >> Hannes Tschofenig >> Filename : draft-ietf-oauth-pop-architecture-06.txt >> Pages : 23 >> Date : 2015-11-24 >> >> Abstract: >> The OAuth 2.0 bearer token specification, as defined in RFC 6750, >> allows any party in possession of a bearer token (a "bearer") to get >> access to the associated resources (without demonstrating possession >> of a cryptographic key). To prevent misuse, bearer tokens must be >> protected from disclosure in transit and at rest. >> >> Some scenarios demand additional security protection whereby a client >> needs to demonstrate possession of cryptographic keying material when >> accessing a protected resource. This document motivates the >> development of the OAuth 2.0 proof-of-possession security mechanism. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-06 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-architecture-06 >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > -- Best regards, Kathleen _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
