Hi all, as you have seen from my previous mail we are currently in the process of rechartering the working group. We are doing this to pick up some new work given the progress we have made over the last couple of months and to also take into account recent work that help to increase interoperability of OAuth 2.0 deployments but also to provide bug fixes.
While we have the rechartering discussions we also have to complete the currently scheduled work items. Here is a short update on where we are with our WG items: --- Token Exchange --- The specification was updated mid December to reflect the decisions at the Prague IETF meeting. In addition to the update of the open issue resolution Brian, John and Chuck joined the authors list for their contributions. Please take a look at the updated draft and let us know whether the document is ready for WGLC. Here are the minutes from the Prague IETF meeting: https://www.ietf.org/proceedings/93/minutes/minutes-93-oauth I would need a few volunteers to review the document. Here is the draft: https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-03 --- OAuth 2.0 JWT Authorization Request --- The chairs issued a WGLC on this document and several issues have been raised. John & Nat are in charge of addressing those comments and I have asked Nat to collect the open issues and to post them to the list. This should give us an idea where we are right now with the document and how to resolve the open issues. --- Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) --- This document has been approved by the IESG already for publication, as you have seen here: http://www.ietf.org/mail-archive/web/oauth/current/msg15325.html --- OAuth 2.0 Proof-of-Possession (PoP) Security Architecture --- This document is already in IESG processing but I have asked Kathleen to delay the publication given that we ran into scoping issues, as discussed on the list. See http://www.ietf.org/mail-archive/web/oauth/current/msg15177.html I will post a separate mail to the list to discuss a way forward for this document. --- OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution --- This document is on-hold, pending the completion of the architecture. --- HTTP Signing --- The draft that describes the solution has expired but Justin presented the work and the open issues at the Yokohama IETF meeting (see https://www.ietf.org/proceedings/94/slides/slides-94-oauth-3.pdf). I will also post a separate mail about how to proceed with it. Ciao Hannes & Derek
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
