Hannes I would like to propose a brief presentation on "events". While this might not end up being oauth wg activity, I think a lot of attendees may be interested.
We might make this one of those if we have time topics. Phil > On Jan 15, 2016, at 12:15, Hannes Tschofenig <hannes.tschofe...@gmx.net> > wrote: > > Hi Barry, > > as discussed today I am forwarding you the new charter text for the > OAuth working group. > > In parallel to the IESG processing this re-chartering request we will > run a call for adoption to also update the milestone list at the same time. > > Ciao > Hannes & Derek > > -------------------------- > > Charter Text > > The Web Authorization (OAuth) protocol allows a user to grant a > third-party Web site or application access to the user's protected > resources, without necessarily revealing their long-term credentials, > or even their identity. For example, a photo-sharing site that > supports OAuth could allow its users to use a third-party printing Web > site to print their private pictures, without allowing the printing > site to gain full control of the user's account and without having the > user share his or her photo-sharing sites' long-term credential with > the printing site. > > The OAuth 2.0 protocol suite already includes > > * a procedure for enabling a client to register with an authorization > server, > * a protocol for obtaining authorization tokens from an authorization > server with the resource owner's consent, and > * protocols for presenting these authorization tokens to protected > resources for access to a resource. > > This protocol suite has been enhanced with functionality for > interworking with legacy identity infrastructure (e.g., SAML), token > revocation, token exchange, dynamic client registration, token > introspection, a standardized token format with the JSON Web Token, and > specifications that mitigate security attacks, such as Proof Key for > Code Exchange. > > The ongoing standardization efforts within the OAuth working group > focus on increasing interoperability of OAuth deployments and to > improve security. More specifically, the working group is defining proof > of possession tokens, developing a discovery mechanism, providing > guidance for the use of OAuth with native apps, re-introducing > the device flow used by devices with limited user interfaces, additional > security enhancements for clients communicating with multiple service > providers, definition of claims used with JSON Web Tokens, techniques to > mitigate open redirector attacks, as well as guidance on encoding state > information. > > For feedback and discussion about our specifications please > subscribe to our public mailing list at <oauth AT ietf.org>. > > For security related bug reports that relate to our specifications > please contact <oauth-security-reports AT ietf.org>. If the reported > bug report turns out to be implementation-specific we will attempt > to forward it to the appropriate developers. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
