Hi all, earlier this month we issued a call for adoption of the OAuth security topics draft, see draft-lodderstedt-oauth-security-topics-00, and the response was quite positive on the list (as well as during the last f2f meeting).
For this reason, we ask the authors to submit a WG version of the document and to discuss new content for the document in preparation for the next meeting. Note that the intention of the document is to discuss security topics as they relate to the work in the OAuth working group. As this initial document already does, it describes a problem statement and outlines various ways to mitigate the problems. I expect the working group to decide which solution approach is most appropriate and to detail it (at a specification level) in a separate document (some of those documents already exist in the working group). This should help us make decisions that are not just point solutions for specific problems but rather consider the big picture. Ciao Hannes & Derek
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
