Draft -04 of OAuth 2.0 Token Binding
<https://tools.ietf.org/html/draft-ietf-oauth-token-binding-04> has been
published with the following updates:
o Define how to convey token binding information of an access token
via RFC 7662 OAuth 2.0 Token Introspection (note that the
Introspection Response Registration request for cnf/Confirmation
is in https://tools.ietf.org/html/draft-ietf-oauth-mtls-02#section-4.3
which will likely be published and registered prior
to this document).
o Minor editorial fixes.
o Added an open issue about needing to allow for web server clients
to opt-out of having refresh tokens bound while still allowing for
binding of access tokens (following from mention of the problem on
slide 16 of the presentation from Chicago
https://www.ietf.org/proceedings/98/slides/slides-98-oauth-sessb-
<https://www.ietf.org/proceedings/98/slides/slides-98-oauth-sessb-token-binding-00.pdf>
token-binding-00.pdf
<https://www.ietf.org/proceedings/98/slides/slides-98-oauth-sessb-token-binding-00.pdf>).
---------- Forwarded message ----------
From: <internet-dra...@ietf.org>
Date: Mon, Jul 3, 2017 at 6:31 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-04.txt
To: i-d-annou...@ietf.org
Cc: oauth@ietf.org
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : OAuth 2.0 Token Binding
Authors : Michael B. Jones
John Bradley
Brian Campbell
William Denniss
Filename : draft-ietf-oauth-token-binding-04.txt
Pages : 27
Date : 2017-07-03
Abstract:
This specification enables OAuth 2.0 implementations to apply Token
Binding to Access Tokens, Authorization Codes, and Refresh Tokens.
This cryptographically binds these tokens to a client's Token Binding
key pair, possession of which is proven on the TLS connections over
which the tokens are intended to be used. This use of Token Binding
protects these tokens from man-in-the-middle and token export and
replay attacks.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-04
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-binding-04
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-binding-04
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you.*
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
