Hi all, the new revision adds an extensive section on access token leakage at the resource server (https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03#section-4.4 <https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03#section-4.4>). I tried to incorporate all contributions and feedback given at the OAuth security workshop and the WG session in Prague.
Please give us feedback. kind regards, Torsten. > Am 10.09.2017 um 19:22 schrieb internet-dra...@ietf.org: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth Security Topics > Authors : Torsten Lodderstedt > John Bradley > Andrey Labunets > Filename : draft-ietf-oauth-security-topics-03.txt > Pages : 27 > Date : 2017-09-10 > > Abstract: > This draft gives a comprehensive overview on open OAuth security > topics. It is intended to serve as a working document for the OAuth > working group to systematically capture and discuss these security > topics and respective mitigations and eventually recommend best > current practice and also OAuth extensions needed to cope with the > respective security threats. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03 > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-security-topics-03 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
