-07 is a pretty minor update to OAuth 2.0 Token Binding. Changes copied
from the doc history are listed below for easy/lazy reference.
draft-ietf-oauth-token-binding-07
o Explicitly state that the base64url encoding of the tbh value
doesn't include any trailing pad characters, line breaks,
whitespace, etc.
o Update to latest references for tokbind drafts and draft-ietf-
oauth-discovery.
o Update reference to Implementation Considerations in draft-ietf-
tokbind-https, which is section 6 rather than 5.
o Try to tweak text that references specific sections in other
documents so that the HTML generated by the ietf tools doesn't
link to the current document (based on old suggestion from Barry
https://www.ietf.org/mail-archive/web/jose/current/msg04571.html).
---------- Forwarded message ---------
From: <[email protected]>
Date: Fri, Jun 22, 2018 at 12:51 PM
Subject: New Version Notification for draft-ietf-oauth-token-binding-07.txt
A new version of I-D, draft-ietf-oauth-token-binding-07.txt
has been successfully submitted by Brian Campbell and posted to the
IETF repository.
Name: draft-ietf-oauth-token-binding
Revision: 07
Title: OAuth 2.0 Token Binding
Document date: 2018-06-21
Group: oauth
Pages: 31
URL: https://www.ietf.org/internet-drafts/draft-ietf-oauth-token-
binding-07.txt
Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-token-bin
ding/
Htmlized: https://tools.ietf.org/html/draft-ietf-oauth-token-binding-
07
Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-toke
n-binding
Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-bi
nding-07
Abstract:
This specification enables OAuth 2.0 implementations to apply Token
Binding to Access Tokens, Authorization Codes, Refresh Tokens, JWT
Authorization Grants, and JWT Client Authentication. This
cryptographically binds these tokens to a client's Token Binding key
pair, possession of which is proven on the TLS connections over which
the tokens are intended to be used. This use of Token Binding
protects these tokens from man-in-the-middle and token export and
replay attacks.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
