Hello WG,
Just a quick note to let folks know that -03 of the DPoP draft was
published earlier today. The usual various document links are in the
forwarded message below and the relevant snippet from the doc history with
a summary of the changes is included here for convenience.
Hopefully folks will have time to read the (relativity) short document
before the meeting(s) in Singapore where (spoiler alert) I plan to ask that
the WG consider adoption of the draft.
Thanks,
-03
o rework the text around uniqueness requirements on the jti claim in
the DPoP proof JWT
o make tokens a bit smaller by using "htm", "htu", and "jkt" rather
than "http_method", "http_uri", and "jkt#S256" respectively
o more explicit recommendation to use mTLS if that is available
o added David Waite as co-author
o editorial updates
---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Thu, Oct 31, 2019 at 11:53 AM
Subject: New Version Notification for draft-fett-oauth-dpop-03.txt
To: Torsten Lodderstedt <tors...@lodderstedt.net>, Michael Jones <
m...@microsoft.com>, John Bradley <ve7...@ve7jtb.com>, Brian Campbell <
bcampb...@pingidentity.com>, David Waite <da...@alkaline-solutions.com>,
Daniel Fett <m...@danielfett.de>
A new version of I-D, draft-fett-oauth-dpop-03.txt
has been successfully submitted by Brian Campbell and posted to the
IETF repository.
Name: draft-fett-oauth-dpop
Revision: 03
Title: OAuth 2.0 Demonstration of Proof-of-Possession at the
Application Layer (DPoP)
Document date: 2019-10-30
Group: Individual Submission
Pages: 15
URL:
https://www.ietf.org/internet-drafts/draft-fett-oauth-dpop-03.txt
Status: https://datatracker.ietf.org/doc/draft-fett-oauth-dpop/
Htmlized: https://tools.ietf.org/html/draft-fett-oauth-dpop-03
Htmlized: https://datatracker.ietf.org/doc/html/draft-fett-oauth-dpop
Diff: https://www.ietf.org/rfcdiff?url2=draft-fett-oauth-dpop-03
Abstract:
This document describes a mechanism for sender-constraining OAuth 2.0
tokens via a proof-of-possession mechanism on the application level.
This mechanism allows for the detection of replay attacks with access
and refresh tokens.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
