As discussed on call yesterday here is my comments after review of https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13
3.1 - "Clients MUST memorize which authorization server they sent an authorization request to" - is memorize the best synonym here, perhaps store or retain is more aligned with computational language? 3.1.2 How does the draft https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-02 align with this guidance and will a future BCP update include a direct reference to the final published version of this spec? 3.5, 3.6 Since there is a reference to the MTLS draft could there also be some guidance on the usage of token exchange best practise and also for the contents of the access token to be aligned https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-02 -----Original Message----- From: OAuth <oauth-boun...@ietf.org> On Behalf Of oauth-requ...@ietf.org Sent: Donnerstag, 17. Oktober 2019 21:00 To: oauth@ietf.org Subject: OAuth Digest, Vol 132, Issue 24 Send OAuth mailing list submissions to oauth@ietf.org To subscribe or unsubscribe via the World Wide Web, visit https://www.ietf.org/mailman/listinfo/oauth or, via email, send a message with subject or body 'help' to oauth-requ...@ietf.org You can reach the person managing the list at oauth-ow...@ietf.org When replying, please edit your Subject line so it is more specific than "Re: Contents of OAuth digest..." Today's Topics: 1. Re: Virtual Interim Meeting - Nov. 4th (Daniel Fett) 2. Web Authorization Protocol (oauth) WG Virtual Meeting: 2019-11-04 (IESG Secretary) ---------------------------------------------------------------------- Message: 1 Date: Thu, 17 Oct 2019 12:35:35 +0200 From: Daniel Fett <danielf+oa...@yes.com> To: oauth@ietf.org Subject: Re: [OAUTH-WG] Virtual Interim Meeting - Nov. 4th Message-ID: <726efad4-a76c-c4dd-8a6e-b1097ac51...@yes.com> Content-Type: text/plain; charset="utf-8" I'm in as well. Am 16.10.19 um 22:46 schrieb Mike Jones: > > I would participate. > > ? > > *From:* OAuth <oauth-boun...@ietf.org> *On Behalf Of * Vineet Banga > *Sent:* Wednesday, October 16, 2019 7:19 AM > *To:* Aaron Parecki <aa...@parecki.com> > *Cc:* oauth <oauth@ietf.org> > *Subject:* Re: [OAUTH-WG] Virtual Interim Meeting - Nov. 4th > > ? > > I would like to attend as well. > > ? > > Vineet > > ? > > On Wed, Oct 16, 2019 at 6:36 AM Aaron Parecki <aa...@parecki.com > <mailto:aa...@parecki.com>> wrote: > > I'm interested as well. > > ? > > Aaron Parecki > > ? > > ? > > ? > > On Wed, Oct 16, 2019 at 3:54 AM Torsten Lodderstedt > <tors...@lodderstedt..net <mailto:tors...@lodderstedt.net>> wrote: > > Hi, > > I?m interested. > > kind regards, > Torsten. > > > On 15. Oct 2019, at 17:44, Hannes Tschofenig > <hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com>> > wrote: > > > > Hi all, > > > > we would like to hold a virtual interim meeting to discuss > the next steps regarding the OAuth 2.0 Security Best Current > Practice > (https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/ > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-oauth-security-topics%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7C2e9bf2ca971a4052178108d75243ef81%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637068324058348893&sdata=NwGEWOUYXhrOsqwmqrUnphFFe8k1XsnLzHyIMmvCeXQ%3D&reserved=0>) > draft. > > > > Time would be at our bi-weekly OAuth WG Virtual Office Hours > (i.e., 6:00 PM to 6:30 PM, (UTC+01:00) Amsterdam, Berlin, > Bern, Rome, Stockholm, Vienna). > > > > Please let us know if you are interested in the call. > > > > Ciao > > Hannes & Rifaat > > > > IMPORTANT NOTICE: The contents of this email and any > attachments are confidential and may also be privileged. If > you are not the intended recipient, please notify the sender > immediately and do not disclose the contents to any other > person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org <mailto:OAuth@ietf.org> > > https://www.ietf.org/mailman/listinfo/oauth > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > .ietf.org%2Fmailman%2Flistinfo%2Foauth&data=02%7C01%7CMichael.Jones%40 > microsoft.com%7C2e9bf2ca971a4052178108d75243ef81%7C72f988bf86f141af91a > b2d7cd011db47%7C1%7C1%7C637068324058358885&sdata=B%2BnvMjXUIcXk6SJ6T8W > OpNA9i%2BHeACHFYBku0hOQoXY%3D&reserved=0> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > .ietf.org%2Fmailman%2Flistinfo%2Foauth&data=02%7C01%7CMichael.Jones%40 > microsoft.com%7C2e9bf2ca971a4052178108d75243ef81%7C72f988bf86f141af91a > b2d7cd011db47%7C1%7C1%7C637068324058368875&sdata=%2FmKWM%2BqL9l6sVtUfT > X%2BCHxb%2FTAzX7RiBMPwnM5Ld6Jg%3D&reserved=0> > > -- > > ---- > > Aaron Parecki > > aaronparecki.com > > <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Faaro > nparecki.com&data=02%7C01%7CMichael.Jones%40microsoft.com%7C2e9bf2ca97 > 1a4052178108d75243ef81%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C63 > 7068324058378871&sdata=Ro2YHHm5OIVuwfwtSjhtf7YU0IrauEtC6%2Bym52C1tSU%3 > D&reserved=0> > > @aaronpk > > <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwit > ter.com%2Faaronpk&data=02%7C01%7CMichael.Jones%40microsoft.com%7C2e9bf > 2ca971a4052178108d75243ef81%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0 > %7C637068324058378871&sdata=z710a23WXKXSBqVjpE%2BIHqMwnpRuHm%2BVuaddDS > NnVNY%3D&reserved=0> > > ? > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > .ietf.org%2Fmailman%2Flistinfo%2Foauth&data=02%7C01%7CMichael.Jones%40 > microsoft.com%7C2e9bf2ca971a4052178108d75243ef81%7C72f988bf86f141af91a > b2d7cd011db47%7C1%7C1%7C637068324058388866&sdata=cuSE2sOuZmyqc7GTmAB1c > C%2BRvOS7tGU11jgOhjeHCmw%3D&reserved=0> > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://mailarchive.ietf.org/arch/browse/oauth/attachments/20191017/6be5bf7c/attachment.html> ------------------------------ Message: 2 Date: Thu, 17 Oct 2019 10:18:33 -0700 From: IESG Secretary <iesg-secret...@ietf.org> To: "IETF-Announce" <ietf-annou...@ietf.org> Cc: oauth@ietf.org Subject: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2019-11-04 Message-ID: <157133271343.10206.12697042949233111...@ietfa.amsl.com> Content-Type: text/plain; charset="utf-8" The Web Authorization Protocol (oauth) Working Group will hold a virtual interim meeting on 2019-11-04 from 18:00 to 19:00 Europe/Vienna. Agenda: The purpose of the meeting is to discuss the next steps regarding the OAuth 2.0 Security Best Current Practice (https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/) draft. While our OAuth WG Virtual Office Hours is only 30 minutes long, I have extended the meeting invite to an one hour (in case we need more time). Webex info: https://ietf.webex.com/ietf/j.php?MTID=ma9109b49231ef3fee527bbc24b6a285b Meeting number (access code): 643 148 548 Host key: 317086 Information about remote participation: https://ietf.webex.com/ietf/j.php?MTID=ma9109b49231ef3fee527bbc24b6a285b ------------------------------ Subject: Digest Footer _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ------------------------------ End of OAuth Digest, Vol 132, Issue 24 ************************************** This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. All incoming and outgoing e-mail messages are stored in the Swiss Re Electronic Message Repository. If you do not wish the retention of potentially private e-mails by Swiss Re, we strongly advise you not to use the Swiss Re e-mail account for any private, non-business related communications. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
