I've pushed out a -01 revision of DPoP hopefully allowing folks enough time
to read it before the interim meeting on Monday (apologies that it wasn't
sooner but the edits took longer than expected or hoped). For ease of
reference the changes in this revision are summarized below. There are, of
course, still outstanding issues and discussion points that I hope to make
some progress on during the interim meeting on Monday.


   *  Editorial updates
   *  Attempt to more formally define the DPoP Authorization header
   *  Define the 401/WWW-Authenticate challenge
   *  Added "invalid_dpop_proof" error code for DPoP errors in token
   *  Fixed up and added to the IANA section
   *  Added "dpop_signing_alg_values_supported" authorization server
   *  Moved the Acknowledgements into an Appendix and added a bunch of
      names (best effort)

---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Fri, May 1, 2020 at 12:24 PM
Subject: New Version Notification for draft-ietf-oauth-dpop-01.txt
To: Torsten Lodderstedt <tors...@lodderstedt.net>, David Waite <
da...@alkaline-solutions.com>, John Bradley <ve7...@ve7jtb.com>, Brian
Campbell <bcampb...@pingidentity.com>, Daniel Fett <m...@danielfett.de>,
Michael Jones <m...@microsoft.com>

A new version of I-D, draft-ietf-oauth-dpop-01.txt
has been successfully submitted by Brian Campbell and posted to the
IETF repository.

Name:           draft-ietf-oauth-dpop
Revision:       01
Title:          OAuth 2.0 Demonstration of Proof-of-Possession at the
Application Layer (DPoP)
Document date:  2020-05-01
Group:          oauth
Pages:          22
Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-dpop-01
Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-01

   This document describes a mechanism for sender-constraining OAuth 2.0
   tokens via a proof-of-possession mechanism on the application level.
   This mechanism allows for the detection of replay attacks with access
   and refresh tokens.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
OAuth mailing list

Reply via email to