Hi all, This version includes some minor editorial fixes and a new wording for disallowing insecure redirect URIs, as discussed on yesterday's call.
I would kindly ask the chairs to start a WGLC on this version. Given the nature of a Best Current Practice document and the relatively broad topic, there will always be more things to add to this document. In order to deliver this document, it would be great if we could come to the consensus that after this WGLC any attacks, mitigations, and security topics not covered in draft-ietf-oauth-security-topics-18 go into a future update of the BCP. Exceptions would be grave oversights in proposed mitigations, factual errors, and anything coming up in the IETF process after WGLC, of course. Cheers, Daniel Am 13.04.21 um 16:34 schrieb internet-dra...@ietf.org: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth 2.0 Security Best Current Practice > Authors : Torsten Lodderstedt > John Bradley > Andrey Labunets > Daniel Fett > Filename : draft-ietf-oauth-security-topics-18.txt > Pages : 53 > Date : 2021-04-13 > > Abstract: > This document describes best current security practice for OAuth 2.0. > It updates and extends the OAuth 2.0 Security Threat Model to > incorporate practical experiences gathered since OAuth 2.0 was > published and covers new threats relevant due to the broader > application of OAuth 2.0. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-18.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-security-topics-18 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth -- https://danielfett.de
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
