[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-dpop-10.txt

Mon, 11 Jul 2022 07:29:41 -0700 

Although there are still a number of open items from the shepherd review
that we plan on hashing out in Philly
<https://mailarchive.ietf.org/arch/msg/oauth/9HwzN_F5IALDkvfRwUCBDTzDGG8/>,
there have also been a few changes in the source recently. So, inspired by
the Internet Draft submission cut-off today, I decided to post a DPoP -10
to get those changes out in the interim.

   -10

   *  Updates addressing some shepherd review comments
   *  Update HTTP references as RFCs 723x have been superseded by RFC
      9110
   *  Editorial fixes
   *  Added some clarifications, etc. around nonce
   *  Added client considerations subsection
   *  Use bullets rather than numbers in Checking DPoP Proofs so as not
      to imply specific order
   *  Added notes/reminders about browser-based client applications
      using CORS needing access to response headers
   *  Added a JWT claims registry update request for "nonce" to (better)
      allow for more general use in other contexts


---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Mon, Jul 11, 2022 at 7:55 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-10.txt
To: <i-d-annou...@ietf.org>
Cc: <oauth@ietf.org>



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : OAuth 2.0 Demonstrating Proof-of-Possession at
the Application Layer (DPoP)
        Authors         : Daniel Fett
                          Brian Campbell
                          John Bradley
                          Torsten Lodderstedt
                          Michael Jones
                          David Waite
  Filename        : draft-ietf-oauth-dpop-10.txt
  Pages           : 43
  Date            : 2022-07-11

Abstract:
   This document describes a mechanism for sender-constraining OAuth 2.0
   tokens via a proof-of-possession mechanism on the application level.
   This mechanism allows for the detection of replay attacks with access
   and refresh tokens.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-10.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-10


Internet-Drafts are also available by rsync at rsync.ietf.org:
:internet-drafts


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to