[resending from a registered email] Thanks again Pieter and Filip for your detailed feedback! The changes Brian listed are a direct result of your comments. In particular: Pieter, we agree with you on the need to clarify that step-up doesn't necessarily entail a straight token replacement, and we hope that the language we added resolves the ambiguity to your satisfaction.
As an FYI for the list: the step-up in OAuth topic continues to receive a lot of attention. The session I delivered last month at identiverse was one of the most attended ones, and as you can see from one of the comments in https://www.linkedin.com/posts/vittoriobertocci_oauth-identiverse-identiverse2022-activity-6945382325643796481-mFPq/, the Norwegian health sector is already considering adopting this version of the specification! That is both an indication that in its current state the document already provides a viable solution, and the need to step up (pun intended) the discussion so that we can incorporate your thoughts and contributions before we get too much instant legacy out there. Looking forward for the discussion at IETF114 On Mon, Jul 11, 2022 at 10:59 AM Vittorio Bertocci < vittorio.berto...@okta.com> wrote: > Thanks again Pieter and Filip for your detailed feedback! The changes > Brian listed are a direct result of your comments. > In particular: Pieter, we agree with you on the need to clarify that > step-up doesn't necessarily entail a straight token replacement, and we > hope that the language we added resolves the ambiguity to your satisfaction. > > As an FYI for the list: the step-up in OAuth topic continues to receive a > lot of attention. The session I delivered last month at identiverse was one > of the most attended ones, and as you can see from one of the comments in > https://www.linkedin.com/posts/vittoriobertocci_oauth-identiverse-identiverse2022-activity-6945382325643796481-mFPq/, > the Norwegian health sector is already considering adopting this version of > the specification! That is both an indication that in its current state the > document already provides a viable solution, and the need to step up (pun > intended) the discussion so that we can incorporate your thoughts and > contributions before we get too much instant legacy out there. > > Looking forward for the discussion at IETF114 > > > On Mon, Jul 11, 2022 at 6:51 AM Brian Campbell <bcampbell= > 40pingidentity....@dmarc.ietf.org> wrote: > >> *This message originated outside your organization.* >> >> ------------------------------ >> >> Just under the wire for the Internet Draft submission cut-off today, a >> new -01 revision of "OAuth 2.0 Step-up Authentication Challenge Protocol" >> has been published with the following updates (copied from the document >> history): >> >> -01 >> >> * Added AS Metadata section with pointer to acr_values_supported >> * Mention that it's not necessarily the case that a new 'stepped-up' >> token always supersedes older tokens >> * Add examples with max_age >> >> >> ---------- Forwarded message --------- >> From: <internet-dra...@ietf.org> >> Date: Mon, Jul 11, 2022 at 7:11 AM >> Subject: [OAUTH-WG] I-D Action: >> draft-ietf-oauth-step-up-authn-challenge-01.txt >> To: <i-d-annou...@ietf.org> >> Cc: <oauth@ietf.org> >> >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Web Authorization Protocol WG of the >> IETF. >> >> Title : OAuth 2.0 Step-up Authentication Challenge >> Protocol >> Authors : Vittorio Bertocci >> Brian Campbell >> Filename : draft-ietf-oauth-step-up-authn-challenge-01.txt >> Pages : 13 >> Date : 2022-07-11 >> >> Abstract: >> It is not uncommon for resource servers to require different >> authentication strengths or freshness according to the >> characteristics of a request. This document introduces a mechanism >> for a resource server to signal to a client that the authentication >> event associated with the access token of the current request doesn't >> meet its authentication requirements and specify how to meet them. >> This document also codifies a mechanism for a client to request that >> an authorization server achieve a specific authentication strength or >> freshness when processing an authorization request. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-step-up-authn-challenge/ >> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-oauth-step-up-authn-challenge/__;!!PwKahg!-_G2jLyqiqtb81WP8vUrylGOQvzd7Oh20Xr6Oj8He0OWF_j1ceUDlkkGk5Dl2JbIYy4z394M5Kzj5NTiZyHUbsvDW7Atpik$> >> >> There is also an HTML version available at: >> >> https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-01.html >> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-01.html__;!!PwKahg!-_G2jLyqiqtb81WP8vUrylGOQvzd7Oh20Xr6Oj8He0OWF_j1ceUDlkkGk5Dl2JbIYy4z394M5Kzj5NTiZyHUbsvD615_fag$> >> >> A diff from the previous version is available at: >> >> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-step-up-authn-challenge-01 >> <https://urldefense.com/v3/__https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-step-up-authn-challenge-01__;!!PwKahg!-_G2jLyqiqtb81WP8vUrylGOQvzd7Oh20Xr6Oj8He0OWF_j1ceUDlkkGk5Dl2JbIYy4z394M5Kzj5NTiZyHUbsvDVoC-9tU$> >> >> >> Internet-Drafts are also available by rsync at rsync.ietf.org: >> :internet-drafts >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/oauth__;!!PwKahg!-_G2jLyqiqtb81WP8vUrylGOQvzd7Oh20Xr6Oj8He0OWF_j1ceUDlkkGk5Dl2JbIYy4z394M5Kzj5NTiZyHUbsvDEN6rY00$> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.* >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
