[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-dpop-12.txt

Thu, 29 Dec 2022 04:53:04 -0800 

This -12 revision has updates addressing the AD review comments and a few
other minor things that came up during that time.

   -12

   *  Updates from Roman Danyliw's AD review
   *  DPoP-Nonce now included in HTTP header field registration request
   *  Fixed section reference to URI Scheme-Based Normalization
   *  Attempt to better describe the rationale for SHA-256 only and
      expectations for how hash algorithm agility would be achieved if
      needed in the future
   *  Elaborate on the use of multiple WWW-Authenticate challenges by
      protected resources
   *  Fix access token request examples that were missing a client_id


---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Thu, Dec 29, 2022 at 5:43 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dpop-12.txt
To: <i-d-annou...@ietf.org>
Cc: <oauth@ietf.org>



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : OAuth 2.0 Demonstrating Proof-of-Possession at
the Application Layer (DPoP)
        Authors         : Daniel Fett
                          Brian Campbell
                          John Bradley
                          Torsten Lodderstedt
                          Michael Jones
                          David Waite
  Filename        : draft-ietf-oauth-dpop-12.txt
  Pages           : 46
  Date            : 2022-12-29

Abstract:
   This document describes a mechanism for sender-constraining OAuth 2.0
   tokens via a proof-of-possession mechanism on the application level.
   This mechanism allows for the detection of replay attacks with access
   and refresh tokens.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-12.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-dpop-12


Internet-Drafts are also available by rsync at rsync.ietf.org:
:internet-drafts


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to