Hi Nat, the Secure BCP defines sender-constrained access tokens and (I think) gives a comprehensive description of the attacks prevented by sender-constrained access tokens.
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-22#name-misuse-of-stolen-access-tok Do you think there is anything missing? best regards, Torsten. Am 27. März 2023, 13:48 +0900 schrieb Nat Sakimura <sakim...@gmail.com>: > Hi Rifaat, > > Here is my slides on the OAuth 2.0 Proof-of-Possession (PoP) Security > Architecture discussion. > Sorry for being so late in delivering it! > > Best, > > Nat Sakimura > > > > On Sat, Feb 11, 2023 at 9:56 PM Rifaat Shekh-Yusef > > <rifaat.s.i...@gmail.com> wrote: > > > Great! I will add it to the list of topics to discuss. > > > > > > Regards, > > > Rifaat > > > > > > > > > > On Sat, Feb 11, 2023 at 1:06 AM Nat Sakimura <sakim...@gmail.com> wrote: > > > > > Sure, I'll be there. > > > > > I can discuss it there. > > > > > > > > > > > 2023年2月10日(金) 21:07 Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>: > > > > > > > Nat (off the list), > > > > > > > > > > > > > > Will you be attending the meeting in Yokohama? > > > > > > > If so, would you be interested to discuss this topic with the WG > > > > > > > then? This could be either during one of the main sessions or one > > > > > > > of the side meetings, if you prefer. > > > > > > > > > > > > > > Regards, > > > > > > > Rifaat > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Feb 10, 2023 at 3:24 AM Nat Sakimura > > > > > > > > <sakim...@gmail.com> wrote: > > > > > > > > > Hi > > > > > > > > > > > > > > > > > > OAuth 2.0 Proof-of-Possession (PoP) Security Architecture[1] > > > > > > > > > has not progressed and expired since 2017. > > > > > > > > > > > > > > > > > > [1] > > > > > > > > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-architecture-08 > > > > > > > > > > > > > > > > > > I just noticed it because I wanted to refer to it in one of > > > > > > > > > the papers I am involved with. IMHO, it has got good > > > > > > > > > information worth making referencable. Has it been an > > > > > > > > > explicit decision to abandon the document, or is it just the > > > > > > > > > result of the priority of the editors and this WG shifted > > > > > > > > > away? Is there an appetite to progress it? > > > > > > > > > > > > > > > > > > Best, > > > > > > > > > -- > > > > > > > > > Nat Sakimura > > > > > > > > > _______________________________________________ > > > > > > > > > OAuth mailing list > > > > > > > > > OAuth@ietf.org > > > > > > > > > https://www.ietf.org/mailman/listinfo/oauth > > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth