Hi Nat,

the Secure BCP defines sender-constrained access tokens and (I think) gives a 
comprehensive description of the attacks prevented by sender-constrained access 
tokens.

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-22#name-misuse-of-stolen-access-tok

Do you think there is anything missing?

best regards,
Torsten.
Am 27. März 2023, 13:48 +0900 schrieb Nat Sakimura <sakim...@gmail.com>:
> Hi Rifaat,
>
> Here is my slides on the OAuth 2.0 Proof-of-Possession (PoP) Security 
> Architecture discussion.
> Sorry for being so late in delivering it!
>
> Best,
>
> Nat Sakimura
>
>
> > On Sat, Feb 11, 2023 at 9:56 PM Rifaat Shekh-Yusef 
> > <rifaat.s.i...@gmail.com> wrote:
> > > Great! I will add it to the list of topics to discuss.
> > >
> > > Regards,
> > >  Rifaat
> > >
> > >
> > > > On Sat, Feb 11, 2023 at 1:06 AM Nat Sakimura <sakim...@gmail.com> wrote:
> > > > > Sure, I'll be there.
> > > > > I can discuss it there.
> > > > >
> > > > > > 2023年2月10日(金) 21:07 Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com>:
> > > > > > > Nat (off the list),
> > > > > > >
> > > > > > > Will you be attending the meeting in Yokohama?
> > > > > > > If so, would you be interested to discuss this topic with the WG 
> > > > > > > then? This could be either during one of the main sessions or one 
> > > > > > > of the side meetings, if you prefer.
> > > > > > >
> > > > > > > Regards,
> > > > > > >  Rifaat
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > On Fri, Feb 10, 2023 at 3:24 AM Nat Sakimura 
> > > > > > > > <sakim...@gmail.com> wrote:
> > > > > > > > > Hi
> > > > > > > > >
> > > > > > > > > OAuth 2.0 Proof-of-Possession (PoP) Security Architecture[1] 
> > > > > > > > > has not progressed and expired since 2017.
> > > > > > > > >
> > > > > > > > > [1] 
> > > > > > > > > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-architecture-08
> > > > > > > > >
> > > > > > > > > I just noticed it because I wanted to refer to it in one of 
> > > > > > > > > the papers I am involved with. IMHO, it has got good 
> > > > > > > > > information worth making referencable. Has it been an 
> > > > > > > > > explicit decision to abandon the document, or is it just the 
> > > > > > > > > result of the priority of the editors and this WG shifted 
> > > > > > > > > away? Is there an appetite to progress it?
> > > > > > > > >
> > > > > > > > > Best,
> > > > > > > > > --
> > > > > > > > > Nat Sakimura
> > > > > > > > > _______________________________________________
> > > > > > > > > OAuth mailing list
> > > > > > > > > OAuth@ietf.org
> > > > > > > > > https://www.ietf.org/mailman/listinfo/oauth
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to