Congratulations everyone who participated in making this happen. This could be
a game-changer. A great day for OAuth!
Happily,
-- Mike
FYI, I wrote about this at https://self-issued.info/?p=2417 and
https://www.linkedin.com/posts/selfissued_oauth-20-demonstrating-proof-of-possession-activity-7105707054266269696-ZvO1/
and referenced it from
https://twitter.com/selfissued/status/1699940100048834636.
-----Original Message-----
From: OAuth <oauth-boun...@ietf.org> On Behalf Of rfc-edi...@rfc-editor.org
Sent: Thursday, September 7, 2023 4:39 PM
To: ietf-annou...@ietf.org; rfc-d...@rfc-editor.org
Cc: rfc-edi...@rfc-editor.org; drafts-update-...@iana.org; oauth@ietf.org
Subject: [OAUTH-WG] RFC 9449 on OAuth 2.0 Demonstrating Proof of Possession
(DPoP)
A new Request for Comments is now available in online RFC libraries.
RFC 9449
Title: OAuth 2.0 Demonstrating Proof of
Possession (DPoP)
Author: D. Fett,
B. Campbell,
J. Bradley,
T. Lodderstedt,
M. Jones,
D. Waite
Status: Standards Track
Stream: IETF
Date: September 2023
Mailbox: m...@danielfett.de,
bcampb...@pingidentity.com,
ve7...@ve7jtb.com,
tors...@lodderstedt.net,
michael_b_jo...@hotmail.com,
da...@alkaline-solutions.com
Pages: 39
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-oauth-dpop-16.txt
URL: https://www.rfc-editor.org/info/rfc9449
DOI: 10.17487/RFC9449
This document describes a mechanism for sender-constraining OAuth 2.0 tokens
via a proof-of-possession mechanism on the application level.
This mechanism allows for the detection of replay attacks with access and
refresh tokens.
This document is a product of the Web Authorization Protocol Working Group of
the IETF.
This is now a Proposed Standard.
STANDARDS TRACK: This document specifies an Internet Standards Track protocol
for the Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the Official Internet
Protocol Standards (https://www.rfc-editor.org/standards) for the
standardization state and status of this protocol. Distribution of this memo
is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the author of
the RFC in question, or to rfc-edi...@rfc-editor.org. Unless specifically
noted otherwise on the RFC itself, all RFCs are for unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
