Hello Karsten, Can you summarize in what ways is your draft compatible with draft-sakimura-oauth-wmrm-00? Which of the described modes in Nat's document does it cover?
There are existing implementations (both partial and full) of draft-sakimura-oauth-wmrm-00 so if your draft is not compatible I would recommend not using the same response mode name/identifier in your proposal. What prompted you to start a new draft rather than using draft-sakimura-oauth-wmrm-00? S pozdravem, *Filip Skokan* On Thu, 4 Jan 2024 at 12:04, Karsten Meyer zu Selhausen | Hackmanit < karsten.meyerzuselhau...@hackmanit.de> wrote: > Hi all, > > we would like to ask again for feedback on our draft for the "web_message" > response mode: > *https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/ > <https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/> > * > > We think it would be very helpful for implementers and developers to > specify a secure standard for a postMessage API-based response mode. > > Best regards, > Karsten > On 23.11.2023 10:11, Karsten Meyer zu Selhausen | Hackmanit wrote: > > Hi everyone, > > at the last OSW the topic of a response mode based on the postMessage API > came up. This approach is already used by multiple parties (e.g., Google) > but lacks standardization. > > There was some sense of agreement that it would be a good idea to create > an RFC defining this response mode to counter security flaws in individual > implementations and improve interoperability. > > Because the efforts in the past were long expired (draft -00 of > https://datatracker.ietf.org/doc/draft-sakimura-oauth-wmrm/ expired in > 2016) we took the initiative and started to work on a new ID for the > "web_message" response mode. > > *We would like to to ask the members of the working group for feedback on > our draft: > https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/ > <https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/>* > > > I see that "draft-sakimura-oauth-wmrm" has been recently updated. However, > there have not been any changes to its contents. What are the plans of the > authors for this draft? > > Best regards > Karsten > > -- > Karsten Meyer zu Selhausen > Senior IT Security Consultant > Phone: +49 (0)234 / 54456499 > Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, > Security Training > > Multi-Factor Authentication (MFA) significantly increases the security of > your accounts. > Learn in our blog posts what the best MFA options are and how FIDO2 goes one > step further to solve the world’s password > problem:https://www.hackmanit.de/en/blog-en/162-what-is-mfahttps://www.hackmanit.de/en/blog-en/165-what-is-fido2 > > Hackmanit GmbH > Universitätsstraße 60 (Exzenterhaus) > 44789 Bochum > > Registergericht: Amtsgericht Bochum, HRB 14896 > Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. > Christian Mainka, Prof. Dr. Marcus Niemietz > > -- > Karsten Meyer zu Selhausen > Senior IT Security Consultant > Phone: +49 (0)234 / 54456499 > Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, > Security Training > > Multi-Factor Authentication (MFA) significantly increases the security of > your accounts. > Learn in our blog posts what the best MFA options are and how FIDO2 goes one > step further to solve the world’s password > problem:https://www.hackmanit.de/en/blog-en/162-what-is-mfahttps://www.hackmanit.de/en/blog-en/165-what-is-fido2 > > Hackmanit GmbH > Universitätsstraße 60 (Exzenterhaus) > 44789 Bochum > > Registergericht: Amtsgericht Bochum, HRB 14896 > Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. > Christian Mainka, Prof. Dr. Marcus Niemietz > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
