Hi all,
this is the call for adoption of the 'OAuth Security Topics' document
following the positive call for adoption at the last IETF
meeting in Seoul.
Here is the document:
https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00
The intention with this document is to have a pla
> You can call me lazy if you want. Some of them are so well known, such as
> "password" or "PIN" it didn't seem worthwhile to try to track down a
> reference.
"password" and "PIN" are so well known, yet curiously they are quite different
as "amr" values.
"pwd" is merely defined as "password-
Hi all,
I'm working on a set of API endpoints to allow institutions to manage their
users and records, and their users to read their own records.
Specifically, each institution will get a {client_id} and a {secret} after
registering with us, which allows them to create users under its
institution
On 02/02/17 00:35, Mike Jones wrote:
> You can call me lazy if you want.
I don't think you're lazy:-) Were I to guess I'd guess that
interop for these wasn't a priority and that we're defining
them a bit early and a little too generically.
> Some of them are so well known,
> such as "password"
You can call me lazy if you want. Some of them are so well known, such as
"password" or "PIN" it didn't seem worthwhile to try to track down a reference.
But I'm willing to work with others to find decent references for the rest of
them, if you believe that would improve the quality of the spe
On 02/02/17 00:28, Mike Jones wrote:
> The other case of known interop testing of "amr" values is for MODRNA
> (OpenID Connect Mobile Profile) implementations. There's a reference
> to its use of "amr" values in the spec.
Yeah, iirc, that one seemed ok (assuming the reference tells
me what code
The other case of known interop testing of "amr" values is for MODRNA (OpenID
Connect Mobile Profile) implementations. There's a reference to its use of
"amr" values in the spec.
-Original Message-
From: Anthony Nadalin
Sent: Wednesday, February 1, 2017 4:27 PM
To: Stephen Farrell ; Mi
We have interoped between FIDO authenticators vendors and Windows Hello
-Original Message-
From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie]
Sent: Wednesday, February 1, 2017 4:24 PM
To: Mike Jones ; Anthony Nadalin
; joel jaeggli ; The IESG
Cc: oauth-cha...@ietf.org; draft-ietf
The introduction sounds great, especially acknowledging the problems due to
"the predominance of the web single sign-on model as the basis for the user
interaction"... but is there a summary of what this actually describes? I
see a lot of boilerplate text, and defining some new terms, but I don't
a
On 02/02/17 00:21, Mike Jones wrote:
> Thanks, Tony. I can add that reference.
>
> Stephen, the sets of initial values were chosen from those used in
> practice by Microsoft and Google in real deployments.
Genuine questions: do you aim to have interop between those
deployments? What if I wante
Thanks, Tony. I can add that reference.
Stephen, the sets of initial values were chosen from those used in practice by
Microsoft and Google in real deployments.
About "otp", there are existing use cases for indicating that an OTP was used.
I'm not aware of any of these use cases where the dis
The code point is that Windows Hello protocol supports three types of biometric
authentication: fingerprint, face and iris, we need to distinguish between eye,
retina and iris. There are windows devices that do retina also, like windows
phones, we have now gone to iris after the NIST testing and
Hi Tony,
On 02/02/17 00:10, Anthony Nadalin wrote:
> NIST asked for the addition of IRIS (as they are seeing more use of
> IRIS over retina due to the accuracy of iris) as they have been
> doing significant testing on various iris devices and continue to do
> so, here is a report that NIST relea
NIST asked for the addition of IRIS (as they are seeing more use of IRIS over
retina due to the accuracy of iris) as they have been doing significant
testing on various iris devices and continue to do so, here is a report that
NIST released
http://2010-2014.commerce.gov/blog/2012/04/23/nist-ir
Folks,
This may be of interest. Its forward-looking, I know. Appreciate any comments
on the draft.
Best.
/thomas/
From: internet-dra...@ietf.org [internet-dra...@ietf.org]
Sent: Wednesday, February 01, 2017 6:39 PM
To: Thomas Hardjono
Subject: New Vers
Hi Mike,
On 01/02/17 17:00, Mike Jones wrote:
> Thanks for the discussion, Stephen.
>
> To your point about "otp", the working group discussed this very
> point. They explicitly decided not to introduce "hotp" and "totp"
> identifiers because no one had a use case in which the distinction
> mat
Thanks for the discussion, Stephen.
To your point about "otp", the working group discussed this very point. They
explicitly decided not to introduce "hotp" and "totp" identifiers because no
one had a use case in which the distinction mattered. Others can certainly
introduce those identifiers
On 01/02/17 14:58, joel jaeggli wrote:
> On 1/31/17 8:26 AM, Stephen Farrell wrote:
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-oauth-amr-values-05: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included i
On 1/31/17 8:26 AM, Stephen Farrell wrote:
> Stephen Farrell has entered the following ballot position for
> draft-ietf-oauth-amr-values-05: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
>
19 matches
Mail list logo
