That is theory that CTAP should let web-views work.
I just ran a test on the current shipping Android build. U2F is only working
from the View controller and system browser.
Web-view is not currently exposing CTAP.
I believe that is also the case on iOS, but haven't built a app to test it.
OpenID Connect implementations are not required to implement this functionality
but most do, by virtue of implementing the OpenID Connect metadata specified in
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata.
The OAuth AS Metadata spec is intentionally compatible wit
Hi Mike
thanks for the quick response and for the wording suggestions.
Regarding the implementations are OpenID Connect implementations
required to implement this functionality?
On 03/07/2017 07:58 PM, Mike Jones wrote:
> 1) Implementation & deployment status of the spec
>
> Microsoft has at le
Replies inline...
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Tuesday, March 7, 2017 10:46 AM
To: oauth@ietf.org; Phil Hunt
Subject: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata
Hi all,
here is the write-
Hi all,
here is the write-up:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_Metadata.txt
I need your feedback on the following issues:
1) Implementation & deployment status of the spec
2) Working group summary (see below)
(Particularly asking Phi
On 07/03/17 17:17, Mike Jones wrote:
> You're right, Stephen. Re-reading the spec, it doesn't say that, and
> it should. Sometimes it takes someone giving a spec a fresh read to
> uncover things that the authors understood and intended but failed to
> be captured in the text. This is such a ca
I am aware of no IPR encumbrances for this specification.
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
Sent: Tuesday, March 7, 2017 10:02 AM
To: Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 Authorization Server Metadata
I have no IPR disclosures to make.
John B.
> On Mar 7, 2017, at 2:50 PM, Hannes Tschofenig
> wrote:
>
> Hi John, Mike, Nat,
>
> I am working on the shepherd writeup for the "OAuth 2.0 Authorization
> Server Metadata" document:
> https://tools.ietf.org/html/draft-ietf-oauth-discovery-05
>
> On
Hi John, Mike, Nat,
I am working on the shepherd writeup for the "OAuth 2.0 Authorization
Server Metadata" document:
https://tools.ietf.org/html/draft-ietf-oauth-discovery-05
One item in the template requires me to indicate whether each document
author has confirmed that any and all appropriate I
You're right, Stephen. Re-reading the spec, it doesn't say that, and it
should. Sometimes it takes someone giving a spec a fresh read to uncover
things that the authors understood and intended but failed to be captured in
the text. This is such a case - so thanks.
I'll add this information,
What you describe as your minimum case is what I intended to be the
minimum case for this document. I opted to put the token inside the
payload instead of a hash because then we wouldn't need an additional
header to carry the token, and the client wouldn't be required to do an
additional crypto
Thanks Denis,
Yes. As currently specified, ts is an integer. My previous mail requested
it to be string instead so that I can used it as a nonce generated in the
style of H(timestamp|client_id|key) etc. I agree this is the place to
discuss replay protection etc. (Not in JAR, which is just a contai
Hi Nat,
I see that you are now back to the list.
Please take note that "draft-ietf-oauth-signed-http-request-03.txt" has
expired on February 9, 2017 .
You said: "perhaps change ts to string to accommodate nonce like string"
In this draft, ts is defined as:
ts RECOMMENDED. The timestamp.
Hi Tony
thanks for the feedback. I have requested publication of the document a
few minutes ago already and we will incorporate any remarks from my
co-workers as part of the IETF-wide last call.
Ciao
Hannes
On 03/07/2017 09:17 AM, Anthony Nadalin wrote:
> I'm still getting feedback on the Window
I'm still getting feedback on the Windows examples that are pointed to by the
spec, since it's not a simple case on Windows
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Monday, March 6, 2017 8:00 AM
To: oauth@ietf.org
Subject: [OAUTH
Not true John, the CTAP support that is current would support the web-view w/o
any changes
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
Sent: Monday, March 6, 2017 12:16 PM
To: Hannes Tschofenig
Cc: internet-dra...@ietf.org; oauth@ietf.org
Sub
16 matches
Mail list logo
