[OAUTH-WG] AMR Values specification addressing Stephen Farrell’s comments

Security area director Stephen Farrell had asked us to make it as clear as possible to people who might be registering new “amr” values that names can identify families of closely-related authentication methods. This is now said right in the IANA Registration Template, so that people who might

Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-token-binding-02.txt

FYI, I blogged about this at http://self-issued.info/?p=1660 and as @selfissued. -- Mike From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell Sent: Monday, March 13, 2017 2:32 PM To

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-device-flow-05.txt

FYI, I blogged about this at http://self-issued.info/?p=1657 and as @selfissued. -- Mike From: William Denniss [mailto:wdenn...@google.com] Sent: Monday, March 13, 2017 11:44 AM To: oauth@ietf.org; Ju

Re: [OAUTH-WG] Stephen Farrell's No Objection on draft-ietf-oauth-amr-values-07: (with COMMENT)

Hi Stephen, Per your suggestion, I added text in the IANA Registration Template saying that names can be for families of closely-related authentication methods. That way, even if people don't read the spec, when they try to register values, they should see the description. I can't change the

[OAUTH-WG] I-D Action: draft-ietf-oauth-amr-values-08.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol of the IETF. Title : Authentication Method Reference Values Authors : Michael B. Jones Phil Hunt

[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-token-binding-02.txt

I'm pleased to announce that (with the diligent help of my distinguished co-authors) draft -02 of "OAuth 2.0 Token Binding" has been published. The changes from the prior draft are listed below with support for Token Binding of authori

[OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-02.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol of the IETF. Title : OAuth 2.0 Token Binding Authors : Michael B. Jones John Bradley

Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)

I did point out earlier when I discovered the dates, that I similarly asked for it to be later in the week. It is probably fine for Europeans but it will stop many people from being able to attend including myself unless I can come up with other meetings in Europe to fill those days. If we cant

[OAUTH-WG] Critical vulnerability in JSON Web Encryption (#JWE) - RFC 7516 Invalid Curve Attack

hi *, sorry for cross posting with the jose mailing list http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html regards antonio ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Second OAuth Security Workshop (Call for Papers)

Hi Mike, yes, those are the right dates. There are restrictions from the host's side, that’s why the workshop needs to take place on Monday and Tuesday. As far as I remember the host was clear about that from the beginning. best regards, Torsten. > Am 12.03.2017 um 22:15 schrieb Mike Jones :

[OAUTH-WG] I-D Action: draft-ietf-oauth-device-flow-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol of the IETF. Title : OAuth 2.0 Device Flow for Browserless and Input Constrained Devices Authors : William Denniss

Re: [OAUTH-WG] Stephen Farrell's No Objection on draft-ietf-oauth-amr-values-07: (with COMMENT)

Thanks, Stephen. I'll try to apply the suggested changes before the cutoff. -- Mike -Original Message- From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie] Sent: Monday, March 13, 2017 8:28 AM To: The IESG Cc: draft-ietf-oauth-amr-val...@ietf.org; Ha

[OAUTH-WG] Stephen Farrell's No Objection on draft-ietf-oauth-amr-values-07: (with COMMENT)

Stephen Farrell has entered the following ballot position for draft-ietf-oauth-amr-values-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer

Re: [OAUTH-WG] Device Code expiration and syntax

On Sat, Mar 11, 2017 at 1:54 PM, William Denniss wrote: > > On Sat, Mar 11, 2017 at 12:40 PM, Justin Richer wrote: > >> >> >> Secondly, I had a question about the “response_type” parameter to the >>> device endpoint. This parameter is required and it has a single, required >>> value, with no reg

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-native-apps-08.txt

Hi, There is an extra “where” in this Terminology definition: "reverse domain name notation" A naming convention based on the domain name system, but where where the domain components are reversed, for example "app.example.com" becomes "com.example.app". https://tools.ietf.org/html/d