[OAUTH-WG] FW: Call for Participation - Third OAuth Security Workshop (OSW 2018)

2018-03-05 Thread n-sakimura
FYI. It is on the week before the IETF 101 London. Bunch of us are going to be there discussing security aspect of OAuth. Nat -Original Message- From: Roberto Carbone Sent: Tuesday, March 06, 2018 3:07 AM Subject: Call for Participation - Third OAuth Security Workshop (OSW 2018) De

Re: [OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07

2018-03-05 Thread William Denniss
Thanks again for the feedback Scott. I've staged an update here: https://github.com/WilliamDenniss/draft-ietf-oauth-device-flow/pull/6 It expands on the brute force attack section to include some detail on this attack, as it is quite unique for OAuth brute-force attacks (since the victim actually

Re: [OAUTH-WG] Call for agenda items

2018-03-05 Thread Nat Sakimura
I would be interested in hearing that. Also, as part of "Distributed OAuth", can we do a bit of re-cap on some of the previous drafts on the similar topic as we discussed in the interim? i.e., Brian's draft (where is the link now?) and my draft ( draft-sakimura-oauth-meta

Re: [OAUTH-WG] Call for agenda items

2018-03-05 Thread Mike Jones
I should make a presentation about changes in draft-ietf-oauth-discovery that occurred because of IESG feedback. 10-15 minutes. I will try to have something to say about the JWT BCP draft, which is currently expired. I will plan to address Brian Campbellā€™s comments before London. (Not enough

Re: [OAUTH-WG] Call for agenda items

2018-03-05 Thread William Denniss
Hannes & Rifaat, I would like the opportunity to present on OAuth 2.0 Incremental Authorization (draft-wdenniss-oauth-incremental-auth) [an update for which will be posted today] and "OAuth 2.0 Device Posture Signals" (draft-wdenniss-oauth-device-posture). I can also give an update on the status

[OAUTH-WG] Alexey Melnikov's No Objection on draft-ietf-oauth-discovery-10: (with COMMENT)

2018-03-05 Thread Alexey Melnikov
Alexey Melnikov has entered the following ballot position for draft-ietf-oauth-discovery-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer t