Re: [OAUTH-WG] Mailman privacy alert

On Wednesday, January 8, 2020, 2:52:22 PM GMT+7, wrote: An attempt was made to subscribe your address to the mailing list oauth@ietf.org.  You are already subscribed to this mailing list. Note that the list membership is not public, so it is possible that a bad person was trying to probe the

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

+1 > On 8 Jan 2020, at 03:31, Steinar Noem wrote: > > +1 > > tir. 7. jan. 2020 kl. 17:53 skrev Torsten Lodderstedt > >: > +1 > > > On 7. Jan 2020, at 17:25, Brian Campbell > > > > wrote: > > > > +1 > > >

Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: PAR metadata

A little more context about that proposed wording is in a github issue at https://github.com/oauthstuff/draft-oauth-par/issues/38, which is different driver than allowing a PAR endpoint to stash the encrypted request object rather than decrypting/validating it. But it's kind of the same concept at

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

+1 tir. 7. jan. 2020 kl. 17:53 skrev Torsten Lodderstedt : > +1 > > > On 7. Jan 2020, at 17:25, Brian Campbell 40pingidentity@dmarc.ietf.org> wrote: > > > > +1 > > > > On Tue, Jan 7, 2020 at 6:12 AM Vladimir Dzhuvinov < > vladi...@connect2id.com> wrote: > > +1 for the adoption of RAR > > > >

[OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-02-10

The Web Authorization Protocol (oauth) Working Group will hold a virtual interim meeting on 2020-02-10 from 18:00 to 19:00 Europe/Vienna. Agenda: As mentioned in our earlier email we would like to get a better understanding of this RFC 6749 update. Ideally, we would like to hear your thoughts abo

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

+1 > On 7. Jan 2020, at 17:25, Brian Campbell > wrote: > > +1 > > On Tue, Jan 7, 2020 at 6:12 AM Vladimir Dzhuvinov > wrote: > +1 for the adoption of RAR > > On 06/01/2020 21:37, Rifaat Shekh-Yusef wrote: >> This is a call for adoption for the OAuth 2.0 Rich Authorization Requests >> docum

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

+1 On Tue, Jan 7, 2020 at 6:12 AM Vladimir Dzhuvinov wrote: > +1 for the adoption of RAR > On 06/01/2020 21:37, Rifaat Shekh-Yusef wrote: > > This is a call for adoption for the *OAuth 2.0 Rich Authorization > Requests* document. > https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/ >

[OAUTH-WG] Virtual Interim Meeting/Conference Call on Feb. 10th

Hi all, Based on the feedback we have selected Feb, 10th at 6pm CET. In other time zones this is: https://www.timeanddate.com/worldclock/meetingdetails.html?year=2020&month=2&day=10&hour=17&min=0&sec=0&p1=1889&p2=179&p3=137 Meeting link: https://ietf.webex.com/ietf/j.php?MTID=m2d06208053cadb653

Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: PAR metadata

On 07/01/2020 00:22, Filip Skokan wrote: > We've been discussing making the following change to the language > > The AS SHOULD validate the request in the same way as at the > authorization endpoint. The AS MUST ensure that all parameters to > the authorization request are still valid a

Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: PAR metadata

Just to comment that with a lightweight PAR (stash-only) endpoint one of the nice benefits of PAR will be lost - to pre-validate the request (client_id, redirect_uri, etc) as much as possible before a front-end call is made and the user is sent to the authZ endpoint. Vladimir On 06/01/2020 23:59,

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

I support the adoption. Am 06.01.20 um 20:37 schrieb Rifaat Shekh-Yusef: > All, > > This is a call for adoption for the *OAuth 2.0 Rich Authorization > Requests* document. > https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/  >   > Please, let us know if you support or object to the ado

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

+1 for the adoption of RAR On 06/01/2020 21:37, Rifaat Shekh-Yusef wrote: > This is a call for adoption for the *OAuth 2.0 Rich Authorization > Requests* document. > https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/  smime.p7s Description: S/MIME Cryptographic Signature

Re: [OAUTH-WG] JWT Secured Authorization Request (JAR) vs OIDC request object

> Am 06.01.2020 um 23:50 schrieb John Bradley : > > A client could duplicate those outside the request object for some sort of > backwards compatability but they will be ignored. > Is this used for backward compatibility with the OIDC servers? > What we have lost is the merge capability. Ther