Re: [OAUTH-WG] Review of draft-ietf-oauth-selective-disclosure-jwt-02

Thanks for the review John. I've tried to reply to the comments inline below. On Sun, Jan 29, 2023 at 8:22 AM John Mattsson wrote: > Hi, > > > > The reopened JOSE WG which I am co-chairing has in its charter to sync > with the Selective Disclosure JWT work in Oauth WG. I therefore did a > review

Re: [OAUTH-WG] OAUTH for Web Proxy authentication

Hi Neil, If I understand correctly the RFC already allows the use of Bearer authentication scheme for Proxy authentication and it is more an implementation question ? Thank you Markus From: Neil Madden Sent: Tuesday, January 31, 2023 10:32 AM To: Warren Parad Cc: Markus ; oauth@ietf.org

Re: [OAUTH-WG] IETF-116: Client/Trust Management

Thanks!Am 31.01.2023 um 18:36 schrieb Rifaat Shekh-Yusef :Hi Torsten,Sounds good. I will add this topic to the list.Regards, RifaatOn Tue, Jan 31, 2023 at 11:18 AM Torsten Lodderstedt wrote:Hi Rifaat, Kristina and I would like to give an update to the WG about challenges

Re: [OAUTH-WG] IETF-116: Client/Trust Management

Hi Torsten, Sounds good. I will add this topic to the list. Regards, Rifaat On Tue, Jan 31, 2023 at 11:18 AM Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi Rifaat, > > Kristina and I would like to give an update to the WG about challenges and > developments on client/trust managem

[OAUTH-WG] IETF-116: Client/Trust Management

Hi Rifaat, Kristina and I would like to give an update to the WG about challenges and developments on client/trust management in the context of decentralized identity at IETF-116. We would seek the WG's feedback on our current ideas how to cope with them. We also think some of the ideas could b

[OAUTH-WG] Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem

Dear Rifaat and esteemed community members, I am pleased to share my research paper on 'Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem'. The highlights of the paper are: 1. Separation of Duties (SoD) - Delegates responsibility of authenticating client applications to a third-party en

Re: [OAUTH-WG] OAUTH for Web Proxy authentication

Right - RFC 6750 doesn't explicitly define how to send an access token with the Proxy-Authorization/Proxy-Authenticate headers, but states: The Bearer authentication scheme is intended primarily for server authentication using the WWW-Authenticate and Authorization HTTP headers but does

Re: [OAUTH-WG] OAUTH for Web Proxy authentication

Markus could you shed some light on how this would be different from the normal OAuth flow between any resource server and the user agent? Proxies today could already start accepting OAuth authorization following the OAuth spec, right? On Tue, Jan 31, 2023 at 12:48 AM Markus wrote: > Hi Rifaat,