Re: [OAUTH-WG] IETF117 - OAuth WG call for topics

2023-07-10 Thread Michael Jones
Aaron Parecki and I would like 15-20 minutes to discuss: OAuth 2.0 Protected Resource Metadata https://www.ietf.org/archive/id/draft-jones-oauth-resource-metadata-04.html Per my previous e-mail, we made the updates requested by the working group at IETF 116, combining

[OAUTH-WG] OAuth 2.0 Protected Resource Metadata now with WWW-Authenticate

2023-07-10 Thread Michael Jones
In collaboration with Aaron Parecki, the ability for OAuth 2.0 protected resource servers to return their resource identifiers via WWW-Authenticate has been added to the OAuth 2.0 Protected Resource Metadata specification. This enables clients to dynamically learn ab

[OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-09.txt

2023-07-10 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title : The OAuth 2.1 Authorization Framework Authors : Dick Hardt Aaron Parec

Re: [OAUTH-WG] Request for Feedback on "SD-JWT VC" Draft Specification

2023-07-10 Thread Oliver Terbu
Dear all, Thank you all for your feedback so far. I would like to share an update on the SD-JWT VC draft that Daniel Fett and I have been working on. Here is the link to the updated IETF data tracker: https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/ Please note that we had to make

Re: [OAUTH-WG] New Version Notification for draft-identity-chaining-00.txt

2023-07-10 Thread Pieter Kasselman
Hi folks Following on from discussions at previous IETF meetings (starting at IETF 114) on identity chaining , Arndt, Kelly, Mike and I prepared a proposal that would allow for identity chaining across trust domains to support fine-grained authorization scenarios. It was uploaded it as an indi

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-02.txt

2023-07-10 Thread Pieter Kasselman
Hi folks, we updated the Cross-Device Flows: Security Best Current Practice based on feedback received after IETF 116. Updates include: - Introduced Cross-Device Consent Phishing as a label for the types of attacks described in this document. - Updated labels for different types of flows (User-

[OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-02.txt

2023-07-10 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title : Cross-Device Flows: Security Best Current Practice Authors : Pieter Kasselman