[OAUTH-WG] Last Call: (OAuth 2.0 Security Best Current Practice) to Best Current Practice

2024-02-08 Thread The IESG
The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'OAuth 2.0 Security Best Current Practice' as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please

Re: [OAUTH-WG] AD Review of draft-ietf-oauth-security-topics-24

2024-02-08 Thread Roman Danyliw
Hi Daniel! I really appreciate the quick turn-around. It addresses all of my feedback. The document has been sent to the IETF LC. Roman From: Daniel Fett Sent: Thursday, February 8, 2024 12:08 PM To: Roman Danyliw ; oauth@ietf.org Subject: Re: [OAUTH-WG] AD Review of draft-ietf-oauth-securit

Re: [OAUTH-WG] AD Review of draft-ietf-oauth-security-topics-24

2024-02-08 Thread Daniel Fett
Hi Roman, Thanks for your feedback, I just released a new version addressing your comments! -Daniel Am 08.02.24 um 14:54 schrieb Roman Danyliw: Hi! I need to apologize here.  I didn’t catch this email and was watching for revised I-D indicator in the Datatracker.  Thanks for producing th

[OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-25.txt

2024-02-08 Thread internet-drafts
Internet-Draft draft-ietf-oauth-security-topics-25.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth 2.0 Security Best Current Practice Authors: Torsten Lodderstedt John Bradley Andrey Labunets

Re: [OAUTH-WG] SD-JWT, use of JSON path in disclosure claim name

2024-02-08 Thread Daniel Fett
Hi Nikos, this question comes up from time to time, so I'll quote myself : "We thought a lot about pointer-based approaches like the one you propose in the beginning, but there are some drawbacks:  1. The Verifier can re

Re: [OAUTH-WG] OAuth Digest, Vol 184, Issue 15

2024-02-08 Thread Andrew’s Cool BEYBLADES
ner("message", (e) => { // validate exact AS origin if (e.origin === https://honest.as.example) { // process e.data.code and e.data.state } }) Regards, Roman -- next part ------ An HTML attachment was scrubbed... URL: <https://maila

Re: [OAUTH-WG] AD Review of draft-ietf-oauth-security-topics-24

2024-02-08 Thread Roman Danyliw
Hi! I need to apologize here. I didn’t catch this email and was watching for revised I-D indicator in the Datatracker. Thanks for producing this revision over the winter break. The detailed explanations on the WG deliberations on the specific guidance I asked about was very helpful. Likewis