[OAUTH-WG] Fwd: New Version Notification for draft-barnes-oauth-pika-01.txt

Hi OAuth folks, Thanks to everyone for the discussion on the adoption thread for this draft. This revision is mostly unchanged, except that we added a few notes about risks related to compromise of web servers that hold certificates that could be used to issue PIKAs. --Richard -- Forwa

[OAUTH-WG] I-D Action: draft-ietf-oauth-status-list-03.txt

Internet-Draft draft-ietf-oauth-status-list-03.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Token Status List Authors: Tobias Looker Paul Bastian Christian Bormann Name:draft-ietf-oauth-status-list-0

[OAUTH-WG] Re: OAuth Client ID Metadata Document

On Mon, Jul 8, 2024 at 12:38 PM Emelia Smith wrote: > > > On 8. Jul 2024, at 21:17, Dick Hardt wrote: > > > On Mon, Jul 8, 2024 at 11:33 AM Emelia S. wrote: > >> I would suggest that if an AS were to implement to competing >> specifications for what a client_id means, then it'd be up to the >>

[OAUTH-WG] Re: OAuth Client ID Metadata Document

On 8. Jul 2024, at 21:17, Dick Hardt wrote:On Mon, Jul 8, 2024 at 11:33 AM Emelia S. wrote:I would suggest that if an AS were to implement to competing specifications for what a client_id means, then it'd be up to the implementor to decide what is used when. E.g., it'd be

[OAUTH-WG] I-D Action: draft-ietf-oauth-identity-chaining-02.txt

Internet-Draft draft-ietf-oauth-identity-chaining-02.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth Identity and Authorization Chaining Across Domains Authors: Arndt Schwenkschuster Pieter Kasselmann Ke

[OAUTH-WG] Re: OAuth Client ID Metadata Document

On Mon, Jul 8, 2024 at 11:33 AM Emelia S. wrote: > I would suggest that if an AS were to implement to competing > specifications for what a client_id means, then it'd be up to the > implementor to decide what is used when. E.g., it'd be difficult to support > both OpenID Federation and this I-D s

[OAUTH-WG] Re: OAuth Client ID Metadata Document

I would suggest that if an AS were to implement to competing specifications for what a client_id means, then it'd be up to the implementor to decide what is used when. E.g., it'd be difficult to support both OpenID Federation and this I-D simultaneously without some degree of work on the impleme

[OAUTH-WG] Re: OAuth Client ID Metadata Document

On Mon, Jul 8, 2024 at 10:15 AM Emelia Smith wrote: > Just to follow up on this, further: > > > 1. If an AS supports both registered, and unregistered clients, is > there any guidance or requirements on differentiating between them such as > NOT issuing other identifiers that start with 'https"?

[OAUTH-WG] Re: OAuth Client ID Metadata Document

Inline .. On Mon, Jul 8, 2024 at 9:06 AM Aaron Parecki wrote: > Thanks Dick, I hadn't gotten to post this to the list yet, but thanks for > kicking off the discussion! > > FYI there are already a few live implementations of this, and some > additional in-progress implementations. There is also s

[OAUTH-WG] I-D Action: draft-ietf-oauth-resource-metadata-06.txt

Internet-Draft draft-ietf-oauth-resource-metadata-06.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth 2.0 Protected Resource Metadata Authors: Michael B. Jones Phil Hunt Aaron Parecki Name:draft-ie

[OAUTH-WG] Re: OAuth Client ID Metadata Document

Just to follow up on this, further:> > 1. If an AS supports both registered, and unregistered clients, is there any guidance or requirements on differentiating between them such as NOT issuing other identifiers that start with 'https"? >> This is probably a good call-out. I am unsure about how many

[OAUTH-WG] Re: OAuth Client ID Metadata Document

Thanks Dick, I hadn't gotten to post this to the list yet, but thanks for kicking off the discussion! FYI there are already a few live implementations of this, and some additional in-progress implementations. There is also some overlap between this and an application of FedCM, which is where some

[OAUTH-WG] I-D Action: draft-ietf-oauth-sd-jwt-vc-04.txt

Internet-Draft draft-ietf-oauth-sd-jwt-vc-04.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: SD-JWT-based Verifiable Credentials (SD-JWT VC) Authors: Oliver Terbu Daniel Fett Brian Campbell Name:draft-i

[OAUTH-WG] Re: Shepherd Review for OAuth 2.0 Protected Resource Metadata draft

Can you reply to this today, Rifaat? Thanks, -- Mike From: Michael Jones Sent: Saturday, July 6, 2024 12:55:19 PM To: Rifaat Shekh-Yusef Cc: oauth Subject: RE: [OAUTH-WG] Shepherd Review for OAuth 2.0 Protected Resource Metadata draft What puzzles me of talk

[OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-10.txt

Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-10.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Selective Disclosure for JWTs (SD-JWT) Authors: Daniel Fett Kristina Yasuda Brian Campbell Name:

[OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-08.txt

Internet-Draft draft-ietf-oauth-cross-device-security-08.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Cross-Device Flows: Security Best Current Practice Authors: Pieter Kasselman Daniel Fett Filip Skokan