[OAUTH-WG] Re: OAuth 2.0 Protected Resource Metadata - Implementations

Hi This Is not the first time I support this draft and say that, two years ago, I was looking for an RS metadata scheme for the spid attribuite authorities specification I found Mike's I-D and considered the deadline I had, together with other collegues of other national agencies, we decided to u

[OAUTH-WG] Re: OAuth 2.0 Protected Resource Metadata - Implementations

If it makes sense, we could add an "Implementation Status" section, like it is proposed in this RFC: https://www.rfc-editor.org/rfc/rfc7942.html On Wed, Jul 10, 2024 at 10:43 AM Michael Jones wrote: > OpenID Federation implementations use the Protected Resource Metadata > definitions in this spe

[OAUTH-WG] Re: OAuth 2.0 Protected Resource Metadata - Implementations

John Doi On Wed, Jul 10, 2024 at 9:13 PM Michael Jones wrote: > OpenID Federation implementations use the Protected Resource Metadata > definitions in this specification. Among others, Connect2ID and Authlete > have OpenID Federation implementations. I know that it’s deployed in the > Italian

[OAUTH-WG] Re: OAuth WG @ IETF120 - Draft Agenda

Thanks Rifaat, looks like a packed agenda! On Tue, Jul 9, 2024 at 10:30 AM Rifaat Shekh-Yusef wrote: > All, > > Here is our draft agenda for our 3 OAuth sessions at IETF120: > https://datatracker.ietf.org/doc/agenda-120-oauth/ > > Please, take a look and let us know what you think. > > Regards,

[OAUTH-WG] Re: OAuth 2.0 Protected Resource Metadata - Implementations

OpenID Federation implementations use the Protected Resource Metadata definitions in this specification. Among others, Connect2ID and Authlete have OpenID Federation implementations. I know that it's deployed in the Italian SPID CIE national federation.

[OAUTH-WG] Re: OAuth 2.0 Protected Resource Metadata - IPR Disclosure

I am not aware of any IPR associated with this specification. -- Mike From: Rifaat Shekh-Yusef Sent: Wednesday, July 10, 2024 9:06:26 AM To: oauth Subject: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata - IPR Disclosure Mike, Phil, Aaron, As part of the she

[OAUTH-WG] Re: OAuth 2.0 Protected Resource Metadata - IPR Disclosure

I am not aware of any IPR that pertain to this document. Aaron On Wed, Jul 10, 2024 at 9:07 AM Rifaat Shekh-Yusef wrote: > Mike, Phil, Aaron, > > As part of the shepherd write-up, all authors of the OAuth 2.0 Protected > Resource Metadata draft must confirm that any and all appropriate *IPR >

[OAUTH-WG] OAuth 2.0 Protected Resource Metadata - IPR Disclosure

Mike, Phil, Aaron, As part of the shepherd write-up, all authors of the OAuth 2.0 Protected Resource Metadata draft must confirm that any and all appropriate *IPR disclosures* required for full conformance with the provisions of BCP 78 and BCP 79 have been disclosed. https://datatracker.ietf.org/

[OAUTH-WG] OAuth 2.0 Protected Resource Metadata - Implementations

All, As part of the shepherd write-up for the OAuth 2.0 Protected Resource Metadata document, we are looking for information about implementations of this draft. https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-06.html Please, reply on the mailing list with any implementations t

[OAUTH-WG] Re: Shepherd Review for OAuth 2.0 Protected Resource Metadata draft

All, Mike and I met yesterday and discussed this. My concern was with the potential of a downgrade attack if there is a MITM between the client and the resource server. It seems that the draft defined a protection against such an attack as described in section 3.3. The next step is the shepherd w