Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00

ttps://en.wikipedia.org/wiki/Web_of_Things). As > Erik correctly points out JSON is not the only data representation that > makes things in the Web and the Web of Things. > > -- Mike > > *From:* Ace [mailto:ace-boun...@i

Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00

Or keep the CBOR Web Token (CWT) for two major reasons: - To show the very close relationship to JWT. It relies heavily on JWT and it's iana registry. It is essentially a JWT but in CBOR/COSE instead of JSON/JOSE. - I would not say that JWT is the only format that works for the web, and it's even u

Re: [OAUTH-WG] [Ace] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00

+1 On Thu, Apr 7, 2016 at 6:47 AM, Samuel Erdtman wrote: > +1 for adoption > > Sent from my iPhone > > On 7 apr. 2016, at 03:34, Kepeng Li wrote: > > To: ACE WG > Cc: OAuth and COSE WG > > Hello all, > > > This note begins a Call For Adoption for > draft-wahlstroem-ace-cbor-web-token-00 [1] >

Re: [OAUTH-WG] OAuth PoP Implementation

Hi, Good work Justin. I’ve also implemented (parts) of PoP tokens for the ACE WG oauth2 draft and made a lot of the same assumptions. See below. > On 03 Feb 2016, at 23:47, Justin Richer wrote: > > Hi Everyone, > > I recently decided to put together an end to end implementation of at leas

Re: [OAUTH-WG] [COSE] Consensus Call: Adoption of the COSE Token

WGs. Thanks for the discussion, I was waiting to chime in until it was hashed out a bit to see if there was any overwhelming consensus without influencing the outcome. Now that it has quieted down, ACE is probably the best plan. Thanks, Kathleen Sent from my iPhone On Nov 22, 2015, at 4:25 PM

Re: [OAUTH-WG] A review of draft-ietf-oauth-pop-architecture-05

lt; div=""> -- Justin / Sent from my phone / <> Original message From: Phil Hunt mailto:phil.h...@oracle.com>> Date: 11/19/2015 11:28 AM (GMT-06:00) To: Erik Wahlström neXus mailto:erik.wahlst...@nexusgroup.com>> Cc: "mailto:oa

Re: [OAUTH-WG] A review of draft-ietf-oauth-pop-architecture-05

'm happy to bend to the will of the group(s) on this. Phil On Nov 19, 2015, at 01:17, Erik Wahlström neXus mailto:erik.wahlst...@nexusgroup.com>> wrote: Hi, I have been reviewing draft-ietf-oauth-pop-architecture-05. In ACE WG we have a draft that uses PoP tokens for IoT and the arch

[OAUTH-WG] A review of draft-ietf-oauth-proof-of-possession-06

I made a (late) review of draft-ietf-oauth-proof-of-possession-06 and as with draft-ietf-oauth-pop-architecture-05 I think it’s in really good shape and it’s not much to comment on. The only thing that I could mention is that the introduction of the “jwk” member in the following text is a bit

[OAUTH-WG] A review of draft-ietf-oauth-pop-architecture-05

Hi, I have been reviewing draft-ietf-oauth-pop-architecture-05. In ACE WG we have a draft that uses PoP tokens for IoT and the architectures defined here so my review was done with that IoT perspective. I’m a bit late with the review and some of the comments might already be mentioned by others

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

ame substance as JWT, but phrased in and > profiled for CBOR? > > Depending on the answer, CWT should be done in OAuth, ACE, or COSE. > (I'd rather hear the answer from the authors than venture a guess myself.) > > Grüße, Carsten > > > > Erik Wahlström neXus wro

[OAUTH-WG] A draft on CBOR Web Tokens (CWT)

Hi, In the ACE WG a straw man proposal of a CBOR Web Token (CWT) was defined in the draft "Authorization for the Internet of Things using OAuth 2.0” [1]. We just broke out the CBOR Web Token into a separate draft and the new draft is submitted to the OAUTH WG. It can be found here: https://da

Re: [OAUTH-WG] Your Review of the Native Apps Draft

I posted my review comments here https://www.ietf.org/mail-archive/web/oauth/current/msg14835.html Reposing it because the first comment in my review is also the same question I asked in this meeting. The problem is mainly a us

Re: [OAUTH-WG] UMA Resource Set Registration

The concepts on resource registration is also very important when it comes to IoT so I think we will get there soon enough. / Erik > On 05 Nov 2015, at 09:35, Phil Hunt wrote: > > I am thinking that the api management perspective might be very different > than UMAs. Eg we want to automatically

Re: [OAUTH-WG] OAuth Digest, Vol 81, Issue 86

Hi, Thanks for a great document! I volunteered to review draft-wdenniss-oauth-native-apps-00 at the #IETF93 meeting so here we go: In national mobile eID deployments an app is issued by gov or other organisation in a country. The app acts as the users authentication method and it works with an ID