[OAUTH-WG] Call for adoption - RFC7523bis

All, This is a call for adoption for the *RFC7523bis* draft that was discussed recently during the last interim meeting: https://datatracker.ietf.org/doc/draft-jones-oauth-rfc7523bis/ Remember that *adoption* does *not* mean a document is *finished*, only that it is an *acceptable starting point*

[OAUTH-WG] Call for adoption - PIKA

All, As per the discussion in Vancouver, this is a call for adoption for the *Proof of Issuer Key Authority (PIKA) *draft: https://datatracker.ietf.org/doc/draft-barnes-oauth-pika/ Please, reply on the mailing list and let us know if you are in favor or against adopting this draft as WG document,

[OAUTH-WG] Call for adoption - First Party Apps

All, As per the discussion in Vancouver, this is a call for adoption for the First Party Apps draft: https://datatracker.ietf.org/doc/draft-parecki-oauth-first-party-apps/ Please, reply on the mailing list and let us know if you are in favor or against adopting this draft as WG document, by *Sep

[OAUTH-WG] Call for adoption - PIKA

All, This is an official call for adoption for the *Proof of Issuer Key Authority (PIKA)* draft: https://datatracker.ietf.org/doc/draft-barnes-oauth-pika/ Please, reply *on the mailing list* and let us know if you are in favor or against adopting this draft as WG document, by *June 24th*. Regard

Re: [OAUTH-WG] Call for adoption - Identity Chaining

All, Based on the feedback in Prague and the responses to this call for adoption, we declare the *Identity Chaining *draft *adopted* as a WG document. Authors, Feel free to submit a -00 version of the WG document at your convenience, that has the same content of the latest individual document.

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption Fra: OAuth på vegne av On Tue, Nov 14, 2023 at 4:59 AM Rifaat Shekh-Yusef mailto:rifaat.s.i...@gmail.com>> wrote: All, This is an official call for adoption for the Identity Chaining draft: https://datatracker.ietf.org/doc/draft-schwenkschu

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. The draft lays out an application of several existing OAuth building blocks. I have some additional use cases for the pattern that are not yet mentioned in the draft and am planning on discussing them with the authors. Aaron On Tue, Nov 14, 2023 at 4:59 AM Rifaat Shekh-Yusef

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption > On Nov 14, 2023, at 9:58 AM, Rifaat Shekh-Yusef > wrote: > > All, > > This is an official call for adoption for the Identity Chaining draft: > https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-identity-chaining/ > > Please, reply on the mailing list and let us

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption > On Nov 14, 2023, at 9:57 AM, Rifaat Shekh-Yusef > wrote: > > All, > > This is an official call for adoption for the Transaction Tokens draft: > https://datatracker.ietf.org/doc/draft-tulshibagwale-oauth-transaction-tokens/ > > Please, reply on the mailing list and let us

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption Christian From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Tuesday, November 14, 2023 1:59 PM To: oauth Subject: [OAUTH-WG] Call for adoption - Identity Chaining All, This is an official call for adoption for the Identity Chaining draft: https://datatracker.ietf.org

Re: [OAUTH-WG] Call for adoption - Identity Chaining

Very interesting work, it reminds me the SPID Attribute Authorities, where the users give their consent during the authentication, granting the RPs to consume RS on behalf of users the AS/OP issues several grant tokens (JWT Embedded Tokens) as many consent give by the user to each Attribute Author

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption. Am 14.11.23 um 13:57 schrieb Rifaat Shekh-Yusef: All, This is an *official *call for adoption for the *Transaction Tokens *draft: https://datatracker.ietf.org/doc/draft-tulshibagwale-oauth-transaction-tokens/ Please, reply on the mailing list and let us know if you are in

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. Am 14.11.23 um 13:58 schrieb Rifaat Shekh-Yusef: All, This is an *official* call for adoption for the *Identity Chaining *draft: https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-identity-chaining/ Please, reply on the mailing list and let us know if you are in f

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption. OS On Fri, Nov 17, 2023 at 11:48 AM Joseph Heenan wrote: > I support adoption. > > Joseph > > > On 14 Nov 2023, at 12:57, Rifaat Shekh-Yusef > wrote: > > All, > > This is an *official *call for adoption for the *Transaction Tokens * > draft: > > https://datatracker.ietf.org

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. On Fri, Nov 17, 2023 at 11:47 AM Joseph Heenan wrote: > I supported adoption. > > Joseph > > > On 14 Nov 2023, at 12:58, Rifaat Shekh-Yusef > wrote: > > All, > > This is an *official* call for adoption for the *Identity Chaining *draft: > > https://datatracker.ietf.org/doc/d

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption. Joseph > On 14 Nov 2023, at 12:57, Rifaat Shekh-Yusef wrote: > > All, > > This is an official call for adoption for the Transaction Tokens draft: > https://datatracker.ietf.org/doc/draft-tulshibagwale-oauth-transaction-tokens/ > > Please, reply on the mailing list and let

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I supported adoption. Joseph > On 14 Nov 2023, at 12:58, Rifaat Shekh-Yusef wrote: > > All, > > This is an official call for adoption for the Identity Chaining draft: > https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-identity-chaining/ > > Please, reply on the mailing list and l

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption -DW > On Nov 14, 2023, at 4:59 AM, Rifaat Shekh-Yusef > wrote: > >  > All, > > This is an official call for adoption for the Identity Chaining draft: > https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-identity-chaining/ > > Please, reply on the mailing list an

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. On Wed, Nov 15, 2023 at 3:10 PM Brian Campbell wrote: > I support adoption. > > On Tue, Nov 14, 2023 at 5:59 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> All, >> >> This is an *official* call for adoption for the *Identity Chaining * >> draft: >> >> https://

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

: OAuth On Behalf Of Dmitry Telegin Sent: Mittwoch, 15. November 2023 23:10 To: Pieter Kasselman Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - Transaction Tokens Not sure if I have formal right to vote, will just state that we are currently using something very similar internally, and

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

Wed, Nov 15, 2023 at 4:40 PM Pieter Kasselman > 40microsoft@dmarc.ietf.org> wrote: >> >>> I support adoption. >>> >>> >>> >>> *From:* OAuth *On Behalf Of *Rifaat Shekh-Yusef >>> *Sent:* Tuesday, November 14, 2023 12:58 PM

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

gt;> Dmitry >>> Backbase / Keycloak >>> >>> On Wed, Nov 15, 2023 at 4:40 PM Pieter Kasselman >> 40microsoft@dmarc.ietf.org> wrote: >>> >>>> I support adoption. >>>> >>>> >>>> >>>> *From:* O

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

e: >> >>> I support adoption. >>> >>> >>> >>> *From:* OAuth *On Behalf Of *Rifaat Shekh-Yusef >>> *Sent:* Tuesday, November 14, 2023 12:58 PM >>> *To:* oauth >>> *Subject:* [OAUTH-WG] Call for adoption - Tra

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

etc. > > Thanks, > Dmitry > Backbase / Keycloak > > On Wed, Nov 15, 2023 at 4:40 PM Pieter Kasselman 40microsoft@dmarc.ietf.org> wrote: > >> I support adoption. >> >> >> >> *From:* OAuth *On Behalf Of *Rifaat Shekh-Yusef >> *Sent:*

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

kbase / Keycloak On Wed, Nov 15, 2023 at 4:40 PM Pieter Kasselman wrote: > I support adoption. > > > > *From:* OAuth *On Behalf Of *Rifaat Shekh-Yusef > *Sent:* Tuesday, November 14, 2023 12:58 PM > *To:* oauth > *Subject:* [OAUTH-WG] Call for adoption - Transaction Token

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. On Tue, Nov 14, 2023 at 5:59 AM Rifaat Shekh-Yusef wrote: > All, > > This is an *official* call for adoption for the *Identity Chaining *draft: > > https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-identity-chaining/ > > Please, reply on the mailing list and let us

Re: [OAUTH-WG] Call for adoption - Transaction Token

I support adoption of the Transaction Token draft. - Mike -- Michael Schwartz Janssen Project Lackey https://github.com/JanssenProject/jans <--- Please Star on Github ___ OAuth mailing list OAuth@ietf.org htt

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. Get Outlook for iOS<https://aka.ms/o0ukef> From: OAuth on behalf of Pieter Kasselman Sent: Wednesday, November 15, 2023 8:41:28 AM To: rifaat.s.ietf ; oauth Subject: Re: [OAUTH-WG] Call for adoption - Identity Chaining I support ad

Re: [OAUTH-WG] Call for adoption - Identity Chaining

I support adoption. From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Tuesday, November 14, 2023 12:59 PM To: oauth Subject: [OAUTH-WG] Call for adoption - Identity Chaining All, This is an official call for adoption for the Identity Chaining draft: https://datatracker.ietf.org/doc/draft

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

I support adoption. From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Tuesday, November 14, 2023 12:58 PM To: oauth Subject: [OAUTH-WG] Call for adoption - Transaction Tokens All, This is an official call for adoption for the Transaction Tokens draft: https://datatracker.ietf.org/doc/draft

Re: [OAUTH-WG] Call for adoption - Identity Chaining

Rifaat Shekh-Yusef Date: Tuesday, November 14, 2023 at 4:59 AM To: oauth Subject: [EXTERNAL] [OAUTH-WG] Call for adoption - Identity Chaining CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the con

Re: [OAUTH-WG] Call for adoption - Transaction Tokens

Rifaat Shekh-Yusef Date: Tuesday, November 14, 2023 at 4:58 AM To: oauth Subject: [EXTERNAL] [OAUTH-WG] Call for adoption - Transaction Tokens CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the con

[OAUTH-WG] Call for adoption - Identity Chaining

All, This is an *official* call for adoption for the *Identity Chaining *draft: https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-identity-chaining/ Please, reply on the mailing list and let us know if you are in favor or against adopting this draft as WG document, by *Nov 28th.* Rega

[OAUTH-WG] Call for adoption - Transaction Tokens

All, This is an *official *call for adoption for the *Transaction Tokens *draft: https://datatracker.ietf.org/doc/draft-tulshibagwale-oauth-transaction-tokens/ Please, reply on the mailing list and let us know if you are in favor or against adopting this draft as WG document, by *Nov 28th*. Rega

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Regarding #1: We gathered a lot of feedback and many people agreed here ( https://github.com/vcstuff/draft-ietf-oauth-status-list/issues/74 ) that the title seems reasonable. If people do not agree now, I'm happy to discuss so in Prague. Regarding #2: I'm sorry that we forgot to publish -00

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

the adopted version, and then make > changes in a -01 version. > > > > Huge +1. > +1 > > Best, > > Kristina > > > > > > *From:* OAuth *On Behalf Of * Michael Jones > *Sent:* Monday, October 23, 2023 10:29 PM > *To:* rifaat.s.ietf ; Aaron Parecki <

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Jones Sent: Monday, October 23, 2023 10:29 PM To: rifaat.s.ietf ; Aaron Parecki Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List To Aaron’s naming points, I would be fine changing the title in the draft from “OAuth Status List” to “OAuth Token Status List”, if there’s w

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Behalf Of Rifaat Shekh-Yusef Sent: Monday, October 23, 2023 7:48 AM To: Aaron Parecki Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List I also noticed you didn't mark it as replacing the individual draft in datatracker. You can email supp...@ietf.org<mai

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

> > I also noticed you didn't mark it as replacing the individual draft in > datatracker. You can email supp...@ietf.org and request that they mark it > as replacing > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so > that the history tracks better. > I fixed that. Reg

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Hi  Aaron, Tobias, Paul, Christian, I just noticed the new working group adopted version of this draft: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ I posted this comment on Github, but I'll repeat it here for others. I find the new name "OAuth Status List" confusing. Whil

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Tobias, Paul, Christian, I just noticed the new working group adopted version of this draft: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ I posted this comment on Github, but I'll repeat it here for others. I find the new name "OAuth Status List" confusing. While I understand wa

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

All, Based on the feedback to this call for adoption, we declare this document adopted as a WG document. Authors, Please, submit this as a working group document at your earliest convenience. Regards, Rifaat & Hannes On Tue, Oct 3, 2023 at 8:51 PM John Bradley wrote: > +1 for adoption

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

As one of the authors of this draft, I support the adoption. Best regards, Paul ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

+1 for adoption On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *JWT and CWT Status List* > draft: > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ > > Please, reply *on the mailing list *and let us know i

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

+1 for the adoption so we can explore this as a WG document +1 to Brian's comment to consider the application to tokens in general (unless the authors have plans for JWT / CWT specific features) Vladimir Dzhuvinov On 03/10/2023 00:10, Brian Campbell wrote: I support adoption. I do think the

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

It's unfortunate that the spec does not cite previous work, which the authors and undoubtedly aware of, the same comment was made at the microphone at the last IETF. Orie is right that we have to take prior work into account. I am saying this in response to this call for adoption but it app

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

ate: Tuesday, 3 October 2023 at 2:41 AM To: Orie Steele , rifaat.s.ietf Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and k

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

: rifaat.s.ietf Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List I support adoption. We have implementations of a similar spec and we don't think it would be good for vendors to have to support both, but that's not under control of OAuth... we hope the

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

+1 Nat Sakimura On 2 Oct 2023, 22:11 +0100, Brian Campbell , wrote: > I support adoption. > > I do think the document would be more appropriately scoped with more focus on > the status list itself and less so on the JWT/CWT signed representations > thereof. As such, I'd suggest maybe using a le

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I am in favor of the adoption, with reservations and observations. My reservations and observations will be posted in another email under the following header: "Reservations and observations about draft JWT and CWT Status List" The basic idea looks useful for environments where:     - the

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption. I have questions about the specifics which I'll try to write up in the next week or so, but the basic idea seems useful. (The tl;dr of my thoughts is: have we learned everything we can do from the *many* iterations of similar mechanisms in the PKI space?) -- Neil > On 30 Se

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption. Joseph > On 30 Sep 2023, at 13:52, Rifaat Shekh-Yusef wrote: > > All, > > This is an official call for adoption for the JWT and CWT Status List draft: > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ > > Please, reply on the mailing list and let

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption. Am 30.09.23 um 14:52 schrieb Rifaat Shekh-Yusef: All, This is an official call for adoption for the *JWT and CWT Status List* draft: https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ Please, reply *on the mailing list *and let us know if you are in

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption. From: OAuth on behalf of Amir Sharif Sent: Saturday, September 30, 2023 7:45:04 AM To: Rifaat Shekh-Yusef ; oauth Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List I support the adoption. On Sat, 30 Sep 2023 at 16:41

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support the adoption Regards Il sab 30 set 2023, 14:53 Rifaat Shekh-Yusef ha scritto: > All, > > This is an official call for adoption for the *JWT and CWT Status List* > draft: > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ > > Please, reply *on the mailing list *

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support the adoption. On Sat, 30 Sep 2023 at 16:41, wrote: > +1 for adoption > Am 30. Sept. 2023, 15:33 +0200 schrieb Aaron Parecki 40parecki@dmarc.ietf.org>: > > I support adoption > > > On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> All, >> >

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

+1 for adoption Am 30. Sept. 2023, 15:33 +0200 schrieb Aaron Parecki : > I support adoption > > > > On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef > > wrote: > > > All, > > > > > > This is an official call for adoption for the JWT and CWT Status List > > > draft: > > > https://datatracker.i

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *JWT and CWT Status List* > draft: > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ > > Please, reply *on the mailing list *and let us

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption. We have implementations of a similar spec and we don't think it would be good for vendors to have to support both, but that's not under control of OAuth... we hope there will be significant improvements made, after adoption to justify a separate spec, aside from CWT being gener

[OAUTH-WG] Call for adoption - JWT and CWT Status List

All, This is an official call for adoption for the *JWT and CWT Status List* draft: https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ Please, reply *on the mailing list *and let us know if you are in *favor *or* against *adopting this draft as WG document, by *Oct 13th*. R

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I too have these open questions: https://mailarchive.ietf.org/arch/msg/oauth/NLj-xnAZ4BtFs9z62OzCro4xxoc/ But I hope they are answered as the draft progresses in the WG. On Wed, Sep 6, 2023 at 7:08 AM Brian Campbell wrote: > I did have a few unanswered comments/questions on the draft > https://m

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I did have a few unanswered comments/questions on the draft https://mailarchive.ietf.org/arch/msg/oauth/LA6sqNOV98D7wP44p2Hl6dpSmtg/ that hopefully can be addressed as it progresses. On Wed, Sep 6, 2023 at 5:50 AM Rifaat Shekh-Yusef wrote: > All, > > Based on the responses on this thread, we dec

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

All, Based on the responses on this thread, we declare the *Protected Resource Metadata* draft adopted as a WG document. Authors, Feel free to submit a WG document at your convenience. Regards, Rifaat & Hannes On Mon, Aug 28, 2023 at 5:28 AM Takahiko Kawasaki wrote: > I support adoption.

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Hi all, I have a couple of questions about the OPRM draft. 1. If I have a resource server that has multiple endpoints, each of which require different scopes, how should those be handled? For example, in the SSF spec, the SSF Transmitter has a Create Stream endpoint and a Polling endp

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. In the past, when considering the encryption of JWT access tokens, I learned that the draft regarding the metadata of the resource server had expired, which was disappointing. For an authorization server to encrypt an access token with an asymmetric algorithm, it must obtain a

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

+1 Am 28.08.23 um 10:33 schrieb Joseph Heenan: I support adoption. Joseph On 23 Aug 2023, at 20:01, Rifaat Shekh-Yusef wrote: All, This is an official call for adoption for the *Protected Resource Metadata* draft: https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ P

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. Joseph > On 23 Aug 2023, at 20:01, Rifaat Shekh-Yusef wrote: > > All, > > This is an official call for adoption for the Protected Resource Metadata > draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Right. It’s worth noting that many endpoints already publish similar metadata via OpenAPI (Swagger) API descriptions.NeilOn 27 Aug 2023, at 19:42, Dick Hardt wrote:For many resources, the information is already disclosed. What is excessive to you might be crucial to others -- and my use case, the

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

For many resources, the information is already disclosed. What is excessive to you might be crucial to others -- and my use case, the disclosure is crucial. Extrapolating your basis for objecting, that another endpoint provides additional attack surface, we would not do ANY new endpoints or functi

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Hi Dick, My previous emails do not even obliquely refer to security by obscurity. It is about design patterns and excessive information disclosure. Regards Jaimandeep Singh On Sat, 26 Aug, 2023, 8:27 pm Dick Hardt, wrote: > Jaimandeep: Do I understand your objection to adoption is that providi

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

The security reason for exclusion of error codes and other information is that the data helps the attacker subvert the app. I continue my attempt to avoid helping the attacker. thx ..Tom (mobile) On Sat, Aug 26, 2023, 7:58 AM Dick Hardt wrote: > Jaimandeep: Do I understand your objection to ado

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Jaimandeep: Do I understand your objection to adoption is that providing a resource discovery endpoint increases the attack surface as an attacker gains knowledge about the resource? If I understand that correctly, then you are suggesting security through obscurity. As mentioned by Aaron, there i

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Hi Aaron, Thx for your suggestions. I have reviewed the recordings and I would suggest following: 1. Design Consideration: The two components of the OAuth 2.0 ecosystem authorization server (step 1) and protected resource server (step 2) may appear independent, but from systems perspective there

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Hi Jaimandeep, As with many OAuth extensions, this is not obligatory to implement unless you need the functionality it provides. Many of the concerns you mention are referenced in the security considerations section of the draft already, and we would of course be happy to further expand that secti

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption On Aug 23, 2023, at 3:01 PM, Rifaat Shekh-Yusef wrote: All, This is an official call for adoption for the Protected Resource Metadata draft: https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ Please, reply on the mailing list and let us know if you

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I do not support the adoption because of following: 1. Increased Attack Surface and Information Disclosure: The proposed draft inherently expands the attack surface by allowing the retrieval of detailed information about the protected resources held with a particular resource server, as outlined i

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. > On 23 Aug 2023, at 20:02, Rifaat Shekh-Yusef wrote: > >  > All, > > This is an official call for adoption for the Protected Resource Metadata > draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and let

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption On Fri, Aug 25, 2023 at 5:09 PM John Bradley wrote: > I support addoption > > On Aug 23, 2023, at 3:01 PM, Rifaat Shekh-Yusef > wrote: > > All, > > This is an official call for adoption for the *Protected Resource > Metadata* draft: > https://datatracker.ietf.org/doc/draft-jo

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support addoption > On Aug 23, 2023, at 3:01 PM, Rifaat Shekh-Yusef > wrote: > > All, > > This is an official call for adoption for the Protected Resource Metadata > draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and let

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption too24 aug. 2023 kl. 08:31 skrev Vladimir Dzhuvinov : I support adoption. Vladimir Dzhuvinov On 23/08/2023 20:01, Rifaat Shekh-Yusef wrote: All, This is an official call for adoption for the

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. Vladimir Dzhuvinov On 23/08/2023 20:01, Rifaat Shekh-Yusef wrote: All, This is an official call for adoption for the *Protected Resource Metadata* draft: https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ Please, reply on the mailing list and let us kn

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption > On Aug 23, 2023, at 11:44 PM, Aaron Parecki > wrote: > > I support adoption. > > Aaron > > > On Wed, Aug 23, 2023 at 8:02 PM Rifaat Shekh-Yusef > wrote: >> All, >> >> This is an official call for adoption for the Protected Resource Metad

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

ose anything about it. Thank you. Please note that > this communication does not designate an information system for the > purposes of the Electronic Transactions Act 2002. > > > > *From: *OAuth on behalf of Heather Flanagan < > h...@sphericalcowconsulting.com> >

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. Aaron On Wed, Aug 23, 2023 at 8:02 PM Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *Protected Resource > Metadata* draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

st 2023 at 10:51 AM To: Steinar Noem , oauth Subject: Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Hi all, I

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Hi all, I have to chime in on this one. +1 to supporting it for adoption! -Heather > On Aug 23, 2023, at 3:46 PM, Steinar Noem wrote: > > I support adoption > > ons. 23. aug. 2023 kl. 20:03 skrev Rifaat Shekh-Yusef > mailto:rifaat.s.i...@gmail.com>>: >> All, >> >> This is an official call f

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption ons. 23. aug. 2023 kl. 20:03 skrev Rifaat Shekh-Yusef < rifaat.s.i...@gmail.com>: > All, > > This is an official call for adoption for the *Protected Resource > Metadata* draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mai

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. Nicole ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption Mike Prorock CTO - mesur.io On Wed, Aug 23, 2023, 16:21 Giuseppe De Marco wrote: > Hi, > I support the adoption. > > Il mer 23 ago 2023, 21:02 Rifaat Shekh-Yusef ha > scritto: > >> All, >> >> This is an official call for adoption for the *Protected Resource >> Metadata* draf

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

Hi, I support the adoption. Il mer 23 ago 2023, 21:02 Rifaat Shekh-Yusef ha scritto: > All, > > This is an official call for adoption for the *Protected Resource > Metadata* draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and l

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Wednesday, August 23, 2023 8:02 PM To: oauth Subject: [OAUTH-WG] Call for adoption - Protected Resource Metadata All, This is an official call for adoption for the Protected Resource Metadata draft: https

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

> *To:* Rifaat Shekh-Yusef > *Cc:* oauth > *Subject:* Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata > > I support adoption. > > On Wed, Aug 23, 2023 at 12:02 PM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > > All, > > This is

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. -- Mike From: OAuth on behalf of Dick Hardt Sent: Wednesday, August 23, 2023 8:09:46 PM To: Rifaat Shekh-Yusef Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata I support adoption. On Wed, Aug 23, 2023

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. On Wed, Aug 23, 2023 at 12:02 PM Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *Protected Resource > Metadata* draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and let us

[OAUTH-WG] Call for adoption - Protected Resource Metadata

All, This is an official call for adoption for the *Protected Resource Metadata* draft: https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ Please, reply on the mailing list and let us know if you are in favor of adopting this draft as WG document, by *Sep 6th.* Regards, Rifaa

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

Congratulations! On Aug 11, 2023 22:19 +0900, Oliver Terbu , wrote: > Thank you very much! We greatly appreciate your insightful feedback and > continuous support. As we move forward, we are fully committed to diligently > refining the document to meet the rigorous technical standards upheld by t

  1   2   3   4   5   6   7   >