Re: [OAUTH-WG] Meeting Minutes

Happy holidays! > > From: Torsten Lodderstedt > Sent: Saturday, December 21, 2019 10:59 AM > To: Hannes Tschofenig > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] Meeting Minutes > > With respect to Rich Authorization Requests, the minutes state that a call > for

Re: [OAUTH-WG] Meeting Minutes

, December 21, 2019 10:59 AM To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes With respect to Rich Authorization Requests, the minutes state that a call for adoption will be sent to the list. When will this call for adoption being sent to the list? Am 03.12.2019 um 09

Re: [OAUTH-WG] Meeting Minutes

With respect to Rich Authorization Requests, the minutes state that a call for adoption will be sent to the list. When will this call for adoption being sent to the list? > Am 03.12.2019 um 09:26 schrieb Hannes Tschofenig : > >  > Here are the meeting minutes from the Singapore IETF meeting: >

Re: [OAUTH-WG] Meeting Minutes

+1 to adopting PAR. For RAR I have a number of questions myself with the approach and with some of the ramifications. I’m most concerned with the coupling of business-specific presentation, process validation and workflow within the AS, but also with the mixing of single transactional approval

Re: [OAUTH-WG] Meeting Minutes

;> >> – >> >> Annabelle Richard Backman >> >> AWS Identity >> >> >> >> >> >> *From:* OAuth on behalf of Justin Richer < >> jric...@mit.edu> >> *Date:* Monday, December 16, 2019 at 12:36 PM >> *To:* Bri

Re: [OAUTH-WG] Meeting Minutes

abelle Richard Backman > > AWS Identity > > > > > > *From:* OAuth on behalf of Justin Richer < > jric...@mit.edu> > *Date:* Monday, December 16, 2019 at 12:36 PM > *To:* Brian Campbell > *Cc:* "oauth@ietf.org" > *Subject:* Re: [OAUTH-WG] Meeting Minute

Re: [OAUTH-WG] Meeting Minutes

onday, December 16, 2019 at 12:36 PM > *To: *Brian Campbell > *Cc: *"oauth@ietf.org" > *Subject: *Re: [OAUTH-WG] Meeting Minutes > > > > +1 to this. My take away was that PAR was pretty clear for adoption right > now, RAR had interest but more question/debate. >

Re: [OAUTH-WG] Meeting Minutes

+1 to this. My take away was that PAR was pretty clear for adoption right now, RAR had interest but more question/debate. FWIW I’m in favor of both of them. — Justin > On Dec 16, 2019, at 11:26 AM, Brian Campbell > wrote: > > With respect to the Pushed Authorization Requests (PAR) draft th

Re: [OAUTH-WG] Meeting Minutes

With respect to the Pushed Authorization Requests (PAR) draft the minutes do capture an individual comment that it's a "no brainer to adopt this work" but as I recall there was also a hum to gauge the room's interest in adoption, which was largely in favor of such. Of course, one hum in Singapore i

Re: [OAUTH-WG] Meeting Minutes

, 2016 5:17 PM To: hannes.tschofe...@gmx.net; bcampb...@pingidentity.com Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes Different people, different perceptions :-) But anyway, the discussion on the list has already started, right? Originalnachricht Betreff: Re

Re: [OAUTH-WG] Meeting Minutes

On 04/19/2016 10:17 AM, tors...@lodderstedt.net wrote: > But anyway, the discussion on the list has already started, right? I triggered the discussion since I believe it is a worthwhile topic to think about and, given that it is a bigger decision, we should be mindful about the direction we take

Re: [OAUTH-WG] Meeting Minutes

Different people, different perceptions :-) But anyway, the discussion on the list has already started, right? Originalnachricht Betreff: Re: [OAUTH-WG] Meeting Minutes Von: Hannes Tschofenig An: Brian Campbell ,Torsten Lodderstedt Cc: oauth@ietf.org >Hi Torsten, >

Re: [OAUTH-WG] Meeting Minutes

Hi Torsten, On 04/19/2016 12:34 AM, Brian Campbell wrote: > > I felt some consensous around the topic that in the end, there must be > normative chances to the core protocol and the respective security > considerations. > > Barry gave his advice regarding updates in this context. There was no con

Re: [OAUTH-WG] Meeting Minutes

There were multiple options discussed in the meeting and on the emails. I noticed there was strong support for consolidation if there is an opportunity to reduce the number of RFCs developers have to pay attention to. This is where Barry commented that there are differences between a 6749bis, v

Re: [OAUTH-WG] Meeting Minutes

I recall +1’ing that idea in the chat. It’s an “updates” to 6819 at least. — Justin > On Apr 18, 2016, at 6:34 PM, Brian Campbell > wrote: > > Yeah, as I recall, there was at least some support around the idea of an > "enhanced OAuth security" document. > > On Sun, Apr 17, 2016 at 2:46 AM

Re: [OAUTH-WG] Meeting Minutes

Yeah, as I recall, there was at least some support around the idea of an "enhanced OAuth security" document. On Sun, Apr 17, 2016 at 2:46 AM, Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi all, > > the security discussion started with mix up and cut and paste, but we had > a much broa

Re: [OAUTH-WG] Meeting Minutes

Hi all, the security discussion started with mix up and cut and paste, but we had a much broader discussion including further issues, such as open redirector. I suggested to merge all threats we are currently discussing into a single document in order to come up with a consolidated view on "enh

Re: [OAUTH-WG] Meeting Minutes

That’s correct, we’ve filed an issue in our project to track its eventual implementation: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1055 — Justin > On Apr 11, 2016, at 8:21 AM

Re: [OAUTH-WG] Meeting Minutes

Under the Token Exchange part it says, "Jim Fenton: we have implmentation that could be adapted to this." but, as I recall, Jim was not speaking for himself there but rather on behalf of Justin via the Jabber room. On Wed, Apr 6, 2016 at 11:43 AM, Hannes Tschofenig < hannes.tschofe...@gmx.net> w

Re: [OAUTH-WG] Meeting Minutes

>> John Bradley sang a few notes from the Sound of Music to end the meeting. Were the hills alive? :) -gil -Original Message- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Thursday, April 7, 2016 3:14 AM To: oauth@ietf.org Subject: [OAUTH-WG] Meeting Mi

Re: [OAUTH-WG] Meeting Minutes

My sense of the consensus in the room is as Justin describes it. On Sat, Jul 25, 2015 at 9:14 AM, Justin Richer wrote: > > Consensus: For use of existing params defined in OAuth, while allowing > some to be optional when not needed. > > That was not the consensus as I understood it in the room.

Re: [OAUTH-WG] Meeting Minutes

> Consensus: For use of existing params defined in OAuth, while allowing some > to be optional when not needed. That was not the consensus as I understood it in the room. The consensus was the first portion, as originally noted. The second portion was Mike’s requested amendment, and it (and oth

Re: [OAUTH-WG] Meeting Minutes

Good notes. Please apply the following fixes to them... To the list of new OAuth RFCs since the last meeting please also add: draft-ietf-oauth-json-web-token draft-ietf-oauth-saml2-bearer draft-ietf-oauth-jwt-bearer Please change: Mike: If the access_token is used

Re: [OAUTH-WG] Meeting Minutes

Hi Antonio, thanks for raising this issue and for pointing to the relevant email exchange. Let me figure out the schedule for getting this issue resolved. I believe we could cover this topic in one of our conference calls (for which I have to distribute a poll first). I believe it is important t

Re: [OAUTH-WG] Meeting Minutes

hi Hannes , thanks for sharing the minutes. about == John reported a security problem where a 302 redirect without user interaction causes security problems. Do we want to say somthing about this? Implementation guidance somewhere? Chairs: Is this written up? John: Yes, on mailing list.

Re: [OAUTH-WG] Meeting Minutes

Hi Mike, Hi Brian, I have updated the meeting minutes based on your requests. Here is the updated version: http://www.ietf.org/proceedings/91/minutes/minutes-91-oauth Ciao Hannes On 11/14/2014 08:43 PM, Mike Jones wrote: > Please change "jwt-req-request" to "jwt-reg-review", per > https://tool

Re: [OAUTH-WG] Meeting Minutes

Please change "jwt-req-request" to "jwt-reg-review", per https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-10.1. Other than that, the minutes look good. Thanks, -- Mike -Original Message- From: OAuth [m

Re: [OAUTH-WG] Meeting Minutes

t; Original message > From: Brian Campbell > Date:11/14/2014 4:26 AM (GMT-10:00) > To: Hannes Tschofenig > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] Meeting Minutes > > My question was not really about the status of > draft-bradley-oauth-stateless-client

Re: [OAUTH-WG] Meeting Minutes

ose two options together. -- Justin / Sent from my phone / Original message From: Brian Campbell Date:11/14/2014 4:26 AM (GMT-10:00) To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes My question was not really about the status of draf

Re: [OAUTH-WG] Meeting Minutes

My question was not really about the status of draft-bradley-oauth-stateless-client-id but rather about draft-ietf-oauth-dyn-reg-management allowing for the kind of stateless client id that Bradley described in his draft. And draft-ietf-oauth-dyn-reg-management still has text that says, 'The value

Re: [OAUTH-WG] Meeting Minutes - IETF#83

Also, FYI, the audio recording of the meeting is available here: http://www.ietf.org/audio/ietf83/ietf83-252a-20120329-1256-pm.mp3 -derek On Wed, April 4, 2012 12:01 pm, Hannes Tschofenig wrote: > Hey guys, > > Derek took notes during the meeting and I polished them a bit. > > Have a look at the