Not true John, the CTAP support that is current would support the web-view w/o
any changes
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
Sent: Monday, March 6, 2017 12:16 PM
To: Hannes Tschofenig
Cc: internet-dra...@ietf.org; oauth@ietf.org
Sub
I'm still getting feedback on the Windows examples that are pointed to by the
spec, since it's not a simple case on Windows
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Monday, March 6, 2017 8:00 AM
To: oauth@ietf.org
Subject: [OAUTH
Hi Tony
thanks for the feedback. I have requested publication of the document a
few minutes ago already and we will incorporate any remarks from my
co-workers as part of the IETF-wide last call.
Ciao
Hannes
On 03/07/2017 09:17 AM, Anthony Nadalin wrote:
> I'm still getting feedback on the Window
Hi Nat,
I see that you are now back to the list.
Please take note that "draft-ietf-oauth-signed-http-request-03.txt" has
expired on February 9, 2017 .
You said: "perhaps change ts to string to accommodate nonce like string"
In this draft, ts is defined as:
ts RECOMMENDED. The timestamp.
Thanks Denis,
Yes. As currently specified, ts is an integer. My previous mail requested
it to be string instead so that I can used it as a nonce generated in the
style of H(timestamp|client_id|key) etc. I agree this is the place to
discuss replay protection etc. (Not in JAR, which is just a contai
What you describe as your minimum case is what I intended to be the
minimum case for this document. I opted to put the token inside the
payload instead of a hash because then we wouldn't need an additional
header to carry the token, and the client wouldn't be required to do an
additional crypto
You're right, Stephen. Re-reading the spec, it doesn't say that, and it
should. Sometimes it takes someone giving a spec a fresh read to uncover
things that the authors understood and intended but failed to be captured in
the text. This is such a case - so thanks.
I'll add this information,
Hi John, Mike, Nat,
I am working on the shepherd writeup for the "OAuth 2.0 Authorization
Server Metadata" document:
https://tools.ietf.org/html/draft-ietf-oauth-discovery-05
One item in the template requires me to indicate whether each document
author has confirmed that any and all appropriate I
I have no IPR disclosures to make.
John B.
> On Mar 7, 2017, at 2:50 PM, Hannes Tschofenig
> wrote:
>
> Hi John, Mike, Nat,
>
> I am working on the shepherd writeup for the "OAuth 2.0 Authorization
> Server Metadata" document:
> https://tools.ietf.org/html/draft-ietf-oauth-discovery-05
>
> On
I am aware of no IPR encumbrances for this specification.
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
Sent: Tuesday, March 7, 2017 10:02 AM
To: Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 Authorization Server Metadata
On 07/03/17 17:17, Mike Jones wrote:
> You're right, Stephen. Re-reading the spec, it doesn't say that, and
> it should. Sometimes it takes someone giving a spec a fresh read to
> uncover things that the authors understood and intended but failed to
> be captured in the text. This is such a ca
Hi all,
here is the write-up:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_Metadata.txt
I need your feedback on the following issues:
1) Implementation & deployment status of the spec
2) Working group summary (see below)
(Particularly asking Phi
Replies inline...
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Tuesday, March 7, 2017 10:46 AM
To: oauth@ietf.org; Phil Hunt
Subject: [OAUTH-WG] Shepherd writeup for OAuth 2.0 Authorization Server Metadata
Hi all,
here is the write-
Hi Mike
thanks for the quick response and for the wording suggestions.
Regarding the implementations are OpenID Connect implementations
required to implement this functionality?
On 03/07/2017 07:58 PM, Mike Jones wrote:
> 1) Implementation & deployment status of the spec
>
> Microsoft has at le
OpenID Connect implementations are not required to implement this functionality
but most do, by virtue of implementing the OpenID Connect metadata specified in
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata.
The OAuth AS Metadata spec is intentionally compatible wit
That is theory that CTAP should let web-views work.
I just ran a test on the current shipping Android build. U2F is only working
from the View controller and system browser.
Web-view is not currently exposing CTAP.
I believe that is also the case on iOS, but haven't built a app to test it.
16 matches
Mail list logo
