That works for me
On Wed, Mar 21, 2018 at 7:34 PM, Torsten Lodderstedt <
tors...@lodderstedt.net> wrote:
> Hi all,
>
> thanks for your feedback. Here is my text proposal for section 3.8.1.
>
> ——
>
> Attackers could try to utilize a user's trust in the authorization
>server (and its URL in pa
Torsten,
Great document!
Some minor nits and comments:
Abstract - double period after first sentence.
> It updates and extends the OAuth 2.0 Security Threat Model to
>incorporate practical experiences gathered since OAuth 2.0 was
>published and cover new threats relevant due to the broa
I propose that the following text be added to address your comment, Brian.
Does this text work for you?
When applying explicit typing to a Nested JWT, the "typ" header parameter
containing the explicit type value MUST be present in the inner JWT of the
Nested JWT (the JWT whose payload is the
I like the new text, it frames the error better and puts it in the context
where it’s likely to be exploited. IE, newly dynamically registered clients
shouldn’t be trusted as much as others.
— Justin
> On Mar 22, 2018, at 8:16 AM, Brian Campbell
> wrote:
>
> That works for me
>
> On Wed, M
Yeah, I think that works. Thanks.
On Thu, Mar 22, 2018 at 2:16 PM, Mike Jones
wrote:
> I propose that the following text be added to address your comment,
> Brian. Does this text work for you?
>
>
>
> When applying explicit typing to a Nested JWT, the "typ" header parameter
> containing the exp
Hey
After presenting the flow yesterday, I've submitted the first draft:
https://tools.ietf.org/html/draft-seamless-flow-00
I tried to answer all the question that raised during the session.
Looking forward to hear your feedback.
Omer
___
OAuth mailing li
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : JSON Web Token Best Current Practices
Authors : Yaron Sheffer
Dick Hardt
