Hi all,
this is a working group last call for "OAuth 2.0 Security Best Current
Practice".
Here is the document:
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13
Please send you comments to the OAuth mailing list by Nov. 27, 2019.
(We use a three week WGLC because of the IETF meet
Hi,
Please find my feedback on the first 10 pages below.
Hans.
Overall:
- grammar in the first sections: there's a lot of comma-separated sentences
that could/should be reworked by a native speaker
- perhaps readers guidance pointing developers straight to section 3. as
Torsten said on the call
All,
The following is our draft agenda for the two sessions in Singapore:
*Wednesday’s Agenda*
Chairs Update (15 min)
Security Topics – Torsten (15 min)
Browser-based Apps – Aaron (30 min)
TXAuth update – Dick/Justin (15 min)
DPoP – Brian (15 min)
*Thursday’s Agenda*
Rich Authorization – Tors
Hi,
This is my first time reviewing a document or responding to the group. So,
with that introduction feel free to guide me along the way.
Reading through the document, I had a few high-level questions first. I
will have more detailed comments later, once I know I'm on the right track
and I assum
1. Normative MUST/REQUIRED is fine in a BCP.
2. This is not the definitive list, but instead the best list of things that we
have at this time. There will be more attacks, and more mitigations for those
attacks.
— Justin
> On Nov 6, 2019, at 3:16 PM, Jared Jennings wrote:
>
> Hi,
>
> This
On Wed, Sep 25, 2019 at 3:54 PM Brian Campbell wrote:
> Just noticed that something is missing in
> https://tools.ietf.org/html/draft-ietf-oauth-incremental-authz-02#section-5
> where it has just, "(Section 4.1.4 of )"
>
Thank you for catching this Brian. It was meant to read Section 4.1.4 of
RF
