[OAUTH-WG] Question for encrypted POP Key

I am trying to deal with some of the various confirmation methods for a POP token. The question that I have is about the format of the JOSE Encrypted value to be used. The document has an example of a compact serialization for this concept, it does not have an example of a JSON serialization. T

Re: [OAUTH-WG] Question for encrypted POP Key

Never mind, I just saw the answer. -Original Message- From: Jim Schaad Sent: Monday, January 20, 2020 10:57 AM To: 'draft-ietf-oauth-proof-of-possess...@ietf.org' Cc: 'oauth' Subject: Question for encrypted POP Key I am trying to deal with some of the various conf

[OAUTH-WG] Refreshing tokens on the RS

Over in the ACE working group we are currently having a discussion about refreshing tokens on an RS. I want to make sure that this is not something that this working group has already solved. The basic scenario is: 1. Client gets token T1 and posts it to the RS 2. After some time the RS return

[OAUTH-WG] FW: [jose] Cross group Working Group Last Call - draft-ietf-jose-jws-sigining-input-otpions

> -Original Message- > From: Jim Schaad [mailto:i...@augustcellars.com] > Sent: Wednesday, October 21, 2015 3:33 PM > To: 'o...@ietf.org' > Cc: 'j...@ietf.org' > Subject: RE: [jose] Cross group Working Group Last Call - draft-i

Re: [OAUTH-WG] [Ace] New OAuth client credentials RPK and PSK

How is this draft supposed to interact with draft-gerdes-ace-dtls-authorize? Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman Sent: Friday, May 12, 2017 1:03 AM To: ; ace Cc: Ludwig Seitz Subject: [Ace] New OAuth client credentials RPK and PSK Hi ACE and OAu

Re: [OAUTH-WG] [jose] preventing confusion of one kind of JWT for another in JWT BCP

One simple way to implement it would be to have an call which says “I will deal with the following items if they exist”. This means that all the application needs to do is to say that it will process p and not what values are acceptable. Jim From: jose [mailto:jose-boun...@ietf.org] O

[OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq

As part of looking at the issues of using CWTs for this purpose I did some more reading of the document. I am having a problem with the understanding the reasons for using JWT as opposed to just saying that you are going to use JWS and JWE. There is nothing in this section that I can see that poi

Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq

base OAuth design and thus part of the OAuth registry? Jim From: Mike Jones Sent: Wednesday, October 31, 2018 9:18 AM To: Jim Schaad ; draft-ietf-oauth-jws...@ietf.org Cc: 'oauth' Subject: RE: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq JWT defines a number of stand