[OAUTH-WG] Re: Call for adoption - PIKA

I support adoption. Joe On Wed, Sep 4, 2024 at 7:50 AM Joel Kamp wrote: > I support adoption. > > On Tue, Sep 3, 2024 at 5:49 AM Rifaat Shekh-Yusef > wrote: > >> All, >> >> As per the discussion in Vancouver, this is a call for adoption for the >> *Proof >> of Issuer Key Authority (PIKA) *dra

Re: [OAUTH-WG] Secdir last call review of draft-ietf-oauth-access-token-jwt-11

On Sat, Feb 20, 2021 at 12:42 AM Vittorio Bertocci < vittorio.berto...@auth0.com> wrote: > Thank you Joseph for your comments! > > [Joe] Thanks for your response, comments inline below: > > 1. (Editorial) What is the relationship between this document and RFC > 7523. > > They are using JWT fo

Re: [OAUTH-WG] Signed JWK Sets

I think Signed JWK sets are useful and would like to see them used in more use cases so separating out the specifications seems like a good idea. We will have to be careful specify what security and deployment properties you are trying to achieve in different use cases. On Tue, Mar 19, 2024 at 11

Re: [OAUTH-WG] Transaction Tokens issuance in the absence of incoming token

Hi Atul, I'm just starting to review the transaction tokens draft and have only a minimal understanding of the token exchange document at this point so I'm lacking a little background, but I have a few comments and questions below. On Fri, Mar 29, 2024 at 10:39 AM Atul Tulshibagwale wrote: > Hi

[OAUTH-WG] Comments on draft-ietf-oauth-transaction-tokens-01

I have reviewed the Transaction Token document. In general I think it is a needed document and I am glad there is work in this area. I have some questions and comments below: 1. Section 4 defines Trust Domain and seems to point to RFC 7519. I couldn't find any reference to trust domain in 7519.

Re: [OAUTH-WG] Signed JWK Sets

The mechanism in the draft provides some separation between the trust establishment and distribution which is useful. This is definitely applicable to the use cases described in the draft and I agree with Ethan that it can help in other areas as well depending upon how things are deployed. I supp

[OAUTH-WG] Re: Call for adoption - PIKA

Sorry to chime in late here. I'm in favor of adopting this draft. While I realize that X.509 isn't for everyone, there is an established community of users out there that overlaps with OAUTH users. I think there are needs to both separate the distribution of the keys from the establishment of tru

[OAUTH-WG] Secdir last call review of draft-ietf-oauth-access-token-jwt-11

Reviewer: Joseph Salowey Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document ed

[OAUTH-WG] Secdir telechat review of draft-ietf-oauth-access-token-jwt-12

Reviewer: Joseph Salowey Review result: Ready Thank you authors. This version addresses all my comments. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth