Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration

+1 Sent from my iPhone On 21 maj 2013, at 00:21, "nov matake" mailto:mat...@gmail.com>> wrote: +1 On 2013/05/21, at 5:23, Edmund Jay mailto:e...@mgi1.com>> wrote: +1 for keeping names as is. From: Justin Richer mailto:jric...@mitre.org>> To: "oauth@ietf.org

Re: [OAUTH-WG] Proposed Syntax Changes in Dynamic Registration

As an implementor like Justin, I see no problem with changing "expires_at" and "issued_at" to the values proposed below. It's a minor code change and I don't have a large deployment to deal with. I also agree with Justin and Phil about "token_endpoint_auth_method". 22 maj 2013 kl. 20:34 skrev Ph

Re: [OAUTH-WG] Mix-Up About The Mix-Up Mitigation

And I agree with Phil’s agreement with Brian :-) I should also add that I during the last part of the meeting and on my flight home afterwards implemented the techniques I felt we had come to an agreement on at the meeting. That is the new authorization request response parameters iss and clien

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Mix-Up Mitigation

+1 for adoption > 21 jan 2016 kl. 07:14 skrev Antonio Sanso : > > +1 for adoption > On Jan 19, 2016, at 12:49 PM, Hannes Tschofenig > wrote: > >> Hi all, >> >> this is the call for adoption of OAuth 2.0 Mix-Up Mitigation, see >> https://tools.ietf.org/html/draft-jones-oauth-mix-up-mitigation-

Re: [OAUTH-WG] Call for adoption: OAuth 2.0 for Native Apps

+1 for adoption > 21 jan 2016 kl. 07:11 skrev William Denniss : > > I believe this is important work. > > The original OAuth 2 spec left the topic of native apps largely undefined > which is fair enough, the mobile-first revolution had yet to really take hold > and people didn't have much impl

Re: [OAUTH-WG] Second OAuth 2.0 Mix-Up Mitigation Draft

+1 :-) > 22 jan 2016 kl. 20:05 skrev George Fletcher : > > Isn't that your department Paul? I have high expectations! > > On 1/22/16 2:00 PM, Paul Madsen wrote: >> tshirt or it didnt happen >> >> On 1/22/16 1:57 PM, John Bradley wrote: >>> Now that we have a cool name all we need is a logo for

Re: [OAUTH-WG] PKCE & Hybrid Flow

> 27 jan. 2016 kl. 13:51 skrev John Bradley : > > It is confusing that the value is a string that is order independent based on > space breaks, rather than a space separated list of responses requested. Absolutely, I’ve always found that completely broken. > Changing it now may be more trouble

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Security: OAuth Open Redirector

+1 > 4 feb 2016 kl. 07:25 skrev Mike Jones : > > I support adoption of this document by the working group. > > -- Mike > > -Original Message- > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Tuesday, January 19, 2016 3:48

Re: [OAUTH-WG] Call for Adoption: Authentication Method Reference Values

+1 > 20 jan 2016 kl. 23:07 skrev John Bradley : > > So if this is scoped to be a registry for the values of a JWT claim then it > is fine. > We should discourage people from thinking that it is part of the OAuth > protocol vs JWT claims. > > John B. > >> On Jan 20, 2016, at 6:29 PM, Mike Jone

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Device Flow

+1 > 4 feb 2016 kl. 07:26 skrev Mike Jones : > > I support adoption of this document by the working group. > > -- Mike > > -Original Message- > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Tuesday, January 19, 2016 3:48

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery

> 3 feb 2016 kl. 00:48 skrev Phil Hunt : > > > Item 2: rel value for webfinger > It seems to me while the discovery requirements for plain OAuth and OIDC are > the same for today that might not always be true. What will happen if OIDC > wants to add more stuff? Will plain oAuth sites have t

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Discovery

+1 > 4 feb 2016 kl. 08:10 skrev Phil Hunt : > > +1 for adoption. > > However I would like a rel value distinct from OpenID (see separate email). > While the mechanics of discovery is the same, I believe some clients will > want to distinguish between OAuth AS’s and OIDC OPs. Further, I would

Re: [OAUTH-WG] OAuth PoP Implementation

So, I’ve done the ’client creates key pair’ version instead :-/ For those who can read and understand Python you can find me implementation attempt on github as an extension to my oauth2/oidc implementation (https://github.com/rohe/pyoidc). You can look at the necessary support methods in: http

Re: [OAUTH-WG] Call for Adoption: Stateless Client Identifier for OAuth 2

+1 > 6 feb 2016 kl. 19:56 skrev William Denniss : > > +1 to adopt. > > I don't think we're planning to use this, but it looks useful and doesn't > harm interoperability so I support it. > > On Sat, Feb 6, 2016 at 3:43 AM, Torsten Lodderstedt > wrote: > +1 > > > Am 04.02.2016 um 17:37 schri

Re: [OAUTH-WG] Authentication Method Reference Values: Call for Adoption Finalized

+1 > 12 feb 2016 kl. 16:58 skrev John Bradley : > > +1 to adopt this draft. > >> On Feb 12, 2016, at 3:07 AM, Mike Jones wrote: >> >> Draft -05 incorporates the feedback described below - deleting the request >> parameter, noting that this spec isn't an encouragement to use OAuth 2.0 for >>

Re: [OAUTH-WG] Fixing the Authorization Server Mix-Up: Call for Adoption

In line ! > 22 feb 2016 kl. 05:08 skrev John Bradley : > >> On Feb 22, 2016, at 9:22 AM, Nat Sakimura wrote: >> >> The risk impact of [case2] is more OAuth specific. The token is stolen as >> the token is going to be sent to a rogue resource, and the resource can use >> that to obtain the res

Re: [OAUTH-WG] OAuth 2.0 Discovery Location

+1 > 29 feb. 2016 kl. 15:41 skrev Brian Campbell : > > +1 > > On Fri, Feb 19, 2016 at 9:28 PM, Vladimir Dzhuvinov > wrote: > +1 > > On 19/02/16 23:59, Justin Richer wrote: > > The newly-trimmed OAuth Discovery document is helpful and moving in the > > right d

Re: [OAUTH-WG] Working Group Last Call on OAuth 2.0 Discovery

I support this document being moved forward with these two changes: - change name to “OAuth 2.0 Authorization Server Discovery Metadata” as proposed by Brian and - use the URI path suffix ’oauth-authorization-server’ instead of ’openid-configuration’ as proposed by Justin. > 18 feb 2016 kl. 14:

Re: [OAUTH-WG] [scim] Simple Federation Deployment

Count me in ! > 7 apr. 2016 kl. 01:17 skrev Nov Matake : > > I'm interested in too. > > nov > > On Apr 7, 2016, at 07:14, Mike Jones wrote: > >> For the record, I’m interested. >> >> From: scim [mailto:scim-boun...@ietf.org] On Behalf Of Hardt, Dick >> Sent: Tuesday, April 5, 2016 7:26 PM >

Re: [OAUTH-WG] [jose] Dominick Baier's JWT implementation

did my own version. It's part of my OpenID Connect implementation. -- Roland ------ Roland Hedberg IT Architect/Senior Researcher ICT Services and System Development (ITS) Umeå University SE-901 87 Umeå, Sweden Phone +46 90 786 68 44 Mobile +4