IETF Logo Mail Archive

I-D Action: draft-jones-oauth-dpop-implicit-00.txt

internet-drafts@ietf.org Mon, 09 March 2020 22:47 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D8CC3A0856 for <i-d-announce@ietf.org>; Mon, 9 Mar 2020 15:47:16 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-jones-oauth-dpop-implicit-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.120.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158379403652.5679.15785035260975245547@ietfa.amsl.com>
Date: Mon, 09 Mar 2020 15:47:16 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/fflNwpO6i7uwQO7roiI-wFB9Wo0>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 22:47:23 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : OAuth 2.0 DPoP for the Implicit Flow
        Authors         : Michael B. Jones
                          Brian Campbell
                          John Bradley
	Filename        : draft-jones-oauth-dpop-implicit-00.txt
	Pages           : 5
	Date            : 2020-03-09

Abstract:
   This specification describes a mechanism for sender-constraining
   OAuth 2.0 tokens via a proof-of-possession mechanism on the
   application level.  This mechanism allows for the detection of replay
   attacks with access tokens.

   This specification compliments and builds upon the mechanisms defined
   in draft-fett-oauth-dpop, in which access tokens are returned from
   the token endpoint.  In particular, this specification extends the
   Demonstration of Proof-of-Possession at the Application Layer (DPoP)
   mechanisms to also be usable with the OAuth 2.0 implicit flow, in
   which access tokens are returned from the authorization endpoint.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-jones-oauth-dpop-implicit/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-jones-oauth-dpop-implicit-00
https://datatracker.ietf.org/doc/html/draft-jones-oauth-dpop-implicit-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

v2.23.0 | Report a Bug | By Email