Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-pop-architecture-00.txt
Prateek Mishra <prateek.mishra@oracle.com> Thu, 03 April 2014 16:31 UTC
Return-Path: <prateek.mishra@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8BE1A0246 for <oauth@ietfa.amsl.com>; Thu, 3 Apr 2014 09:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jYyclcN3x4L for <oauth@ietfa.amsl.com>; Thu, 3 Apr 2014 09:31:01 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id DDE661A021B for <oauth@ietf.org>; Thu, 3 Apr 2014 09:30:37 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s33GUUpp004724 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 3 Apr 2014 16:30:31 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s33GUTo3012699 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 3 Apr 2014 16:30:30 GMT
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s33GUTl5012732; Thu, 3 Apr 2014 16:30:29 GMT
Received: from [192.168.2.5] (/24.6.202.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 03 Apr 2014 09:30:29 -0700
Message-ID: <533D8CA3.6070005@oracle.com>
Date: Thu, 03 Apr 2014 09:30:27 -0700
From: Prateek Mishra <prateek.mishra@oracle.com>
Organization: Oracle Corporation
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Bill Mills <wmills@yahoo-inc.com>, Phil Hunt <phil.hunt@yahoo.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Justin Richer <jricher@mitre.org>, OAuth WG <oauth@ietf.org>
References: <20140403083747.31162.58961.idtracker@ietfa.amsl.com> <1396541184.357.YahooMailNeo@web125601.mail.ne1.yahoo.com>
In-Reply-To: <1396541184.357.YahooMailNeo@web125601.mail.ne1.yahoo.com>
Content-Type: multipart/alternative; boundary="------------070303070605090104070409"
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/-PmQVhOe4NmW8ZHZ97oQu4c-0yo
Subject: Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-pop-architecture-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 16:31:08 -0000
"key confirmed" or "key confirmation" is another term that is widely used for these use-cases > I really *like* the name "proof of possession", but I think the > acronym PoP is going to be confused with POP. HOTK has the advantage > of not being a homonym for aything else. What about "Possession Proof"? > -bill > > > -------------------------------- > William J. Mills > "Paranoid" MUX Yahoo! > > On Thursday, April 3, 2014 1:38 AM, "internet-drafts@ietf.org" > <internet-drafts@ietf.org> wrote: > > A new version of I-D, draft-hunt-oauth-pop-architecture-00.txt > has been successfully submitted by Hannes Tschofenig and posted to the > IETF repository. > > Name: draft-hunt-oauth-pop-architecture > Revision: 00 > Title: OAuth 2.0 Proof-of-Possession (PoP) Security Architecture > Document date: 2014-04-03 > Group: Individual Submission > Pages: 21 > URL: > http://www.ietf.org/internet-drafts/draft-hunt-oauth-pop-architecture-00.txt > Status: > https://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/ > Htmlized: http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00 > > > Abstract: > The OAuth 2.0 bearer token specification, as defined in RFC 6750, > allows any party in possession of a bearer token (a "bearer") to get > access to the associated resources (without demonstrating possession > of a cryptographic key). To prevent misuse, bearer tokens must to be > protected from disclosure in transit and at rest. > > Some scenarios demand additional security protection whereby a client > needs to demonstrate possession of cryptographic keying material when > accessing a protected resource. This document motivates the > development of the OAuth 2.0 proof-of-possession security mechanism. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > >
- Re: [OAUTH-WG] New Version Notification for draft… Prateek Mishra
- Re: [OAUTH-WG] New Version Notification for draft… Anil Saldhana
- Re: [OAUTH-WG] New Version Notification for draft… Phil Hunt
- Re: [OAUTH-WG] New Version Notification for draft… John Bradley
- Re: [OAUTH-WG] New Version Notification for draft… Mike Jones
- Re: [OAUTH-WG] New Version Notification for draft… Bill Mills
- Re: [OAUTH-WG] New Version Notification for draft… Thomas Hardjono
- Re: [OAUTH-WG] New Version Notification for draft… Anthony Nadalin