Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-11.txt
Michael Krotscheck <mkrotscheck@vmware.com> Fri, 30 September 2022 15:11 UTC
Return-Path: <mkrotscheck@vmware.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E5FC14F74A for <oauth@ietfa.amsl.com>; Fri, 30 Sep 2022 08:11:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.576
X-Spam-Level:
X-Spam-Status: No, score=-2.576 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=vmware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJmrQrfTK8O8 for <oauth@ietfa.amsl.com>; Fri, 30 Sep 2022 08:11:23 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-eastusazlp170110004.outbound.protection.outlook.com [IPv6:2a01:111:f403:c100::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2F7EC14F73E for <oauth@ietf.org>; Fri, 30 Sep 2022 08:11:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=alMOK8Mr32/Dl5EgT5DqoM22Hiw0+JK1BmGBBTPM2ATppqOol3FN48EV+ysJ+TBXomzwoSew3A0B7fBOrWp9QqAbbBkak7WGLSgVbps/Gt74uetCOkXScIMyNMFHuR4ma8k1xHoh5UWkndEHYhHb1h/kbJJrfIG9NUEGv32VVlXR4FNXRS5uMAie2oDoKM9CktbVylfHOgyVroue9ThDOQ3vVUnTjnWimQP4YhPsOMPp+IT5v6EucHx2SoaArc3PtGyTS9tbOZF2tJvayaXSn9KPA48cQEIyrNU9YLn7AyNelWol9tRRRmEdKEJ0aVF5f8PCk+EZX4fxYJwuONC3/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=asMV1M5kys8Jf+qySKRYjvZ2LB0DyPBFO6mYd9szhWw=; b=N7T4oZi95gU0aJehMda1h+Rrs5AYJHLiw56I9XM6bAAJY85tRC5oBblFoAuAOr6P8NDgl4d61gDOyxOj3kTGlv/QUuEneGxEzOEA6RiZt7dzfp/4SqbEHzFqp4q0hMqxM9h1JfCheLSoA2sKQZ+z8rf6uJyLTRSjA3wAfLwN92w3Pfapbj/nJYcXytw/B9hDXOBuG0jKyD3EjatIGerunh58ed64XFzmrPBSmV920ix6J2WEehKhnK6zFOfNXSrikSBWx8klwWoJjXjy7GQ22RcHLC4NYZfWzBCRqcxUYQ+pEl36E0HRB7iwcKrOBjfflJWKp+lI5l7nApm+oN0xSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vmware.com; dmarc=pass action=none header.from=vmware.com; dkim=pass header.d=vmware.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vmware.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=asMV1M5kys8Jf+qySKRYjvZ2LB0DyPBFO6mYd9szhWw=; b=QQfYCLp/z63QukXxUYp280yNyUuqCjUZL4N2ag90ZevXpg6COFrSSXcI1cHDCNwhJpwIluprEsOSLoIsmVdYTTeEFYli0jZb2otJnlAzlyAFKc+vBfImNt6OADj44Mb7WiHqe/4bU3++O1SJsGy5I0AgIyDKNvGkUhgYa7cQulc=
Received: from SJ0PR05MB8646.namprd05.prod.outlook.com (2603:10b6:a03:38e::9) by BN8PR05MB6195.namprd05.prod.outlook.com (2603:10b6:408:61::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.23; Fri, 30 Sep 2022 15:11:06 +0000
Received: from SJ0PR05MB8646.namprd05.prod.outlook.com ([fe80::4902:81e7:84b:24ca]) by SJ0PR05MB8646.namprd05.prod.outlook.com ([fe80::4902:81e7:84b:24ca%9]) with mapi id 15.20.5676.023; Fri, 30 Sep 2022 15:11:06 +0000
From: Michael Krotscheck <mkrotscheck@vmware.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-11.txt
Thread-Index: AQHYx5gxuv+8jvuZKkGK6qQDkiE1Dq3drRyAgBp+238=
Date: Fri, 30 Sep 2022 15:11:06 +0000
Message-ID: <SJ0PR05MB8646014A27D9473AE5477613D5569@SJ0PR05MB8646.namprd05.prod.outlook.com>
References: <166309088540.3684.1323489253171590895@ietfa.amsl.com> <CAGBSGjruc9xqY3Bct3w8BwK+b-=yAPt0GP+HpucY7nKAvB_Rkw@mail.gmail.com>
In-Reply-To: <CAGBSGjruc9xqY3Bct3w8BwK+b-=yAPt0GP+HpucY7nKAvB_Rkw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=vmware.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR05MB8646:EE_|BN8PR05MB6195:EE_
x-ms-office365-filtering-correlation-id: 1c2b1eed-d97b-4106-2360-08daa2f5ffbb
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OExyrjdhPoAZx85k+OfaWSPWpOmbMivB/C9IIqdHk0OCt8eBdDOYBhA1EocSaRCfUFKPeBoEqD6UQSkF+zQ4h/6w7ZdXJeSO0yAQsp0uTiuYPKcMmoZiFwWPEodNBB5y9MQZi6crFN2r7jxQ7TToyG/s8KbIgBiTJiUuh5gjfjAehME1EF7lZxuiESBeMDUrqc82Cq7JdXhlGa8IobqnBQvYwD+jhs83nxQlYXI3pITXTN7OMr1EeO3LvrtuPqTsBGDBfyERn0W4mmQnmrdPiHBk4LcldWNxd1e/0rPrfkYTuc1wPuUDZow9vVTZh7M1Q6V/YREqIX56PbqBbW/SHOBkKrzhgLcPKfDeQZeWhEcwxizPgh2mDOWceChYL0HWoLB3CrIOP0hjZE4yKqQZdfQR5Ka4Ffq32hRDkVVjAHHJlM2s3jIeeYs2Dr6YFH9HTCoP6Adv9amlqj5BvRlTIFLQbo5eQK3p2XznB1PXcCYote6HxuZ9mFpsAEeR1d82DpTWDKG0V+Sj1BrYBPuv8zT8SswrFv3Nv1c+EVqlMznoj43e2uCexYGratMji24k9IhcQY9xbh+TzFtkAIvVgloqLlcwO/CxNTdaby4gPyOZy2ZaWGRRCZFgZIRESxjsHb++9OulqZaWPtvvjQyh6oEzwS8YwaiiSkmNes32buBE3yA9weUZTSKH7v69vQWiYodyw5e1duAHk83AzjYLyZTVX/TCyR6xw44fTFdZmEd3Kj1pZ8NfegMvnw3wZhPmGGBoT85pxsKOnx8QpKLwycDsGtrG6UMm/NqY7olmuIHXa5KVACQkrprNqzh73rXyP+/QseKujPlVvjw/8TnnlDm9rhfawwpjTpbg26rFYhWb0pZolxhX9lYGmVblM3Sf
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR05MB8646.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(396003)(376002)(346002)(366004)(136003)(451199015)(166002)(66574015)(966005)(83380400001)(2906002)(38100700002)(55016003)(41300700001)(316002)(6506007)(7696005)(38070700005)(86362001)(6916009)(9686003)(66556008)(76116006)(66946007)(66476007)(478600001)(186003)(66446008)(64756008)(8676002)(26005)(53546011)(33656002)(71200400001)(66899015)(5660300002)(8936002)(52536014)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: bXkA5O2MvcjS3AcJxIi76mErp5NDaaLhOeU/J6H1Ln5tPLv2MlyysZ7XFOja6mNvJUZ1WseN2gn80Mq0GoU98eb1MladPnqjatVsJ7aqL3PI8rJq69QH15iLGco2Xxs3z8WV1JAd2ar3cdpmRBk4TkyiLBMoefGyCb6FrDyhghr4jJZAiDcUNYX8KqxUUAd8lHV754ameheqEt9xHUE69d7M5unxbJ8iclQ8AVPY3qwgbBEKi+xlP+A4JG0qLk4ig8tj/r5gWlrSrNsaizARTQNVX0aZROzswAHyg0L2MJ5aFmjR7T+NAdU0hn6Pt2+SdkEx3vtoRCPwbbFmcWXrMmVAMdS7xItYUViASw0ykYA0BT0YA0s0s2JVtu3Ao2aS7kcnXihhsDamogsoy6iLqrzEVfWeNrS2hWySPixyHnZsYZXuN4eU8+sciKF5ZvU16nTDVIzWi763cejMbs4hRCJVI8hCCerlbzEw6a4zOSTXeF4+xjbEVFMGbnbR/LeMWmGGG4TYJzwGd1cc2AvjIL3gKmddSm4oLyTtmv5URxqGl/boqzSi7dJQ9nQ/haFrZpELUC8pldPI2ljrU4teqqb3tcZ6QpKQZMDWBLPfwHmlcDXok3/Y/X6rXBOKJmNHO0krULDGzKGnwT8dwhUlfxEJe9BnCUWhJqyMKp/08MxPLvaBNwGuDv1c4lr8WvWCa/zqo4RmBpKLtODt6g6Qz1leAOHeVnzgiHw3m56FxLYwQ8js5KqKFpIOnebhpRKo1VLicPoNb2/ZckDmFmPW6LKNYIZepdHR2yD/EgfgFg+L5nB3bigbhv9jYoHTkzIRlMGe+A4BzCcuRgp+g3xDo0MOkkukPqjNrVkZ0MRQ+7F56GblIcaVkKrSaPWc9UKsDzIFcYE++M7yxmMf9MwxVVqyA7+VeCGI2urhvN43vgyC+Q0pHkFE8j/NRk+xjdkTPj7vhygtJd9gn2UcUO9608NmlA2MArnTt25YYAIUcIVPpSulXOfWxIhyOID7zcBSaeUZsh5I8kPpbjQ2hfH36e6f3g6P75p4AKbLywrsVttoJVZtZKPaRuLb9Rrp4IsTXtQh3C+4TJKMdd+c5b4N5rQfakJweD0FBmzP3FLU9pXDadqEOOJ/X74jf6W0sWuy8LDm4Vp46j5Rau8RgWuSPKn4FpOuWTgQPZOUUOarJBfPHrczwO0+met9HLCd65Ux4F7Dx1jrjNyFrIYR8FMBQCx6uo4I/Xva529i8IaPJi4TKlTgTyBxDW/D6Mq0tjcXI31yu+RGfI1mk2h3P1LxuwRnQDQMy+MwCHssxRTmVmgz+f0Z9nHOHMSuMH/xwCjfJcyylctVN6aTuWd9nWSEaw5RoptNe0a5Ov3ZDIXgif0r6F+CwrOf7dJgOAbuC+RF7fZUVL55Zl/nrxad2qmgGjg7Glo5lsU+oqriE+W5AIMshZFtLX6qx+Ldjrn9JqF3iNMd/nmhV0I5pVDz1PLjv+sptUCM/KQgQHK5YmVP95X7l13h+NbWymfTZ7LyowR3mtKb47ynVRxB3EioegjaQAS6eiek3i5ai6UIPflf1IyvP6y/iH/Zaji8Xx/uIN125QPGn8ofzNY5oZ786pkRqw==
Content-Type: multipart/alternative; boundary="_000_SJ0PR05MB8646014A27D9473AE5477613D5569SJ0PR05MB8646namp_"
MIME-Version: 1.0
X-OriginatorOrg: vmware.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR05MB8646.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c2b1eed-d97b-4106-2360-08daa2f5ffbb
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2022 15:11:06.3894 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dKdd14PhVFGFniz+I0tom3+80m+uqLN3K0O+jm1AXsIpkmqCi+PiNGMGCw4hg4pq9J4B+LVb94Pn19Eb9W4zgw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR05MB6195
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/2Ugx1QAcNf-sGiI0OOwC-7XaiyA>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-11.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2022 15:11:26 -0000
Urm, hi! Chiming in on pros/cons for the various patterns, related to something we’ve been working on here. Both section 6.2 and 6.3 don’t mention that the pattern obfuscates the original user agent’s IP or other identifying markers. If, hypothetically, you care about access from sanctioned IP ranges, neither of those two would fully permit that. Only getting tokens directly from the authorization server would allow that. Also – typo in 6.4, first sentence: “’from the authorization itself’ should likely read ‘from the authorization server itself’. Happy Friday! Michael From: OAuth <oauth-bounces@ietf.org> on behalf of Aaron Parecki <aaron=40parecki.com@dmarc.ietf.org> Date: Tuesday, September 13, 2022 at 11:25 AM To: oauth@ietf.org <oauth@ietf.org> Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-11.txt ⚠ External Email Hello all, With the help of a few kind folks, we've made some updates to this draft as discussed during the last IETF meeting in Philadelphia. You can find the current version, draft 11, here: https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-oauth-browser-based-apps-11.html&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422013221%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=54W3e4ViJaRgjk7yAl3OFAAL7g3vgmlH5VeSCJcsdlA%3D&reserved=0> The major changes in this version are adding two new architecture patterns, the "Token Mediating Backend" pattern based on the TMI-BFF draft, and the "Service Worker" pattern of using a Service Worker as the OAuth client. I've also done a fair amount of rearranging of various parts of the document to hopefully make more sense. Obviously there is no clear winner in terms of which architecture pattern is best, so instead of trying to make a blanket recommendation, the goal of this draft is to document the pros and cons of each. If you have any input into either benefits or drawbacks that aren't mentioned yet in any of the patterns discussed, please feel free to chime in so we can add them to the document! You're welcome to either reply on the list, open an issue on the linked GitHub repository, or contact me directly. Keep in mind that only comments on the mailing list are part of the official record. Thanks, Aaron Parecki On Tue, Sep 13, 2022 at 10:42 AM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 for Browser-Based Apps Authors : Aaron Parecki David Waite Filename : draft-ietf-oauth-browser-based-apps-11.txt Pages : 29 Date : 2022-09-13 Abstract: This specification details the security considerations and best practices that must be taken into account when developing browser- based applications that use OAuth 2.0. Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the Web Authorization Protocol Working Group mailing list (oauth@ietf.org<mailto:oauth@ietf.org>), which is archived at https://mailarchive.ietf.org/arch/browse/oauth/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fbrowse%2Foauth%2F&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422013221%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yIqnVIeSWGa62Vo41630360tGpwYXUU%2B3UD9Kb25UEg%3D&reserved=0>. Source for this draft and an issue tracker can be found at https://github.com/oauth-wg/oauth-browser-based-apps<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Foauth-wg%2Foauth-browser-based-apps&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422013221%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A3A01iAXDAb3ME4AvKsBFhb50EmLIpsSi7P4iteDNAs%3D&reserved=0>. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-browser-based-apps/<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-oauth-browser-based-apps%2F&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422013221%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=K22gbKvH7CMRWrFYmNd4mfyDqZvShWo6UJYwh07tV8Y%3D&reserved=0> There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-11.html<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-oauth-browser-based-apps-11.html&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422169450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=z%2B2uTIG58J%2FK43pkuA97%2BZYRERFcscbi9MHJzvEKCtA%3D&reserved=0> A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-browser-based-apps-11<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-ietf-oauth-browser-based-apps-11&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422169450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nF58f9jNSo1rNU3TqIgz270Pfm%2BdgDlFGk9ZqsRs%2FUA%3D&reserved=0> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Foauth&data=05%7C01%7Cmkrotscheck%40vmware.com%7C35ace0f16d72449f7a6308da95b55b50%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637986903422169450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=We5G2rp5k%2B5OOKKhbXaG64kb6M9kIe76jBTxXaYXTeI%3D&reserved=0> ________________________________ ⚠ External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.
- [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-b… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-brows… Aaron Parecki
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-brows… Michael Krotscheck