[OAUTH-WG] Security Considerations Section Proposal -02
Torsten Lodderstedt <torsten@lodderstedt.net> Thu, 07 April 2011 07:25 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 637603A6814 for <oauth@core3.amsl.com>; Thu, 7 Apr 2011 00:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZ0M2QbpVppI for <oauth@core3.amsl.com>; Thu, 7 Apr 2011 00:25:39 -0700 (PDT)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.29.28]) by core3.amsl.com (Postfix) with ESMTP id 7F2113A67F3 for <oauth@ietf.org>; Thu, 7 Apr 2011 00:25:39 -0700 (PDT)
Received: from [88.128.95.163] (helo=[10.135.144.173]) by smtprelay03.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1Q7jcg-0001Ve-Fn for oauth@ietf.org; Thu, 07 Apr 2011 09:27:22 +0200
Message-ID: <4D9D6759.3070904@lodderstedt.net>
Date: Thu, 07 Apr 2011 09:27:21 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: OAuth WG <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Df-Sender: torsten@lodderstedt-online.de
Subject: [OAUTH-WG] Security Considerations Section Proposal -02
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 07:25:40 -0000
Hi all, I just posted a new revision of the proposed text for the core draft's security considerations section (http://tools.ietf.org/html/draft-lodderstedt-oauth-securityconsiderations-02). The text makes some strong statements wrt client secrets/authentication, HTTPS, refresh tokens and other topics. This is to facilitate a clear and understandable specification while also considering (and supporting) _all_ relevant use cases (e.g. native apps). Since this is the last major building block of the draft, we would like to include this text as soon as possible. So please give your feedback soon! thanks in advance, Torsten.
- [OAUTH-WG] Security Considerations Section Propos… Torsten Lodderstedt
- Re: [OAUTH-WG] Security Considerations Section Pr… Eran Hammer-Lahav
- Re: [OAUTH-WG] Security Considerations Section Pr… Oleg Gryb
- Re: [OAUTH-WG] Security Considerations Section Pr… Eran Hammer-Lahav
- Re: [OAUTH-WG] Security Considerations Section Pr… Torsten Lodderstedt