[OAUTH-WG] Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
Torsten Lodderstedt <torsten@lodderstedt.net> Mon, 05 November 2018 06:38 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39983130E5D for <oauth@ietfa.amsl.com>; Sun, 4 Nov 2018 22:38:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MeBtxVyRxPmT for <oauth@ietfa.amsl.com>; Sun, 4 Nov 2018 22:38:51 -0800 (PST)
Received: from smtprelay08.ispgateway.de (smtprelay08.ispgateway.de [134.119.228.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A48B1130EA9 for <oauth@ietf.org>; Sun, 4 Nov 2018 22:38:51 -0800 (PST)
Received: from [31.133.150.222] (helo=dhcp-96de.meeting.ietf.org) by smtprelay08.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <torsten@lodderstedt.net>) id 1gJYXA-0002dD-R0; Mon, 05 Nov 2018 07:38:49 +0100
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_9740C433-1955-4EFC-8A7F-54AE20CED852"; protocol="application/pkcs7-signature"; micalg="sha-256"
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Message-Id: <A2F2E3CC-80DE-4636-98F6-DBB2218E0E30@lodderstedt.net>
Date: Mon, 05 Nov 2018 13:38:45 +0700
To: oauth <oauth@ietf.org>
X-Mailer: Apple Mail (2.3445.101.1)
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/536NjiXpqwmvqkWLaX6-G2NV7xM>
Subject: [OAUTH-WG] Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 06:38:56 -0000
Hi all, the Financial-grade API WG at the OpenID Foundation has published a mechanism for signing and encrypting OAuth authorization responses that I would like to bring to your attention. The draft https://openid.net//specs/openid-financial-api-jarm-wd-01.html went already through Implementations Draft voting. I presented the draft in the session today at IETF-103 and perceived positive feedback on making this draft usable in a broader OAuth context. For the time being we would like the draft to stay in the FAPI WG. If you want to give feedback, please do so either here or at the FAPI mailing list (http://lists.openid.net/mailman/listinfo/openid-specs-fapi). kind regards, Torsten.
- [OAUTH-WG] Financial-grade API: JWT Secured Autho… Torsten Lodderstedt