IETF Logo Mail Archive

[OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -19

Mike Jones <Michael.Jones@microsoft.com> Tue, 24 April 2012 01:59 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56B8121F866C for <oauth@ietfa.amsl.com>; Mon, 23 Apr 2012 18:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.898
X-Spam-Level:
X-Spam-Status: No, score=-3.898 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PN9C-QygUgfs for <oauth@ietfa.amsl.com>; Mon, 23 Apr 2012 18:59:35 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC8B21F861A for <oauth@ietf.org>; Mon, 23 Apr 2012 18:59:35 -0700 (PDT)
Received: from mail134-va3-R.bigfish.com (10.7.14.239) by VA3EHSOBE003.bigfish.com (10.7.40.23) with Microsoft SMTP Server id 14.1.225.23; Tue, 24 Apr 2012 01:59:34 +0000
Received: from mail134-va3 (localhost [127.0.0.1]) by mail134-va3-R.bigfish.com (Postfix) with ESMTP id 7D6EC4E019B; Tue, 24 Apr 2012 01:59:34 +0000 (UTC)
X-SpamScore: -19
X-BigFish: VS-19(zzc85fhzz1202hzz1033IL8275eh8275bh8275dha1495iz2fh2a8h668h839hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail134-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail134-va3 (localhost.localdomain [127.0.0.1]) by mail134-va3 (MessageSwitch) id 1335232771713161_9057; Tue, 24 Apr 2012 01:59:31 +0000 (UTC)
Received: from VA3EHSMHS009.bigfish.com (unknown [10.7.14.240]) by mail134-va3.bigfish.com (Postfix) with ESMTP id 9DF6D1A0049; Tue, 24 Apr 2012 01:59:31 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS009.bigfish.com (10.7.99.19) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 24 Apr 2012 01:59:31 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.73]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0283.004; Tue, 24 Apr 2012 01:59:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2.0 Bearer Token Specification Draft -19
Thread-Index: Ac0hveIUkpPABtgkSnu5nhGYww/Seg==
Date: Tue, 24 Apr 2012 01:59:29 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436649611E@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.78]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436649611ETK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "presnick@qualcomm.com" <presnick@qualcomm.com>, "housley@vigilsec.com" <housley@vigilsec.com>
Subject: [OAUTH-WG] OAuth 2.0 Bearer Token Specification Draft -19
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 01:59:40 -0000

Draft 19 of the OAuth 2.0 Bearer Token Specification has been published.  Addressed DISCUSS issues and comments raised for which resolutions have been agreed to.  No normative changes were made.  Changes made were:
*         Use ABNF from RFC 5234.
*         Added sentence "The Bearer authentication scheme is intended primarily for server authentication using the WWW-Authenticate and Authorization HTTP headers, but does not preclude its use for proxy authentication" to the introduction.
*         In the introduction, state that this document also imposes semantic requirements upon the access token.
*         Reference the scope definition in the OAuth core spec.
*         Added scope examples.
*         Reference RFC 6265 for security considerations about cookies.

The draft is available at:

*         http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-19
A HTML-formatted version is available at:

*         http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-19.html

                                                                -- Mike

v2.23.0 | Report a Bug | By Email