Re: [OAUTH-WG] HOTK/POP/etc drafts

John Bradley <> Thu, 24 April 2014 16:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A6C1C1A02C8 for <>; Thu, 24 Apr 2014 09:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z28SmwjXC47Y for <>; Thu, 24 Apr 2014 09:02:42 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5606A1A02AD for <>; Thu, 24 Apr 2014 09:02:42 -0700 (PDT)
Received: by with SMTP id a108so2710714qge.16 for <>; Thu, 24 Apr 2014 09:02:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=N4wY9RD/E4m5GeN0nt5WvKFzWFTlpWZWuI0ftTlX5hY=; b=Cr4k+SRZ+6JNhmHFtMxx8hIXJMngHgThNVNgAovxOP3O8JMqvUaXALLIx3IqUEebN0 VvdHwzGyU7MPiE3b59NNfr2X1JpQRymEAMgIdYkbu8cvZZjTgM0c5djbTcjThZU1NUo8 3UTRxmy34rkdiOfwxGhuRCvrnu1AyOHqRPaE9mU49wVTkOUdAN7x4PxVkYuVOVEUUSY8 MX3a4HeSQ+eozeO8dlZMiXH9fkbRZsTJSk116py/3SbssC0kp/XnFjvyuH1hPiEDmrGL oIx5yK6Maw/7q5NdjpO2UpkHFGMIZMwJyOEVqQ5S66pBrk4UFZhrBHxpMK9x+V4bPS9C /8Zg==
X-Gm-Message-State: ALoCoQmQhIu0Lp1NiDcj0gi5xSJbXf5hdlR/Qn64AZk8qL+E062lRVGn3eZnJT8uOwWXaGwBlone
X-Received: by with SMTP id o8mr4095797qak.20.1398355356060; Thu, 24 Apr 2014 09:02:36 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id p9sm8611703qai.22.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 24 Apr 2014 09:02:29 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_30DF6E1B-063B-406B-B2CE-C9AF45233730"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: John Bradley <>
In-Reply-To: <>
Date: Thu, 24 Apr 2014 13:02:24 -0300
Message-Id: <>
References: <>
To: Adam Lewis <>
X-Mailer: Apple Mail (2.1874)
Cc: "" <>
Subject: Re: [OAUTH-WG] HOTK/POP/etc drafts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 24 Apr 2014 16:02:44 -0000

The overview document is draft-hunt-oauth-pop-architecture-00

For the client requesting POP tokens and key draft-bradley-oauth-pop-key-distribution

For how to include the proof key info in a JWT (more generic than just access tokens) draft-jones-oauth-proof-of-possession

The draft-sakimura-oauth-tcse spec is older and is about symmetric proof keys for code when using public clients, and not directly related to the new docs.

The draft-tschofenig-oauth-hotk is how to use the pop AT at the RS.  It needs some updating to align with  draft-jones-oauth-proof-of-possession but is the general idea.

I am going to do a version of draft-sakimura-oauth-tcse using asymmetric proof keys for discussion on how you could start with a public client generating a key-pair and tying the public key to code, refresh and access tokens. 

> draft-sakimura-oauth-rjwtprof was a discussion document for the WG.

These are all independent drafts at the moment.  The WG will look at them and decide how it wants to proceed with WG drafts, that may or may not be based on these.

We are still trying to decide what sort of sausage to make.

John B.

On Apr 24, 2014, at 12:14 PM, Lewis Adam-CAL022 <> wrote:

> Hi,
> Lots of crypto drafts on OAuth popping up that I need to come up to speed on.
> draft-bradley-oauth-pop-key-distribution-00
> draft-hunt-oauth-pop-architecture-00
> draft-jones-oauth-proof-of-possession-00
> draft-sakimura-oauth-rjwtprof-01
> draft-sakimura-oauth-tcse-03
> draft-tschofenig-oauth-hotk-03
> Glad to see all the work, but is there a preferred reading order here?  Which ones build on each other vs. which ones are out there on their own?
> -adam
> _______________________________________________
> OAuth mailing list