Re: [OAUTH-WG] Call for agenda items

Mike Jones <> Mon, 05 March 2018 19:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9E2C712DB6D for <>; Mon, 5 Mar 2018 11:53:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id EtlmFzY_bx1h for <>; Mon, 5 Mar 2018 11:53:37 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0002712D874 for <>; Mon, 5 Mar 2018 11:53:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FzfpVwiHe8xeZUbnrjzfd/W1vHMu1c44iOxV0dA6yRY=; b=RiXgfSE9pVVTiY1Tim2no6b41K/aZhm/SLvNZGTSjAmuTk1Bv6RRf/zyaJxx45McqYC2AQJ7dwKP+uVxPNtlrs0QHpcbWsm4DTc9geByzONcENSyLjM4vG2qPv8l7tfs/Aha9asPPUC6YCAMG2VJtWeRe3fxAn5+NE3DTBtEQcU=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.3; Mon, 5 Mar 2018 19:53:35 +0000
Received: from ([fe80::9866:f6b5:e2d6:50]) by ([fe80::9866:f6b5:e2d6:50%2]) with mapi id 15.20.0588.001; Mon, 5 Mar 2018 19:53:34 +0000
From: Mike Jones <>
To: William Denniss <>, Hannes Tschofenig <>
CC: oauth <>
Thread-Topic: [OAUTH-WG] Call for agenda items
Thread-Index: AdOZokfkKl3QavjXR5+VNijf+3VIVAbDb1oAAALa0qA=
Date: Mon, 05 Mar 2018 19:53:34 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-03-05T19:53:32.7582718Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:b::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB0944; 7:hZAgVyScnPjUz6fxZIxFFn14/TaCEZMeWjOatTB2Lrpogz2DJAlwnd1qMx3eSMoBqf5gQNJEEzLZX+pg6oZtyh//m86yPSxVrqm4/+cbh7m5hp+QajeiyEjviiNNGxZzwzNBTBB3GDsLby7hNNbmWgbHMokmtbhaHTdKQFSGI2c7m5ViDvPbKN908QIjBto2LwZPZEc2YwBCnURDbcFD7mOQaVHeHEuX0I/cMruPV2P8NXhl55/pztRGIYKdqvhX; 20:gCA8PXFBWGEa2j5PV0xZi47j7RC3eu071IUsaeuW364QRb4+g8/+HgPGO2QonrLcuH3PQHHRokFhpRCPETF1Eist4tJ2DhTQgBwkNrcOGDEd7y+1Ax1lomLugP8lQIGWwNVHE4nerSqs1SW9ffxPV6gL6fdfj/O2ojmD3sKwdSs=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 85d1caf3-61f3-4556-b0fd-08d582d2c7d0
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603322)(7193020); SRVR:SN6PR2101MB0944;
x-ms-traffictypediagnostic: SN6PR2101MB0944:
authentication-results: spf=none (sender IP is );
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(192374486261705)(100405760836317)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040501)(2401047)(5005006)(8121501046)(3002001)(3231220)(944501244)(52105095)(10201501046)(93006095)(93001095)(6055026)(61426038)(61427038)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:SN6PR2101MB0944; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB0944;
x-forefront-prvs: 06022AA85F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(39380400002)(346002)(376002)(366004)(53754006)(199004)(189003)(40434004)(6306002)(229853002)(68736007)(7736002)(2900100001)(74316002)(105586002)(2950100002)(606006)(106356001)(46003)(3660700001)(5660300001)(76176011)(97736004)(7696005)(3280700002)(10290500003)(478600001)(2906002)(22452003)(72206003)(53546011)(6506007)(54896002)(6116002)(9686003)(14454004)(99286004)(25786009)(236005)(86612001)(55016002)(110136005)(790700001)(5250100002)(966005)(102836004)(5890100001)(6246003)(8990500004)(316002)(19609705001)(186003)(10090500001)(4326008)(8936002)(81166006)(81156014)(33656002)(8676002)(59450400001)(86362001)(6436002)(53936002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB0944;; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
x-microsoft-antispam-message-info: pR7+xTpiA9HlZUIE3OfIT24zhU3U96Nf8dA9SIwHeTmCcK9jrlKkty2B3ZFsmPHVbLvvVgH9DG9/CSiJ7dn0TSTnOjYD8Rs47ZuC7pzvLlFL3fiWOPWHl7mKV2xJqUPWTTyBPGED+UiTHv/xAFZvkBZFMTXPoU4Ho/9iPRFAvFMz85AFDxRqfbL0AJwSN/3h2LRAjAnp3xrbzDOHnl2zqjptKEJ1827eCnpQYNJ85AdROP0tk3+RxIRRx9EmLkYhNZQ1iiSDfF3QaMakRD2zs/Lb8rvFjEwav7PlmE62B/a66O2fmDh2eTpt8gLBA2JRupEsl5717xng+BVB5Q9mRw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR2101MB094395ABEA258CA0F0D378D2F5DA0SN6PR2101MB0943_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 85d1caf3-61f3-4556-b0fd-08d582d2c7d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2018 19:53:34.8367 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB0944
Archived-At: <>
Subject: Re: [OAUTH-WG] Call for agenda items
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Mar 2018 19:53:40 -0000

I should make a presentation about changes in draft-ietf-oauth-discovery that occurred because of IESG feedback.  10-15 minutes.

I will try to have something to say about the JWT BCP draft, which is currently expired.  I will plan to address Brian Campbellā€™s comments before London.  (Not enough time remains to do it today.)  10-15 minutes.

                                                                -- Mike

From: OAuth <> On Behalf Of William Denniss
Sent: Monday, March 5, 2018 10:30 AM
To: Hannes Tschofenig <>
Cc: oauth <>
Subject: Re: [OAUTH-WG] Call for agenda items

Hannes & Rifaat,

I would like the opportunity to present on OAuth 2.0 Incremental Authorization (draft-wdenniss-oauth-incremental-auth) [an update for which will be posted today] and "OAuth 2.0 Device Posture Signals" (draft-wdenniss-oauth-device-posture).

I can also give an update on the status of Device Flow (draft-ietf-oauth-device-flow). I expect that to be short now that WGLC has concluded and the document has advanced.

Little late to this thread and I see we already have 2 sessions in the draft agenda, but I'd like to add my support to keeping both sessions, there's always a lot to discuss and in the past we've been able to use any spare time to discuss the security topics of the day.


On Tue, Jan 30, 2018 at 4:40 AM Hannes Tschofenig <<>> wrote:
Hi all,

It is time already to think about the agenda for the next IETF meeting. Rifaat and I were wondering whether we need one or two sessions. We would like to make the decision based on the topics we will discuss. Below you can find a first version of the agenda with a few remarks. Let us know if you have comments or suggestions for additional agenda items.

Hannes & Rifaat

OAuth Agenda

- Welcome and Status Update  (Chairs)

  * OAuth Security Workshop Report

  * Documents in IESG processing
     # draft-ietf-oauth-device-flow-07
     # draft-ietf-oauth-discovery-08
     # draft-ietf-oauth-jwsreq-15
     # draft-ietf-oauth-token-exchange-11

       Remark: Status updates only if needed.

-  JSON Web Token Best Current Practices
   # draft-ietf-oauth-jwt-bcp-00

   Remark: We are lacking reviews on this document.
   Most likely we will not get them during the f2f meeting
   but rather by reaching out to individuals ahead of time.

-  OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens
   # draft-ietf-oauth-mtls-06

   Remark: Could be completed by the time of the IETF meeting.

- OAuth Security Topics
  # draft-ietf-oauth-security-topics-04

  Remark: We could do a consensus call on parts of the document soon.

- OAuth 2.0 Token Binding
  # draft-ietf-oauth-token-binding-05

  Remark: Document is moving along but we are lacking implementations.

- OAuth 2.0 Device Posture Signals
  # draft-wdenniss-oauth-device-posture-01

  Remark: Interest in the work but we are lacking content (maybe even
  expertise in the group)

- Reciprocal OAuth
  # draft-hardt-oauth-mutual-02

  Remark: We had a virtual interim meeting on this topic and there is
  interest in this work and apparently no competing solutions. The plan
  is to run a call for adoption once we are allowed to add a new milestone
  to our charter.

- Distributed OAuth
  # draft-hardt-oauth-distributed-00

  Remark: We had a virtual interim meeting on this topic and there is
  interest in this work. Further work on the scope is needed.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
OAuth mailing list<>