[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-01.txt
Brian Campbell <bcampbell@pingidentity.com> Fri, 01 May 2020 19:03 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 407043A19FF for <oauth@ietfa.amsl.com>; Fri, 1 May 2020 12:03:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f01bfEHIBPJv for <oauth@ietfa.amsl.com>; Fri, 1 May 2020 12:03:50 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10A0C3A19FE for <oauth@ietf.org>; Fri, 1 May 2020 12:03:50 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id w20so3544182ljj.0 for <oauth@ietf.org>; Fri, 01 May 2020 12:03:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=IEl/pCK3Ay68qtgQJvPjFHPP9NWFK7cZgXJ7xO1MTv0=; b=XdZMx/SOy/MuWbREQOgJ2Y0iyJXCZlpaplBMeiQIVudPKo1/CVvX6HYqONaK/0/Hk8 TA3URHv6UieM+1Hizdgkl+2yyUqBhy4J24/GRnxdOMlxTpAp60vN2hU7bERtpQZTNa26 4fb9T/57a/pgQCNuwNYXtEXGgfXtk/J1MM/+9XDGPUNBeJWYHOmLkWFGUQbjAs/68jvo uVZU0VQwTObWDUzDPjuUBpeQlxJc8L5tCHTzNuDmFv1u2T8AXNH1A1Haw5BWKAhSntRP 3ebwUiF9Syqhd4gHJewNABWLXhrN/92F12e3RAndLgRz4HonLyNSgBZhDIuKaqHvcJl2 JInA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=IEl/pCK3Ay68qtgQJvPjFHPP9NWFK7cZgXJ7xO1MTv0=; b=TEheyaAVlzo5UkONcTzK0WNnofbrZCGl+SoMU/Ykx8xMMQf7pp0ecnoxFpNzSqfT2n othxYPTY6ECxpUZ2Gl0N4yMTj45CEpwUb+tQifz2EXK0EjuKdPGYlJrekg1ZpvrStrmB rlxhNtOjCx2HdP8XA+R3IxQ1KGWrDv1PxGAhjkulzai7cOVzW12vKnuAlzvfp0fBdtqG RfMhz10s5NVJLSrGyzeicADG0a+F506r3h3nhGS01kYqG9QCK5u6XF6k0TkdOy8gT1Y7 7rYCEx2O+DA9MhVuIoUKDDlTY/GxsvqErifZJqHX1+zrxfPiCj2PlOwd2sAC6W5skPdU SjtA==
X-Gm-Message-State: AGi0PuYHT/bQEbXnmErv07L5Y+CmMzWHesKKf1gXe0bVNbSYVRqkNC/p vAGyxhO7V5KSFs9rmNRik8KCMNnGECy2UGPyLCjRdn8fvxbfF4WHsdyc57E9SgZuezsfVFAmNOR AbSqFIn+jo2+R6OQVyyw=
X-Google-Smtp-Source: APiQypKCh9wRziE+GrMwWPd5OmdukNm0XYCJs5db5YBb2+an0B1+9L6VFovZT2AD9/0t1a6qkOYMbVE7zRVBcJaMFdE=
X-Received: by 2002:a2e:9455:: with SMTP id o21mr3214704ljh.245.1588359827546; Fri, 01 May 2020 12:03:47 -0700 (PDT)
MIME-Version: 1.0
References: <158835743733.12112.7484502726888997082@ietfa.amsl.com>
In-Reply-To: <158835743733.12112.7484502726888997082@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 01 May 2020 13:03:21 -0600
Message-ID: <CA+k3eCQTVqX8wv6-4vX9=0LQZ8wQO+43kiESAM4ChriM=eHUVA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004c040305a49ad7d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/DwBCG0HU-cp71FBh7rGh2GdXcv8>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 19:03:53 -0000
I've pushed out a -01 revision of DPoP hopefully allowing folks enough time to read it before the interim meeting on Monday (apologies that it wasn't sooner but the edits took longer than expected or hoped). For ease of reference the changes in this revision are summarized below. There are, of course, still outstanding issues and discussion points that I hope to make some progress on during the interim meeting on Monday. -01 * Editorial updates * Attempt to more formally define the DPoP Authorization header scheme * Define the 401/WWW-Authenticate challenge * Added "invalid_dpop_proof" error code for DPoP errors in token request * Fixed up and added to the IANA section * Added "dpop_signing_alg_values_supported" authorization server metadata * Moved the Acknowledgements into an Appendix and added a bunch of names (best effort) ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Fri, May 1, 2020 at 12:24 PM Subject: New Version Notification for draft-ietf-oauth-dpop-01.txt To: Torsten Lodderstedt <torsten@lodderstedt.net>, David Waite < david@alkaline-solutions.com>, John Bradley <ve7jtb@ve7jtb.com>, Brian Campbell <bcampbell@pingidentity.com>, Daniel Fett <mail@danielfett.de>, Michael Jones <mbj@microsoft.com> A new version of I-D, draft-ietf-oauth-dpop-01.txt has been successfully submitted by Brian Campbell and posted to the IETF repository. Name: draft-ietf-oauth-dpop Revision: 01 Title: OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) Document date: 2020-05-01 Group: oauth Pages: 22 URL: https://www.ietf.org/internet-drafts/draft-ietf-oauth-dpop-01.txt Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ Htmlized: https://tools.ietf.org/html/draft-ietf-oauth-dpop-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-01 Abstract: This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Fwd: New Version Notification for draf… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … William Denniss
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Nikos Fotiou
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden