Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-00.txt
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 21 March 2016 07:09 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C68D12D54D for <oauth@ietfa.amsl.com>; Mon, 21 Mar 2016 00:09:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiV8UrZ1TG66 for <oauth@ietfa.amsl.com>; Mon, 21 Mar 2016 00:09:05 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3246512D623 for <oauth@ietf.org>; Mon, 21 Mar 2016 00:09:05 -0700 (PDT)
Received: from [192.168.10.140] ([80.92.114.73]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0Lg1Tn-1a19Md2YHb-00pb3A; Mon, 21 Mar 2016 08:09:00 +0100
To: John Bradley <ve7jtb@ve7jtb.com>, "<oauth@ietf.org>" <oauth@ietf.org>
References: <20160320201414.8930.5136.idtracker@ietfa.amsl.com> <E3F98B49-1A06-4B46-813B-6C54B824EFE9@ve7jtb.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <56EF9E0E.6010404@gmx.net>
Date: Mon, 21 Mar 2016 08:09:02 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <E3F98B49-1A06-4B46-813B-6C54B824EFE9@ve7jtb.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="PDr7xDQB0IcjfFIXVgWhEgFJvp458Je09"
X-Provags-ID: V03:K0:Ap7qOLPspmW+Obxq4TfX8m5msx3XpK8dSz2ochkEJvgMSXq1olM +ULk0+BEkBtG3qRljba7yHMUUSM/sd735wtJEnN99viNMhyOnpuxEb+VogYgvbXx6w65rdL CA+MKYyyf1R1WxIyY8/J3XJYvvEiwlGwIMG8lwAQGLigd5EynnoHZuRZURZLttGX21DSrIj KWl25wVTT8eXieuFe7R7A==
X-UI-Out-Filterresults: notjunk:1;V01:K0:NP/kgCOY9q8=:5oz+SB2YqrUhbyLbAMjm/d SGvoGYlbqV2gwLgEgQhPwLaWnedSZ1M/sP7EJSksAdvwLusq8OHPbutc1DBpgXVhBPoZ03Q09 5St56Uet4zZlPO032YBW1146hILt4eYjkFOQH+sZ33DIAq9QFsnuK+rOwF7G/pa7Y4sM6C40Q NkosuZ0r2KnFZPOQsFwS/JZq/EZbK93f/MBzGLMd2V0ggkV1g1zozRTR8wAg54WIkxjBVPzzz XJdp8MQcDIhwETNmGKkiqAy5XjXfvx3nE9UxWmsS0BwrFdaFCFErWD6mqf0rb5SfcdH7+FIv+ qIfZgmGAQvwBIAK8gu/Vjvtg+OpR+ZAXOXZyHV/PcAhNjod0jL81yNqAyqmJE8AUMVDFLox04 IzQUwhe/m5VSox03Oa9im/A0T5jJuxoeeXcTklSHCGgWpapiJraxS+ORt8QAu3GSNWw1ldI6G 6QqqA96UrVFvMvqtjTQoqMkH+4Owu5mnR9Pl2evjmVoHrbhOZbyGoebmvZTdrfXNzO+iYgunX nEzqI0T1KdNIREyQND7ST4axfSDhZ/AE7oK1oymdOSjIJUsVydJ2GXp+FU6bdbFtUquomgUWH Rj2FyyWO9Qz4bwXjOLW/DnCTlZBaIODDhltgy09Yj0SFcShVKM0E/JzLTxgnuJHMAB/qPHgUN pVm9/s+X/bGI04FhZ4iCqvPFQag/dtPUKuGa4okfPP5G/HmZ09ybdrwL1YP18kXqgXucCwX/L HbxuEKKTWtcpwcbm3rX61nvstmj2hfXmJYzXYV47Q2jVi6bfCgu6hmNq5dY=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/E31dFIi-xLYNCnoUqGoMPeUw4Uw>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 07:09:07 -0000
FWIW: I also worth I wrote a draft a while ago about this topic: https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 On 03/20/2016 10:17 PM, John Bradley wrote: > We have had a number of discussions about splitting the audience part > of PoP key distribution out into it’s own draft > > Phil also requested a draft on how I propose propose that proper > audiencing of access tokens can mitigate against the threat of bearer > access token leakage. > > In response Brian Campbell and I have created a short 00 draft on how > the client can specify the resource that it is requesting a token for > without overloading scopes. > > I hope that this will make some of the issues clearer for our discussion. > > As Justin pointed out we may also want to separate out offline access > and some other common things from scope as well. This is intended to > start the discussion not preclude other discussions around how to reduce > the overloading of scope. > > Regards > John Bradley > > > >> Begin forwarded message: >> >> *From: *internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> >> *Subject: **New Version Notification for >> draft-campbell-oauth-resource-indicators-00.txt* >> *Date: *March 20, 2016 at 8:14:14 PM GMT >> *To: *"Brian Campbell" <brian.d.campbell@gmail.com >> <mailto:brian.d.campbell@gmail.com>>, "John Bradley" >> <ve7jtb@ve7jtb.com <mailto:ve7jtb@ve7jtb.com>> >> >> >> A new version of I-D, draft-campbell-oauth-resource-indicators-00.txt >> has been successfully submitted by Brian Campbell and posted to the >> IETF repository. >> >> Name:draft-campbell-oauth-resource-indicators >> Revision:00 >> Title:Resource Indicators for OAuth 2.0 >> Document date:2016-03-20 >> Group:Individual Submission >> Pages:7 >> URL: >> https://www.ietf.org/internet-drafts/draft-campbell-oauth-resource-indicators-00.txt >> Status: >> https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/ >> Htmlized: >> https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-00 >> >> >> Abstract: >> This straw-man specification defines an extension to The OAuth 2.0 >> Authorization Framework that enables the client and authorization >> server to more explicitly to communicate about the protected >> resource(s) to be accessed. >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org >> <http://tools.ietf.org>. >> >> The IETF Secretariat >> > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Fwd: New Version Notification for draf… John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell