[OAUTH-WG] Protocol Action: 'OAuth 2.0 for Native Apps' to Best Current Practice (draft-ietf-oauth-native-apps-12.txt)

The IESG <iesg-secretary@ietf.org> Fri, 04 August 2017 13:50 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 06356131CDF; Fri, 4 Aug 2017 06:50:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.58.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, draft-ietf-oauth-native-apps@ietf.org, oauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Hannes.Tschofenig@gmx.net, oauth@ietf.org, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <150185460002.18606.10680937350719175334.idtracker@ietfa.amsl.com>
Date: Fri, 04 Aug 2017 06:50:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ETNcqoUtQI4LO4c3fz5-7POay6U>
Subject: [OAUTH-WG] Protocol Action: 'OAuth 2.0 for Native Apps' to Best Current Practice (draft-ietf-oauth-native-apps-12.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 13:50:00 -0000

The IESG has approved the following document:
- 'OAuth 2.0 for Native Apps'
  (draft-ietf-oauth-native-apps-12.txt) as Best Current Practice

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/





Technical Summary

   OAuth 2.0 authorization requests from native apps should only be made
   through external user-agents, primarily the user's browser.  This
   specification details the security and usability reasons why this is
   the case, and how native apps and authorization servers can implement
   this best practice.

Working Group Summary

   The OAuth 2.0 authorization framework, documents two approaches for 
   native apps to interact with the authorization endpoint: via an 
   embedded user-agent, or an external user-agent.

   This document recommends external user-agents like in-app browser
   tabs as the only secure and usable choice for OAuth. 
   
   There is solid working group consensus to publish this document.

Document Quality

  Implementations are included in the shepherd report.

Personnel
  Hannes Tschofenig is the document shepherd and the responsible area 
  director is Kathleen Moriarty.