[OAUTH-WG] Protocol Action: 'OAuth 2.0 for Native Apps' to Best Current Practice (draft-ietf-oauth-native-apps-12.txt)
The IESG <iesg-secretary@ietf.org> Fri, 04 August 2017 13:50 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 06356131CDF; Fri, 4 Aug 2017 06:50:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.58.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, draft-ietf-oauth-native-apps@ietf.org, oauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Hannes.Tschofenig@gmx.net, oauth@ietf.org, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <150185460002.18606.10680937350719175334.idtracker@ietfa.amsl.com>
Date: Fri, 04 Aug 2017 06:50:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ETNcqoUtQI4LO4c3fz5-7POay6U>
Subject: [OAUTH-WG] Protocol Action: 'OAuth 2.0 for Native Apps' to Best Current Practice (draft-ietf-oauth-native-apps-12.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 13:50:00 -0000
The IESG has approved the following document: - 'OAuth 2.0 for Native Apps' (draft-ietf-oauth-native-apps-12.txt) as Best Current Practice This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/ Technical Summary OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user's browser. This specification details the security and usability reasons why this is the case, and how native apps and authorization servers can implement this best practice. Working Group Summary The OAuth 2.0 authorization framework, documents two approaches for native apps to interact with the authorization endpoint: via an embedded user-agent, or an external user-agent. This document recommends external user-agents like in-app browser tabs as the only secure and usable choice for OAuth. There is solid working group consensus to publish this document. Document Quality Implementations are included in the shepherd report. Personnel Hannes Tschofenig is the document shepherd and the responsible area director is Kathleen Moriarty.