Re: [OAUTH-WG] Call for adoption: OAuth Security Topics

Phil Hunt <phil.hunt@oracle.com> Thu, 02 February 2017 19:18 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E9B1129951 for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 11:18:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.93
X-Spam-Level:
X-Spam-Status: No, score=-4.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DapaKSfJGWgT for <oauth@ietfa.amsl.com>; Thu, 2 Feb 2017 11:18:30 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90459129456 for <oauth@ietf.org>; Thu, 2 Feb 2017 11:18:30 -0800 (PST)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v12JIQHM008380 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 2 Feb 2017 19:18:27 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v12JIPim017219 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 2 Feb 2017 19:18:26 GMT
Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id v12JINTV008495; Thu, 2 Feb 2017 19:18:24 GMT
Received: from [10.0.1.30] (/24.86.208.48) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 02 Feb 2017 11:18:23 -0800
Content-Type: multipart/alternative; boundary="Apple-Mail=_79987035-822C-433F-92C6-20313C437723"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <SN1PR0301MB20299945EF8EC72CD3C0CD06A64C0@SN1PR0301MB2029.namprd03.prod.outlook.com>
Date: Thu, 2 Feb 2017 11:18:22 -0800
Message-Id: <2406D070-8295-4664-A318-EECED08DFB90@oracle.com>
References: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net> <SN1PR0301MB20299945EF8EC72CD3C0CD06A64C0@SN1PR0301MB2029.namprd03.prod.outlook.com>
To: Tony Nadalin <tonynad@microsoft.com>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GlenKK8S2WQMwl_GNZJbe3ijLEg>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 19:18:32 -0000

+1

Phil

Oracle Corporation, Identity Cloud Services & Identity Standards
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>







> On Feb 2, 2017, at 11:11 AM, Anthony Nadalin <tonynad@microsoft.com>; wrote:
> 
> I would be in favor of this 
> 
> -----Original Message-----
> From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
> Sent: Wednesday, February 1, 2017 11:10 PM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Call for adoption: OAuth Security Topics
> 
> Hi all,
> 
> this is the call for adoption of the 'OAuth Security Topics' document following the positive call for adoption at the last IETF meeting in Seoul.
> 
> Here is the document:
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-lodderstedt-oauth-security-topics-00&data=02%7C01%7Ctonynad%40microsoft.com%7Cdd2d04df662a4bfe36e508d44b3a84e6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636216162098338101&sdata=9tMjjKtTBQrNVEEpwfMaIH2gTymyADdgjEJnKU4MP6U%3D&reserved=0
> 
> The intention with this document is to have a place to collect discussions and conclusions around OAuth 2.0 security and to reference the actual solution specifications.
> 
> Please let us know by Feb 16th whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.
> 
> Ciao
> Hannes & Derek
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth