Re: [OAUTH-WG] OAuth POP query

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 19 February 2015 08:40 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53CF51A1BA3 for <oauth@ietfa.amsl.com>; Thu, 19 Feb 2015 00:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8FlqjIOv-6pR for <oauth@ietfa.amsl.com>; Thu, 19 Feb 2015 00:40:38 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DF041A1B76 for <oauth@ietf.org>; Thu, 19 Feb 2015 00:40:38 -0800 (PST)
Received: from [192.168.131.130] ([80.92.119.127]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LpbfG-1Xstzp2ye6-00fRT0; Thu, 19 Feb 2015 09:40:35 +0100
Message-ID: <54E5A0EE.70309@gmx.net>
Date: Thu, 19 Feb 2015 09:38:06 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Security Developer <security.developer22@gmail.com>, oauth@ietf.org, ve7jtb@ve7jtb.com
References: <CAD-drXsWwk_-SH9wsVW7spNWmTzGjja-uhEk8ZYWBZc7Xw7bcw@mail.gmail.com>
In-Reply-To: <CAD-drXsWwk_-SH9wsVW7spNWmTzGjja-uhEk8ZYWBZc7Xw7bcw@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NMROj0iRkM75MwfHJ1DkJaaCfusdlL93f"
X-Provags-ID: V03:K0:JkYOPmnBaUv9jTUZbb7aMqFQppuj41bGyByR6WyeYvVmswvRxic /8a/9Hg0wQCU2mzalF3XYETkx4Pw8GwZ2wdsrFohIl2hbqMPqxIYMxDn83SZhiclJxuLuyl J8EviisDiCovx9UCe+qTXivy9l4JshDd3kG5GTFae3u/xeLpHIb/+4rcEyK/rPfLvibY9W2 KIPHaNFq4w1LSXvm0O7Jw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/GvO0Cm4Q1duO0WJrbMo5HxAzA_o>
Subject: Re: [OAUTH-WG] OAuth POP query
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 08:40:40 -0000

Sorry for the late reply.

For the PoP architecture document we initiated the WGLC last year and a
new document has to be submitted to address those comments. I believe
then it is ready for the IESG.

The WGLC for the draft-ietf-oauth-proof-of-possession-00 should be
started next. Maybe already this week since we are doing OK with some of
our other documents.

The weakest part of the story at the moment is the
draft-ietf-oauth-signed-http-request-00 document. For this we obviously
need input from the group.

On 02/14/2015 12:40 PM, Security Developer wrote:
> Hi,
> 
> I have a couple of questions.
> 
> 1- What is the status of these documents as I am interested in
> implementing POP
> 
> draft-ietf-oauth-pop-architecture-00.pdf
> draft-ietf-oauth-pop-key-distribution-00.pdf
> draft-ietf-oauth-proof-of-possession-00.pdf
> draft-ietf-oauth-signed-http-request-00.pdf
> 
> 2- Should Authorization server restrict the number of authorization
> codes issued to a single user after successful authentication and
> authorization in OAuth? also What is the good practice in this case?
> 
> Thanks for your time.
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>