Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-04.txt
Aaron Parecki <aaron@parecki.com> Thu, 07 October 2021 17:57 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 037793A0D58 for <oauth@ietfa.amsl.com>; Thu, 7 Oct 2021 10:57:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHMgXQzAgkip for <oauth@ietfa.amsl.com>; Thu, 7 Oct 2021 10:57:34 -0700 (PDT)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D56893A0D78 for <oauth@ietf.org>; Thu, 7 Oct 2021 10:57:31 -0700 (PDT)
Received: by mail-io1-xd31.google.com with SMTP id q205so7723475iod.8 for <oauth@ietf.org>; Thu, 07 Oct 2021 10:57:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=qhKaLVC9J29/S962BxcJiXEqMWD/n3Fjgp0m6GiAMdo=; b=YwMMmWMwXmpXfUC8hUX7EdgEXm6n2TTDZc9WiPBOMDGfsfHHkWZSxjgpFE2CZkuj6L pk9Dep5mvTxo8hww9RkmaTPUCHNRG65fLTyb2USi2p0zf3t2fBwVimjxl6cqu5ZxZK7D B/q2b3dWazuAREZOtBl5A0PBCUpm/ZsmFOSOu3GjVuJV8ttxvKqLXVBUUB+N+GNYM0Q6 1Rw/X+EZH63njmvZC9U3Y3y2u5to4X/Fp4ChxWMvMGGM9Krkk4KUX7Wa7i0XtUuDRZKl 1MWNKWRuAi+r6hhcu/NECNIlwkGUGLZ7VcuoT+H8+Ax78QbkmAJETFVF7Ldc8+geecbk oCrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=qhKaLVC9J29/S962BxcJiXEqMWD/n3Fjgp0m6GiAMdo=; b=EmJRVEJnOBOHeG8iJY1VjkMfsBVXnuVAQK48Lf02OVMxqmmwzhnmqaUMwevD1uMqBZ taBi7J5oFyvMxCzBbDf9gkuDn6yUbc0rjQfyuPFVrJxag95D5hrYqK/MSTucLlAdPfbP I4IEJhFvVmGvFpDFTbI3NhGn0AjxFa/41ehiO9AJryqBF5WJo0agp0NEyLcwls9IFxtM rzGRvQmtU63BW7xHUaPmeulBV9GeWtxiHNv0wDAPHl1LtDNyRhN7/fiSJiIj4l0tqsLe K7m4Z5H+DBwX3dBjCyuCJ9I8E+Y2ipuKX3fsV+UGL5CL3hdA+ngIdYS4z3jq0v6lSGdO 4oug==
X-Gm-Message-State: AOAM531VWKdt+i7FmQlxNjYDTbvxR/aobvtQHzhYXVSeqSafNFGRENiZ nc3q8W6QYzcQiKiBOwCeGsV6Q/43kG+8tA==
X-Google-Smtp-Source: ABdhPJwaSZp9yJCgJC9JKJruStiwOWnwo8/teWcC8Kzu7vov3Esh3PVLC4uwSUIe/3pfzIklRlcA1A==
X-Received: by 2002:a05:6638:16d4:: with SMTP id g20mr4211914jat.22.1633629450460; Thu, 07 Oct 2021 10:57:30 -0700 (PDT)
Received: from mail-il1-f182.google.com (mail-il1-f182.google.com. [209.85.166.182]) by smtp.gmail.com with ESMTPSA id z26sm2312ioe.9.2021.10.07.10.57.29 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Oct 2021 10:57:29 -0700 (PDT)
Received: by mail-il1-f182.google.com with SMTP id b6so7356500ilv.0 for <oauth@ietf.org>; Thu, 07 Oct 2021 10:57:29 -0700 (PDT)
X-Received: by 2002:a05:6e02:188d:: with SMTP id o13mr4265389ilu.320.1633629449531; Thu, 07 Oct 2021 10:57:29 -0700 (PDT)
MIME-Version: 1.0
References: <163347956410.26563.6262394233835671220@ietfa.amsl.com>
In-Reply-To: <163347956410.26563.6262394233835671220@ietfa.amsl.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Thu, 07 Oct 2021 10:57:18 -0700
X-Gmail-Original-Message-ID: <CAGBSGjryjQ3pnh+RnGnxqjCENgG-6td1JBSG4tV9VZfVSaKvnQ@mail.gmail.com>
Message-ID: <CAGBSGjryjQ3pnh+RnGnxqjCENgG-6td1JBSG4tV9VZfVSaKvnQ@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000008b8d505cdc6ff0e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/J_xOhTiOtYIpeFehDzcgiWbRiEE>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2021 17:57:45 -0000
Hello all, on Tuesday we published a new revision of the OAuth 2.1 draft in advance of the interim meeting next week. The main changes are documented in the changelog section but are summarized below as well: * Added explicit mention of not sending access tokens in URI query strings * Clarifications on definition of client types * Consolidated text around loopback vs localhost * Editorial clarifications throughout the document There are still a number of outstanding issues we are aware of, and have highlighted a few of them for discussion during the session next week. Aaron On Tue, Oct 5, 2021 at 5:19 PM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : The OAuth 2.1 Authorization Framework > Authors : Dick Hardt > Aaron Parecki > Torsten Lodderstedt > Filename : draft-ietf-oauth-v2-1-04.txt > Pages : 85 > Date : 2021-10-05 > > Abstract: > The OAuth 2.1 authorization framework enables a third-party > application to obtain limited access to an HTTP service, either on > behalf of a resource owner by orchestrating an approval interaction > between the resource owner and an authorization service, or by > allowing the third-party application to obtain access on its own > behalf. This specification replaces and obsoletes the OAuth 2.0 > Authorization Framework described in RFC 6749. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-04.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-1-04 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-04.t… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-… Aaron Parecki
- [OAUTH-WG] OAuth2.1 credentialed client Ash Narayanan
- [OAUTH-WG] convert to credentialed client... ( wa… Brian Campbell
- Re: [OAUTH-WG] convert to credentialed client... … Dick Hardt
- Re: [OAUTH-WG] convert to credentialed client... … Brian Campbell
- Re: [OAUTH-WG] convert to credentialed client... … David Waite
- Re: [OAUTH-WG] convert to credentialed client... … Ash Narayanan
- Re: [OAUTH-WG] convert to credentialed client... … Warren Parad
- Re: [OAUTH-WG] convert to credentialed client... … Ash Narayanan
- Re: [OAUTH-WG] convert to credentialed client... … Brian Campbell
- Re: [OAUTH-WG] convert to credentialed client... … Domingos Creado
- Re: [OAUTH-WG] convert to credentialed client... … Ash Narayanan