[OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-10.txt
internet-drafts@ietf.org Tue, 17 June 2025 14:17 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from [10.244.8.178] (unknown [104.131.183.230]) by mail2.ietf.org (Postfix) with ESMTP id A4A5F35F4A40; Tue, 17 Jun 2025 07:17:39 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.41.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <175016985952.523495.3155620685572659697@dt-datatracker-75bbdb9cc5-qvb4t>
Date: Tue, 17 Jun 2025 07:17:39 -0700
Message-ID-Hash: JXGGVSWXKM4KWW6LYQ2GLLLJVFOUUSU3
X-Message-ID-Hash: JXGGVSWXKM4KWW6LYQ2GLLLJVFOUUSU3
X-MailFrom: internet-drafts@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-10.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/MltkEemrGIXCGaekR-uNXdOIQbw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Internet-Draft draft-ietf-oauth-cross-device-security-10.txt is now available.
It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: Cross-Device Flows: Security Best Current Practice
Authors: Pieter Kasselmann
Daniel Fett
Filip Skokan
Name: draft-ietf-oauth-cross-device-security-10.txt
Pages: 58
Dates: 2025-06-17
Abstract:
This document describes threats against cross-device flows along with
practical mitigations, protocol selection guidance, and a summary of
formal analysis results identified as relevant to the security of
cross-device flows. It serves as a security guide to system
designers, architects, product managers, security specialists, fraud
analysts and engineers implementing cross-device flows.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-cross-device-security/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-cross-device-security-10.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-cross-device-security-10
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
- [OAUTH-WG] I-D Action: draft-ietf-oauth-cross-dev… internet-drafts
- [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-cross… Pieter Kasselman
- [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-cross… Dan Moore
- [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-cross… Pieter Kasselman