[OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-00.txt
John Bradley <ve7jtb@ve7jtb.com> Sun, 20 March 2016 21:18 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F46C12D762 for <oauth@ietfa.amsl.com>; Sun, 20 Mar 2016 14:18:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ve7jtb-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id roxIAsGM2S5H for <oauth@ietfa.amsl.com>; Sun, 20 Mar 2016 14:17:58 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E012412D548 for <oauth@ietf.org>; Sun, 20 Mar 2016 14:17:57 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id l68so88660481wml.0 for <oauth@ietf.org>; Sun, 20 Mar 2016 14:17:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:references:cc:to; bh=nu9GhScaV08UzBOSd8kjxiiqELfjJe0iVPDZg2WRw9g=; b=eZW1b+WS8BxCvTOr/Kqp0r9UkJD0P+At1gM5b6+b90Zo2YfmAOWxc8wzZJhlUhWbL7 sN9H9VUCwCGP+brwf5+vsuwS+LAIcVamb/7QW1IJfSVZcl3qq0NeGk5gn7/44/30BJUe UyaFxxRZY+A6SesIIgqmDRW6S2/Xbj1GQBDR0PeMftu4PviBiu75MqY4Yw8SJN/bMjxw OV9brCrWat4x8YHaURmNT1ndXeGvfyoPaBWsIvMu5RM6sU3d69s7NfkTf9ifSG7L+Iy9 DpquawwWHlIM356TEwXNOCb7bGnc2VCr7+CSfnST0oBC8cQqIF0J12YJUFGSTsCp6s/d JjQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :references:cc:to; bh=nu9GhScaV08UzBOSd8kjxiiqELfjJe0iVPDZg2WRw9g=; b=NXObJ2CKhhCNYVXdtlvmaiFt88kL1kpl/VeEYQV79nqv00ecJvbLw0u0W7BOHVE9v7 XnfXuqBz3CHOqA1bEFidoQ9qR2WduzqpOTphWrHUrocmPwsDDwCoEKrdAfyQBgDk/zLC 5LhGtH/sgFVMauV6KiFlbGw5T8r5R6x7iRywL6fBFht+fATW63FDFSoMPWgOvc5dDlI9 lf8czzCgdWX9mBJXr7NYD8rzmO40F/EdHutq5QuMzDMc1lp0UuVJQ7r3CG6WJd8d/aTF CEBXY3wZfvcbTsTmbuZn3LytHqaSkexhSVCAYzltx+uGiAHAIHM14E5/tTzQisr7+Ppq 4GVw==
X-Gm-Message-State: AD7BkJK1KpvhYob+a1yagz3Kt/QV5t9DhLBcFRdMMCFl1BKXDcqmZIaHg4x6Y8WPzhcchw==
X-Received: by 10.194.185.237 with SMTP id ff13mr29567663wjc.129.1458508676123; Sun, 20 Mar 2016 14:17:56 -0700 (PDT)
Received: from [10.107.1.6] ([46.166.190.234]) by smtp.gmail.com with ESMTPSA id w184sm7688822wmb.1.2016.03.20.14.17.54 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 20 Mar 2016 14:17:55 -0700 (PDT)
From: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_A3082E99-00D6-4640-B167-216EC7D831EF"; protocol="application/pkcs7-signature"; micalg="sha1"
Message-Id: <E3F98B49-1A06-4B46-813B-6C54B824EFE9@ve7jtb.com>
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Date: Sun, 20 Mar 2016 21:17:53 +0000
References: <20160320201414.8930.5136.idtracker@ietfa.amsl.com>
To: "<oauth@ietf.org>" <oauth@ietf.org>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/T3aylDhTdOZpOil3VIyqnmSG2VU>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2016 21:18:00 -0000
We have had a number of discussions about splitting the audience part of PoP key distribution out into it’s own draft Phil also requested a draft on how I propose propose that proper audiencing of access tokens can mitigate against the threat of bearer access token leakage. In response Brian Campbell and I have created a short 00 draft on how the client can specify the resource that it is requesting a token for without overloading scopes. I hope that this will make some of the issues clearer for our discussion. As Justin pointed out we may also want to separate out offline access and some other common things from scope as well. This is intended to start the discussion not preclude other discussions around how to reduce the overloading of scope. Regards John Bradley > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-campbell-oauth-resource-indicators-00.txt > Date: March 20, 2016 at 8:14:14 PM GMT > To: "Brian Campbell" <brian.d.campbell@gmail.com>, "John Bradley" <ve7jtb@ve7jtb.com> > > > A new version of I-D, draft-campbell-oauth-resource-indicators-00.txt > has been successfully submitted by Brian Campbell and posted to the > IETF repository. > > Name: draft-campbell-oauth-resource-indicators > Revision: 00 > Title: Resource Indicators for OAuth 2.0 > Document date: 2016-03-20 > Group: Individual Submission > Pages: 7 > URL: https://www.ietf.org/internet-drafts/draft-campbell-oauth-resource-indicators-00.txt > Status: https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/ > Htmlized: https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-00 > > > Abstract: > This straw-man specification defines an extension to The OAuth 2.0 > Authorization Framework that enables the client and authorization > server to more explicitly to communicate about the protected > resource(s) to be accessed. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat >
- [OAUTH-WG] Fwd: New Version Notification for draf… John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell