[OAUTH-WG] Updated OAuth Meeting Agenda
Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 01 April 2016 16:00 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80A6A12D6C0 for <oauth@ietfa.amsl.com>; Fri, 1 Apr 2016 09:00:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GOLRp1vMrYd3 for <oauth@ietfa.amsl.com>; Fri, 1 Apr 2016 09:00:19 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5135E12D70A for <oauth@ietf.org>; Fri, 1 Apr 2016 09:00:12 -0700 (PDT)
Received: from [192.168.10.140] ([200.27.220.46]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MLNeQ-1alTGE1wLC-000ZXa for <oauth@ietf.org>; Fri, 01 Apr 2016 18:00:09 +0200
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <56FE9B0D.9050005@gmx.net>
Date: Fri, 01 Apr 2016 18:00:13 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="uJWRgeWDG38IRTwFnhG8kO6V2usEjOxup"
X-Provags-ID: V03:K0:vJCANw3WX2ryLWLQ1u9TdXqpFNXiEitrh09/AoSKHviPRhk8BC8 BBCUYNaWZ5DpPCS0HRprW+obpzBBjjvNmnRSaxLRKBJX2ZYwsTpcMUaSov4D3wMVxAcfnuE /laQpljW7ohYF/XpTtacHsYTGlyUt1xIpNijWXZ00pLWcIjcYnmZShXjx9p9VUrT+RckVHM cnFfYW05Noh1sQYr/IA2g==
X-UI-Out-Filterresults: notjunk:1;V01:K0:qiitIOklfz8=:8HfXZDy7eOLtzOOViFSxtm XIOCZwKg6GyJAwnTha+T4FwgvppvXbl4ajj76fZKRNe2aRVjDLcZW+1ItGXiH6kupmUyPwm3M YBgcqE9NsGcPS54rtKaKTN//gsaf0Pi21D5qy21cMwilt+WNYl34QG63B9lqn0scBGrI1JZIH 1CpzfzhL3yrfGIlaAldUqWLuQ8Kl2munJ6AXYjXpcnA3R1E/qSSZ/ngbFylL3OVEsyay5yUS6 LrGlGVeLOCdswNUR/hCyS/W6rST9KYm1+l2bczaAbnN2PSGStH1/dI/xrNQGrWd9VAt+bcpBl KNcK2KKI/wjQ8iqIJ7xD3yMXJJfvzdx1O1kGu82BejNzb18KbQJ4MQWqfezbGHmJTHa+J85XI 7QNvjcjgFKKtb9aKVIguBq1PbSBUxedwLJVq55c921FIFICQotDbCbbYlJSsjqjMAgSkIeMpb UA1gVch3Jzk5Ov4ltqFQ3nUQvxZyFEM7BGcfc0GFfRIoOqtMeHU4fnb4bQUb4FzED2gcjQPf8 nUAMDkEa2NmQ1Irqrkhn3k9IDWZHRF1LUs2A6m5AWPw+aPVFLyLXE15vJAhqeivaUOpQlPtiy JrQfaAqNBBRuh83O3oX5JYM3ag1gGQ/ZnwjhU0kkMNelhCcb8vPxssZCV7sfD8rWdGOHnH+0s I3cKyGbhd6TCT+Ia67B2o+gylEHszXNicPxE1rhWW6qm6DT8oVTL5TjKvnEQ9LOF/+rSFFLdO rcZu6xybBjFOxrrGZu+rVqfnp5yJgOl9ntKsdEUvi+suhV2xXc1P1yg5y9g=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/YOwce2p5_bYfTIrTCNGJXsWAuzw>
Subject: [OAUTH-WG] Updated OAuth Meeting Agenda
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2016 16:00:22 -0000
Hi all, based on the feedback I have updated the meeting agenda. Here is the new proposal: https://www.ietf.org/proceedings/95/agenda/agenda-95-oauth Ciao Hannes --------------------- IETF 95 OAuth Meeting Agenda Wednesday, 10:00-12:30 Chairs: Hannes Tschofenig/Derek Atkins - Status Update (Hannes, 5 min) (a) Informal OAuth Security Workshop (December 2015) (b) OAuth Security Workshop (July 2016) (c) Re-chartering (d) "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" as RFC *** WG Documents *** - OAuth 2.0 Mix-Up Mitigation (Hannes, 45 min) https://datatracker.ietf.org/doc/draft-ietf-oauth-mix-up-mitigation/ Presentation about the problems/threats we are solving: (a) OAuth Mix-Up (John) (b) Cut-and-paste Attack (Nat) Move cut-and-paste threat to a different document? - OAuth Discovery (45min) What are the use cases the discovery document is solving? OAuth 2.0 Authorization Server Discovery Metadata (Mike, 15 min) https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ OAuth Response Metadata (Nat, 15min) https://datatracker.ietf.org/doc/draft-sakimura-oauth-meta/ OAuth 2.0 Bound Configuration Lookup (Phil, 15min) https://tools.ietf.org/html/draft-hunt-oauth-bound-config-00 - Token Exchange (Brian, 15 min) https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ What has been done and discuss open issues? Implementation status? Interoperability? - OAuth 2.0 for Native Apps (William, 15 min) http://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/ Presentation of availability of code. Moving the document to WGLC as soon as enough people did interop tests. *** Non-WG Documents *** - Resource Indicators for OAuth 2.0 (Brian/John, 15 min) https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/ *** Not Discussed *** - Authentication Method Reference Values document published. https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/ - Proof-of-Possession http://datatracker.ietf.org/doc/draft-ietf-oauth-proof-of-possession/ http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/ https://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/ - OAuth 2.0 JWT Authorization Request (JAR) https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/ Why is the document important? (related to mix-up attack) After the WGLC is the document ready? - OAuth 2.0 Security: Closing Open Redirectors in OAuth https://datatracker.ietf.org/doc/draft-ietf-oauth-closing-redirectors/ Haven't received more feedback. WGLC? - OAuth 2.0 Device Flow https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ Compare the document with current deployment and provide feedback. Mike to send feedback from the Microsoft team. - Conclusion (Hannes, 10 min)
- [OAUTH-WG] Updated OAuth Meeting Agenda Hannes Tschofenig