[OAUTH-WG] Fwd: [websec] unbearable - new mailing list to discuss better than bearer tokens...

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 05 December 2014 19:17 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23E251ACE9C for <oauth@ietfa.amsl.com>; Fri, 5 Dec 2014 11:17:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9pONd5T_kJYf for <oauth@ietfa.amsl.com>; Fri, 5 Dec 2014 11:17:11 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB5F81A1E0B for <oauth@ietf.org>; Fri, 5 Dec 2014 11:17:10 -0800 (PST)
Received: from [192.168.131.135] ([80.92.119.109]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MJngW-1Xy4Iq3cAO-001D3v for <oauth@ietf.org>; Fri, 05 Dec 2014 20:17:09 +0100
Message-ID: <548204B3.5050903@gmx.net>
Date: Fri, 05 Dec 2014 20:17:07 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
References: <5481E0A7.2090604@cs.tcd.ie>
In-Reply-To: <5481E0A7.2090604@cs.tcd.ie>
OpenPGP: id=4D776BC9
X-Forwarded-Message-Id: <5481E0A7.2090604@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="AsDCnQ7UdaQdefhcDJtuMthGGM9M01EgN"
X-Provags-ID: V03:K0:yU0bRFqwczX9vQ6io3WuBN1zuFmBxXpqci2QrK8naIJQmvmFn7R MJ9/D0ahPm/D5XAsEUGU1CJxHL8Y0fJkah3UvDKHVNYXwBRxfq8quGtjxNY7Af5ZyTBRBYd /A+waeWTqNfmf7qKDcWKgWw2/9wm0H4YZ9fD8sFGIBA1C4ExdMRrvXNczqSto8DZ6gZiTwg eKTA1dPqrINZvH0Mzxi9A==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/bTiVzMpAhMTzECMbY-WU6gjnPL8
Subject: [OAUTH-WG] Fwd: [websec] unbearable - new mailing list to discuss better than bearer tokens...
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2014 19:17:13 -0000



-------- Forwarded Message --------
Subject: [websec] unbearable - new mailing list to discuss better than
bearer tokens...
Date: Fri, 05 Dec 2014 16:43:19 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Reply-To: Stephen Farrell <Stephen.Farrell@cs.tcd.ie>
To: saag@ietf.org <saag@ietf.org>, websec <websec@ietf.org>,
uta@ietf.org <uta@ietf.org>, ietf-http-wg@w3.org Group
<ietf-http-wg@w3.org>, http-auth@ietf.org <http-auth@ietf.org>


Hiya,

Following up on the presentation at IETF-91 on this topic, [1]
we've created a new list [2] for moving that along. The list
description is:

"This list is for discussion of proposals for doing better than bearer
tokens (e.g. HTTP cookies, OAuth tokens etc.) for web applications.
The specific goal is chartering a WG focused on preventing security
token export and replay attacks."

If you're interested please join in.

Thanks to Vinod and Andrei for agreeing to admin the list.

We'll kick off discussion in a few days when folks have had
a chance to subscribe.

Cheers,
S.

PS: Please don't reply-all to this, join the new list, wait
a few days and then say what you need to say:-)

[1] https://tools.ietf.org/agenda/91/slides/slides-91-uta-2.pdf
[2] https://www.ietf.org/mailman/listinfo/unbearable

_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec