Re: [OAUTH-WG] New OAuth DPoP and Security BCP drafts
Filip Skokan <panva.ip@gmail.com> Mon, 08 July 2019 15:15 UTC
Return-Path: <panva.ip@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21F25120242 for <oauth@ietfa.amsl.com>; Mon, 8 Jul 2019 08:15:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpWWvDkygkBu for <oauth@ietfa.amsl.com>; Mon, 8 Jul 2019 08:15:27 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09A5512026F for <oauth@ietf.org>; Mon, 8 Jul 2019 08:15:27 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id r6so16568796oti.3 for <oauth@ietf.org>; Mon, 08 Jul 2019 08:15:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hx7lLcvO+1PuP8Z9NFD641cz+nxIGNs5rOxjeNUweFs=; b=ur5MxVOEgJh+L5Rc1zDVhE0SfEdR6c4tQheCXVUnT7O+c5rIZJ8AVY79NN68vy3pfP Dq7SRxtZ2e1ueOmHg2i1ciJtO7SRgOq93PPssSX6cCVafvCbbJFV19RGlGy6ZkLpWt5+ FygB/FwhSlJhztav6w+j52dgydptGzr+ej9UwzlqBdmfhlinUJ2kw3QT9LmyBczeTyWa mLa8+CXnDol5fmAKBctcmP2/40rRYcpUxKDd6gKqJWbArIO2QFPvar4t1Uzh9e6SLSqo nk0zktIQ0hsr5gGZenOzRfpgCGrWY/8jDKEOPThvLftpsxK9GqiQcG8EBAbYeTC9kHwl 2pjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hx7lLcvO+1PuP8Z9NFD641cz+nxIGNs5rOxjeNUweFs=; b=MY3M8iv3pkw6qhOtriq9F3NQCdxbKmH4DcHOpWJYqk7zDl/FXZIFI4RhXHqnO34d7B TJbmc7XNW3cYN6EFEznURQJcal7aaPH0cfKzprBt39TLiMfFY2mFQWfxDIxK0eN+APs7 B6dnJOO5DQz7sGQCJa9zKem13PvBJhGIpFG5ONirKBMLfZkiAXlY/M5uOADShIcav2IF yRxhV/6DXzUkQOKxbm3Vt5I0vIBPYHyYgFA8C8f1P5bGOpW9XiocqeEuzuz5Htf4exSr 2IqY4e/wAKQl64Qosxp+oB4jACRkiOP/uToSD8fCFDcTfvbb0Ium45jZCx3JwwronW7K Jhag==
X-Gm-Message-State: APjAAAU1QKWA729eJczAHYGI6RoS5nNv0hhNYLvenWW6Z+rrOWtwuq7S tJal2kMMO9AC+SflUI4udclhc72ViFg77LMv5fthgGND/A==
X-Google-Smtp-Source: APXvYqyo7t3etSa2jwhzIbnuiREsiO33DHLEcDzK0E9kkeZgQGViSWSBk6EdKekzbJfmACGMY9Wb6DoUyAnx2HcJpPo=
X-Received: by 2002:a9d:7a4e:: with SMTP id z14mr15576675otm.258.1562598926279; Mon, 08 Jul 2019 08:15:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAHB17EwniJw9R3Cr9d_AZjaepha+UO+eBBLHYdOZNUEyt+c2Xw@mail.gmail.com>
In-Reply-To: <CAHB17EwniJw9R3Cr9d_AZjaepha+UO+eBBLHYdOZNUEyt+c2Xw@mail.gmail.com>
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 08 Jul 2019 17:15:15 +0200
Message-ID: <CALAqi__6pt1W-0qY7SkDcDJuXUHeJvEOYtRkWTqZbv8F9MHNzA@mail.gmail.com>
To: Daniel Fett <danielf+oauth@yes.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ed690b058d2ce95d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eQptIlB8Xe5kzt8yD6MryGek0UA>
Subject: Re: [OAUTH-WG] New OAuth DPoP and Security BCP drafts
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 15:15:37 -0000
I've updated my OP projects draft implementation to 02 as well as the example browser based client using DPoP for those interested RP: https://murmuring-journey-60982.herokuapp.com OP: https://op.panva.cz/.well-known/openid-configuration As I've mentioned in the github issue tracker i think a server discovery medatata will be needed so that the RP can know upfront which DSAs are supported on the OP side to validate DPoP Proof JWTs with Best, *Filip Skokan* On Mon, 8 Jul 2019 at 15:30, Daniel Fett <danielf+oauth@yes.com> wrote: > All, > > In preparation for the meeting in Montreal, I just uploaded a new version > of the DPoP draft: > https://tools.ietf.org/html/draft-fett-oauth-dpop-02 > > Please have a look and let me know what you think. We should make this a > working group item soon. > > As you might have noticed, there is also a new version of the Security > Best Current Practice draft: > https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13 > > -Daniel > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] New OAuth DPoP and Security BCP drafts Daniel Fett
- Re: [OAUTH-WG] New OAuth DPoP and Security BCP dr… Filip Skokan
- Re: [OAUTH-WG] New OAuth DPoP and Security BCP dr… Filip Skokan
- Re: [OAUTH-WG] New OAuth DPoP and Security BCP dr… Sascha Preibisch
- Re: [OAUTH-WG] New OAuth DPoP and Security BCP dr… Paul Querna
- Re: [OAUTH-WG] New OAuth DPoP and Security BCP dr… Brian Campbell