Return-Path: <panva.ip@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 21F25120242
 for <oauth@ietfa.amsl.com>; Mon,  8 Jul 2019 08:15:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level: 
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
 PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
 autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VpWWvDkygkBu for <oauth@ietfa.amsl.com>;
 Mon,  8 Jul 2019 08:15:27 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com
 [IPv6:2607:f8b0:4864:20::32d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 09A5512026F
 for <oauth@ietf.org>; Mon,  8 Jul 2019 08:15:27 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id r6so16568796oti.3
 for <oauth@ietf.org>; Mon, 08 Jul 2019 08:15:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=hx7lLcvO+1PuP8Z9NFD641cz+nxIGNs5rOxjeNUweFs=;
 b=ur5MxVOEgJh+L5Rc1zDVhE0SfEdR6c4tQheCXVUnT7O+c5rIZJ8AVY79NN68vy3pfP
 Dq7SRxtZ2e1ueOmHg2i1ciJtO7SRgOq93PPssSX6cCVafvCbbJFV19RGlGy6ZkLpWt5+
 FygB/FwhSlJhztav6w+j52dgydptGzr+ej9UwzlqBdmfhlinUJ2kw3QT9LmyBczeTyWa
 mLa8+CXnDol5fmAKBctcmP2/40rRYcpUxKDd6gKqJWbArIO2QFPvar4t1Uzh9e6SLSqo
 nk0zktIQ0hsr5gGZenOzRfpgCGrWY/8jDKEOPThvLftpsxK9GqiQcG8EBAbYeTC9kHwl
 2pjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=hx7lLcvO+1PuP8Z9NFD641cz+nxIGNs5rOxjeNUweFs=;
 b=MY3M8iv3pkw6qhOtriq9F3NQCdxbKmH4DcHOpWJYqk7zDl/FXZIFI4RhXHqnO34d7B
 TJbmc7XNW3cYN6EFEznURQJcal7aaPH0cfKzprBt39TLiMfFY2mFQWfxDIxK0eN+APs7
 B6dnJOO5DQz7sGQCJa9zKem13PvBJhGIpFG5ONirKBMLfZkiAXlY/M5uOADShIcav2IF
 yRxhV/6DXzUkQOKxbm3Vt5I0vIBPYHyYgFA8C8f1P5bGOpW9XiocqeEuzuz5Htf4exSr
 2IqY4e/wAKQl64Qosxp+oB4jACRkiOP/uToSD8fCFDcTfvbb0Ium45jZCx3JwwronW7K
 Jhag==
X-Gm-Message-State: APjAAAU1QKWA729eJczAHYGI6RoS5nNv0hhNYLvenWW6Z+rrOWtwuq7S
 tJal2kMMO9AC+SflUI4udclhc72ViFg77LMv5fthgGND/A==
X-Google-Smtp-Source: APXvYqyo7t3etSa2jwhzIbnuiREsiO33DHLEcDzK0E9kkeZgQGViSWSBk6EdKekzbJfmACGMY9Wb6DoUyAnx2HcJpPo=
X-Received: by 2002:a9d:7a4e:: with SMTP id z14mr15576675otm.258.1562598926279; 
 Mon, 08 Jul 2019 08:15:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAHB17EwniJw9R3Cr9d_AZjaepha+UO+eBBLHYdOZNUEyt+c2Xw@mail.gmail.com>
In-Reply-To: <CAHB17EwniJw9R3Cr9d_AZjaepha+UO+eBBLHYdOZNUEyt+c2Xw@mail.gmail.com>
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 8 Jul 2019 17:15:15 +0200
Message-ID: <CALAqi__6pt1W-0qY7SkDcDJuXUHeJvEOYtRkWTqZbv8F9MHNzA@mail.gmail.com>
To: Daniel Fett <danielf+oauth@yes.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ed690b058d2ce95d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eQptIlB8Xe5kzt8yD6MryGek0UA>
Subject: Re: [OAUTH-WG] New OAuth DPoP and Security BCP drafts
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>,
 <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
 <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 15:15:37 -0000

--000000000000ed690b058d2ce95d
Content-Type: text/plain; charset="UTF-8"

I've updated my OP projects draft implementation to 02 as well as the
example browser based client using DPoP for those interested

RP: https://murmuring-journey-60982.herokuapp.com
OP: https://op.panva.cz/.well-known/openid-configuration

As I've mentioned in the github issue tracker i think a server discovery
medatata will be needed so that the RP can know upfront which DSAs are
supported on the OP side to validate DPoP Proof JWTs with

Best,
*Filip Skokan*


On Mon, 8 Jul 2019 at 15:30, Daniel Fett <danielf+oauth@yes.com> wrote:

> All,
>
> In preparation for the meeting in Montreal, I just uploaded a new version
> of the DPoP draft:
> https://tools.ietf.org/html/draft-fett-oauth-dpop-02
>
> Please have a look and let me know what you think. We should make this a
> working group item soon.
>
> As you might have noticed, there is also a new version of the Security
> Best Current Practice draft:
> https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13
>
> -Daniel
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

--000000000000ed690b058d2ce95d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;ve updated my OP projects draft implementation to 02=
 as well as the example browser based client using DPoP for those intereste=
d<div><br></div><div>RP:=C2=A0<a href=3D"https://murmuring-journey-60982.he=
rokuapp.com/">https://murmuring-journey-60982.herokuapp.com</a></div><div>O=
P:=C2=A0<a href=3D"https://op.panva.cz/.well-known/openid-configuration">ht=
tps://op.panva.cz/.well-known/openid-configuration</a></div><div><br></div>=
<div>As I&#39;ve mentioned in the github issue tracker i think a server dis=
covery medatata will be needed so that the RP can know upfront which DSAs a=
re supported on the OP side to validate DPoP Proof JWTs with<br><div><div><=
br clear=3D"all"><div><div dir=3D"ltr" class=3D"gmail_signature" data-smart=
mail=3D"gmail_signature">Best,<br><b>Filip Skokan</b></div></div><br></div>=
</div></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"=
gmail_attr">On Mon, 8 Jul 2019 at 15:30, Daniel Fett &lt;<a href=3D"mailto:=
danielf%2Boauth@yes.com">danielf+oauth@yes.com</a>&gt; wrote:<br></div><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div>All,</d=
iv><div><br></div><div>In preparation for the meeting in Montreal, I just u=
ploaded a new version of the DPoP draft:</div><div><a href=3D"https://tools=
.ietf.org/html/draft-fett-oauth-dpop-02" target=3D"_blank">https://tools.ie=
tf.org/html/draft-fett-oauth-dpop-02</a></div><div><br></div><div>Please ha=
ve a look and let me know what you think. We should make this a working gro=
up item soon.</div><div><br></div><div>As you might have noticed, there is =
also a new version of the Security Best Current Practice draft: <br></div><=
div><a href=3D"https://tools.ietf.org/html/draft-ietf-oauth-security-topics=
-13" target=3D"_blank">https://tools.ietf.org/html/draft-ietf-oauth-securit=
y-topics-13</a></div><div><br></div><div>-Daniel<br></div></div>
_______________________________________________<br>
OAuth mailing list<br>
<a href=3D"mailto:OAuth@ietf.org" target=3D"_blank">OAuth@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/oauth" rel=3D"noreferrer" =
target=3D"_blank">https://www.ietf.org/mailman/listinfo/oauth</a><br>
</blockquote></div>

--000000000000ed690b058d2ce95d--