[OAUTH-WG] Last Call: <draft-ietf-oauth-pop-architecture-07.txt> (OAuth 2.0 Proof-of-Possession (PoP) Security Architecture) to Informational RFC

The IESG <iesg-secretary@ietf.org> Wed, 02 December 2015 00:04 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A50AA1B2B37; Tue, 1 Dec 2015 16:04:04 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20151202000404.15752.96097.idtracker@ietfa.amsl.com>
Date: Tue, 01 Dec 2015 16:04:04 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/f_eCmwM4sD-uvMrwbTihIJVeGQc>
Cc: draft-ietf-oauth-pop-architecture@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org
Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-pop-architecture-07.txt> (OAuth 2.0 Proof-of-Possession (PoP) Security Architecture) to Informational RFC
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 00:04:04 -0000

The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'OAuth 2.0 Proof-of-Possession (PoP) Security Architecture'
  <draft-ietf-oauth-pop-architecture-07.txt> as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-12-15. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.


   The OAuth 2.0 bearer token specification, as defined in RFC 6750,
   allows any party in possession of a bearer token (a "bearer") to get
   access to the associated resources (without demonstrating possession
   of a cryptographic key).  To prevent misuse, bearer tokens must be
   protected from disclosure in transit and at rest.

   Some scenarios demand additional security protection whereby a client
   needs to demonstrate possession of cryptographic keying material when
   accessing a protected resource.  This document motivates the
   development of the OAuth 2.0 proof-of-possession security mechanism.

The file can be obtained via

IESG discussion can be tracked via

No IPR declarations have been submitted directly on this I-D.