[OAUTH-WG] Last Call: <draft-ietf-oauth-pop-architecture-07.txt> (OAuth 2.0 Proof-of-Possession (PoP) Security Architecture) to Informational RFC
The IESG <iesg-secretary@ietf.org> Wed, 02 December 2015 00:04 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A50AA1B2B37; Tue, 1 Dec 2015 16:04:04 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20151202000404.15752.96097.idtracker@ietfa.amsl.com>
Date: Tue, 01 Dec 2015 16:04:04 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/f_eCmwM4sD-uvMrwbTihIJVeGQc>
Cc: draft-ietf-oauth-pop-architecture@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org
Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-pop-architecture-07.txt> (OAuth 2.0 Proof-of-Possession (PoP) Security Architecture) to Informational RFC
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 00:04:04 -0000
The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'OAuth 2.0 Proof-of-Possession (PoP) Security Architecture' <draft-ietf-oauth-pop-architecture-07.txt> as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-12-15. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The OAuth 2.0 bearer token specification, as defined in RFC 6750, allows any party in possession of a bearer token (a "bearer") to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens must be protected from disclosure in transit and at rest. Some scenarios demand additional security protection whereby a client needs to demonstrate possession of cryptographic keying material when accessing a protected resource. This document motivates the development of the OAuth 2.0 proof-of-possession security mechanism. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ballot/ No IPR declarations have been submitted directly on this I-D.