IETF Logo Mail Archive

[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-token-binding-04.txt

Brian Campbell <bcampbell@pingidentity.com> Mon, 03 July 2017 12:40 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6EA131602 for <oauth@ietfa.amsl.com>; Mon, 3 Jul 2017 05:40:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.739
X-Spam-Level:
X-Spam-Status: No, score=-1.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_frKJiBA5bE for <oauth@ietfa.amsl.com>; Mon, 3 Jul 2017 05:40:30 -0700 (PDT)
Received: from mail-pg0-x22c.google.com (mail-pg0-x22c.google.com [IPv6:2607:f8b0:400e:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F23612762F for <oauth@ietf.org>; Mon, 3 Jul 2017 05:40:28 -0700 (PDT)
Received: by mail-pg0-x22c.google.com with SMTP id u62so94770037pgb.3 for <oauth@ietf.org>; Mon, 03 Jul 2017 05:40:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Pa80aNB0nhY/mB2k3M1r1TAPT7xOS64ulaWE4y3myFg=; b=YJaEgqVhYZS+r7qTrxMKYuDS/2z7SCNEKEnGRsHYXfxWB05K2YRTVVgE43h3iuiI7/ 73/k7RUKZi9GbOXwEhLVafEeog0QsV2pYmYQu7P4TVbuiQxMYd9C0lED7FYC12Nrz458 p//FY2YAc6V6OjdAvfopX2RslEsy/1ZGmHCJg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Pa80aNB0nhY/mB2k3M1r1TAPT7xOS64ulaWE4y3myFg=; b=mcLANLCB/s4XJW1ffNCxQ/a9PvQc+aBmhYtR4OU7beTUOWWK5JGR7srDUcUyF4rO6K iUPVRpbRKD4F0IcGsuvnM7FJWWk0hwlaeFoU6MXwAYC6Fd2bpdIcz6uLlN9wYLMCc6xU Ci/PjQ48Cxz6QeQZQrM7NLXo3LnNMXoSInXTfvIdO28KWWyQA9ItU+o4JQlJcrBByrjK Ae8Fq+JPa0npHNQB2OM+y5uuLO1Wcr0AYVes9vJvtzmnxFxcj2g+7zlTHB70Y4wk/6P+ 8JP2oxqFxF2W6yDG4j+8crzakSv8uEd5jdAmTFMILC02cTOh2fQU/7kuMX+Lyk9n1g5f neTA==
X-Gm-Message-State: AIVw1132o6kQwdv840RaHg2BMGbmb/HajUBnvbWUR5gk9ZDcbTuoKGor t2iR5R8p+WO1rDo2R+O6anUsx8ELeiZincShpuFNH9+krY7keKVZcmVd6+msLkOcUzShQx6Kv3D Zqrw2
X-Received: by 10.84.217.219 with SMTP id d27mr10408978plj.180.1499085627424; Mon, 03 Jul 2017 05:40:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.129.130 with HTTP; Mon, 3 Jul 2017 05:39:56 -0700 (PDT)
In-Reply-To: <149908507711.3980.1045903851968629812@ietfa.amsl.com>
References: <149908507711.3980.1045903851968629812@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 03 Jul 2017 06:39:56 -0600
Message-ID: <CA+k3eCSg5vhoC-W119oo9RCVpDHrXV0uYNZCLkU5eUbEG89ipw@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="f403045cd78a4f9a860553691298"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/iOCsR_mq7u82EO9Gw27YukNRVk0>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-token-binding-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 12:40:33 -0000

Draft -04 of OAuth 2.0 Token Binding
<https://tools.ietf.org/html/draft-ietf-oauth-token-binding-04> has been
published with the following updates:

   o  Define how to convey token binding information of an access token
      via RFC 7662 OAuth 2.0 Token Introspection (note that the
      Introspection Response Registration request for cnf/Confirmation
      is in https://tools.ietf.org/html/draft-ietf-oauth-mtls-02#section-4.3
      which will likely be published and registered prior
      to this document).

   o  Minor editorial fixes.

   o  Added an open issue about needing to allow for web server clients
      to opt-out of having refresh tokens bound while still allowing for
      binding of access tokens (following from mention of the problem on
      slide 16 of the presentation from Chicago
      https://www.ietf.org/proceedings/98/slides/slides-98-oauth-sessb-
<https://www.ietf.org/proceedings/98/slides/slides-98-oauth-sessb-token-binding-00.pdf>
      token-binding-00.pdf
<https://www.ietf.org/proceedings/98/slides/slides-98-oauth-sessb-token-binding-00.pdf>).


---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Mon, Jul 3, 2017 at 6:31 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-04.txt
To: i-d-announce@ietf.org
Cc: oauth@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol of the IETF.

        Title           : OAuth 2.0 Token Binding
        Authors         : Michael B. Jones
                          John Bradley
                          Brian Campbell
                          William Denniss
        Filename        : draft-ietf-oauth-token-binding-04.txt
        Pages           : 27
        Date            : 2017-07-03

Abstract:
   This specification enables OAuth 2.0 implementations to apply Token
   Binding to Access Tokens, Authorization Codes, and Refresh Tokens.
   This cryptographically binds these tokens to a client's Token Binding
   key pair, possession of which is proven on the TLS connections over
   which the tokens are intended to be used.  This use of Token Binding
   protects these tokens from man-in-the-middle and token export and
   replay attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-04
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-binding-04

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-binding-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

-- 
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*

v2.23.0 | Report a Bug | By Email