Re: [OAUTH-WG] Token Binding Presentations?
Jim Manico <jim@manicode.com> Fri, 17 March 2017 18:14 UTC
Return-Path: <jim@manicode.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215EB1294ED for <oauth@ietfa.amsl.com>; Fri, 17 Mar 2017 11:14:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=manicode-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKkN07EFIzsB for <oauth@ietfa.amsl.com>; Fri, 17 Mar 2017 11:14:34 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4AB2120227 for <oauth@ietf.org>; Fri, 17 Mar 2017 11:14:34 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id a12so30684382ota.0 for <oauth@ietf.org>; Fri, 17 Mar 2017 11:14:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manicode-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=eWgL8pOJvoMFBH9zh4/PVf7iNFngqG1i1dnidYVN3hI=; b=zCQE6OxCO3k6T98P2geSdyh0V0qSKeoBkLFuiHOrc2IiH9T7YZL7StCbLVrzrKSUAm QU11WaoEARg/Kqlz55Ur9ZiuNeHGuOT/I5gbwhgwDuc5caASea/q2x5MX6B22RkDo1RF e3ep5kwqHKLV6JJHP8Omlopn4LEZ5ViJvoYExqgtme3cnmVm2TdJaByyE0CuZU5KHYsr TKgKxEjdpSLMfBiQvwVzuaty7DYQu16V7VGi7P4uMBOgZSs5ED6HlzLs32IMa0/dF4BP b9oyozzEP447R1iit/VIMDbhZz7/Kmo+5K6clqDNNVF+aG/Fvs4QQq88WkGfVRxmz3d9 9dCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=eWgL8pOJvoMFBH9zh4/PVf7iNFngqG1i1dnidYVN3hI=; b=FsQsWAoQsFxX76MquDWFRXlta+ZQhSubCdThPSKV7cwtTMQ+86ViKgCqhc1dUSg580 NbC0QxdnAKLeHaIhFWFNJdijAdHNXaHkF25Tn185kSITyz4wDtnJQYDHXHgdl4pA5zyJ T+M79UmX8GaD86kLuoxZxOmFuXvSjZPcWZfftrHOKaBD63VJyV9jyll1JMKjRN6E1hxz YYK12iOXBOuPqFsHPoRO/rG70PyNBXNoJSOYIehfTFxMb5PDjBbYa3iiD71gLutz3jEw RGwND1AnADN+wIbCMlMoeWWVKXAV6+VPX2yhs2BNHGwTXGFjyydtIr5OOuysoGaKyy4T qEgg==
X-Gm-Message-State: AFeK/H3mkcJXAlLmjs5aTxNj5QpMOYoYtSN9iKngGNZwy/6LWawBiciGdwTmba+emRCSZkMq
X-Received: by 10.202.51.10 with SMTP id z10mr8478110oiz.214.1489774473988; Fri, 17 Mar 2017 11:14:33 -0700 (PDT)
Received: from heembo.local (mobile-166-173-186-133.mycingular.net. [166.173.186.133]) by smtp.googlemail.com with ESMTPSA id u131sm3741566oig.24.2017.03.17.11.14.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Mar 2017 11:14:33 -0700 (PDT)
To: Brian Campbell <bcampbell@pingidentity.com>, Dirk Balfanz <balfanz@google.com>
References: <411649D9-563A-49DA-8151-80DF5F45F3F8@manicode.com> <CA+k3eCR4-fxCyRHSvPGDn1s9gnpksUrVPBOAMm9wzJ2wW7=Jwg@mail.gmail.com>
Cc: IETF OAUTH <oauth@ietf.org>
From: Jim Manico <jim@manicode.com>
Message-ID: <3c3b863f-570d-8f5f-c912-870a7ffcbccf@manicode.com>
Date: Fri, 17 Mar 2017 12:14:29 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CA+k3eCR4-fxCyRHSvPGDn1s9gnpksUrVPBOAMm9wzJ2wW7=Jwg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------9C7A8A1AF445EC4EB5215E08"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/lY2lTmyaNC3pVOHwtuDVX-l-JTE>
Subject: Re: [OAUTH-WG] Token Binding Presentations?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 18:14:37 -0000
Brian (and John), Thank you both for the references. Perfect. Aloha, Jim On 3/17/17 12:10 PM, Brian Campbell wrote: > Dirk gave this preso nearly 2 years ago > https://www.slideshare.net/CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015 > <https://www.slideshare.net/CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015> > which is out of date but has the main concepts, I think. There's also > this http://www.browserauth.net/token-binding > <http://www.browserauth.net/token-binding> page by him. > > I'm planing on a doing a presentation on Token Binding at CIS > <https://www.cloudidentitysummit.com> this summer. But that's not > until June and none of the content exists yet. > > Otherwise the draft specs are probably the best bet at this point. And > they are all still in draft, though some are more stable than others, > they may still change. > > Token Binding: > https://tools.ietf.org/html/draft-ietf-tokbind-https-08 > https://tools.ietf.org/html/draft-ietf-tokbind-protocol-13 > https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-07 > > Application in OAuth: > https://tools.ietf.org/html/draft-ietf-oauth-token-binding-02 > > Application in OpenID Connect: > http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html > > > > > On Fri, Mar 17, 2017 at 9:09 AM, Jim Manico <jim@manicode.com > <mailto:jim@manicode.com>> wrote: > > Hello OAuthers, > > I'm trying to get my head around token binding beyond the RFC. Are > there any presentations or other media on token binding that any > of you are aware of? My google-fu is coming up empty. > > Thanks and Aloha, > - Jim > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > -- Jim Manico Manicode Security https://www.manicode.com
- [OAUTH-WG] Token Binding Presentations? Jim Manico
- Re: [OAUTH-WG] Token Binding Presentations? John Bradley
- Re: [OAUTH-WG] Token Binding Presentations? Anthony Nadalin
- Re: [OAUTH-WG] Token Binding Presentations? John Bradley
- Re: [OAUTH-WG] Token Binding Presentations? Brian Campbell
- Re: [OAUTH-WG] Token Binding Presentations? Jim Manico