IETF Logo Mail Archive

Re: [OAUTH-WG] Token Binding Presentations?

Jim Manico <jim@manicode.com> Fri, 17 March 2017 18:14 UTC

Return-Path: <jim@manicode.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215EB1294ED for <oauth@ietfa.amsl.com>; Fri, 17 Mar 2017 11:14:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=manicode-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKkN07EFIzsB for <oauth@ietfa.amsl.com>; Fri, 17 Mar 2017 11:14:34 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4AB2120227 for <oauth@ietf.org>; Fri, 17 Mar 2017 11:14:34 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id a12so30684382ota.0 for <oauth@ietf.org>; Fri, 17 Mar 2017 11:14:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=manicode-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=eWgL8pOJvoMFBH9zh4/PVf7iNFngqG1i1dnidYVN3hI=; b=zCQE6OxCO3k6T98P2geSdyh0V0qSKeoBkLFuiHOrc2IiH9T7YZL7StCbLVrzrKSUAm QU11WaoEARg/Kqlz55Ur9ZiuNeHGuOT/I5gbwhgwDuc5caASea/q2x5MX6B22RkDo1RF e3ep5kwqHKLV6JJHP8Omlopn4LEZ5ViJvoYExqgtme3cnmVm2TdJaByyE0CuZU5KHYsr TKgKxEjdpSLMfBiQvwVzuaty7DYQu16V7VGi7P4uMBOgZSs5ED6HlzLs32IMa0/dF4BP b9oyozzEP447R1iit/VIMDbhZz7/Kmo+5K6clqDNNVF+aG/Fvs4QQq88WkGfVRxmz3d9 9dCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=eWgL8pOJvoMFBH9zh4/PVf7iNFngqG1i1dnidYVN3hI=; b=FsQsWAoQsFxX76MquDWFRXlta+ZQhSubCdThPSKV7cwtTMQ+86ViKgCqhc1dUSg580 NbC0QxdnAKLeHaIhFWFNJdijAdHNXaHkF25Tn185kSITyz4wDtnJQYDHXHgdl4pA5zyJ T+M79UmX8GaD86kLuoxZxOmFuXvSjZPcWZfftrHOKaBD63VJyV9jyll1JMKjRN6E1hxz YYK12iOXBOuPqFsHPoRO/rG70PyNBXNoJSOYIehfTFxMb5PDjBbYa3iiD71gLutz3jEw RGwND1AnADN+wIbCMlMoeWWVKXAV6+VPX2yhs2BNHGwTXGFjyydtIr5OOuysoGaKyy4T qEgg==
X-Gm-Message-State: AFeK/H3mkcJXAlLmjs5aTxNj5QpMOYoYtSN9iKngGNZwy/6LWawBiciGdwTmba+emRCSZkMq
X-Received: by 10.202.51.10 with SMTP id z10mr8478110oiz.214.1489774473988; Fri, 17 Mar 2017 11:14:33 -0700 (PDT)
Received: from heembo.local (mobile-166-173-186-133.mycingular.net. [166.173.186.133]) by smtp.googlemail.com with ESMTPSA id u131sm3741566oig.24.2017.03.17.11.14.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Mar 2017 11:14:33 -0700 (PDT)
To: Brian Campbell <bcampbell@pingidentity.com>, Dirk Balfanz <balfanz@google.com>
References: <411649D9-563A-49DA-8151-80DF5F45F3F8@manicode.com> <CA+k3eCR4-fxCyRHSvPGDn1s9gnpksUrVPBOAMm9wzJ2wW7=Jwg@mail.gmail.com>
Cc: IETF OAUTH <oauth@ietf.org>
From: Jim Manico <jim@manicode.com>
Message-ID: <3c3b863f-570d-8f5f-c912-870a7ffcbccf@manicode.com>
Date: Fri, 17 Mar 2017 12:14:29 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CA+k3eCR4-fxCyRHSvPGDn1s9gnpksUrVPBOAMm9wzJ2wW7=Jwg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------9C7A8A1AF445EC4EB5215E08"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/lY2lTmyaNC3pVOHwtuDVX-l-JTE>
Subject: Re: [OAUTH-WG] Token Binding Presentations?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 18:14:37 -0000

Brian (and John),

Thank you both for the references. Perfect.

Aloha, Jim


On 3/17/17 12:10 PM, Brian Campbell wrote:
> Dirk gave this preso nearly 2 years ago
> https://www.slideshare.net/CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015
> <https://www.slideshare.net/CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015>
> which is out of date but has the main concepts, I think. There's also
> this http://www.browserauth.net/token-binding
> <http://www.browserauth.net/token-binding> page by him.
>
> I'm planing on a doing a presentation on Token Binding at CIS
> <https://www.cloudidentitysummit.com> this summer. But that's not
> until June and none of the content exists yet.
>
> Otherwise the draft specs are probably the best bet at this point. And
> they are all still in draft, though some are more stable than others,
> they may still change.
>
> Token Binding:
> https://tools.ietf.org/html/draft-ietf-tokbind-https-08
> https://tools.ietf.org/html/draft-ietf-tokbind-protocol-13
> https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-07
>
> Application in OAuth:
> https://tools.ietf.org/html/draft-ietf-oauth-token-binding-02
>
> Application in OpenID Connect:
> http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html
>
>
>
>
> On Fri, Mar 17, 2017 at 9:09 AM, Jim Manico <jim@manicode.com
> <mailto:jim@manicode.com>> wrote:
>
>     Hello OAuthers,
>
>     I'm trying to get my head around token binding beyond the RFC. Are
>     there any presentations or other media on token binding that any
>     of you are aware of? My google-fu is coming up empty.
>
>     Thanks and Aloha,
>     - Jim
>     _______________________________________________
>     OAuth mailing list
>     OAuth@ietf.org <mailto:OAuth@ietf.org>
>     https://www.ietf.org/mailman/listinfo/oauth
>     <https://www.ietf.org/mailman/listinfo/oauth>
>
>

-- 
Jim Manico
Manicode Security
https://www.manicode.com

v2.23.0 | Report a Bug | By Email