[OAUTH-WG] Call for adoption: OAuth Security Topics

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 02 February 2017 07:10 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D1591293EB for <oauth@ietfa.amsl.com>; Wed, 1 Feb 2017 23:10:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.955
X-Spam-Level:
X-Spam-Status: No, score=-6.955 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-1.156, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3tKIwcdJh3yc for <oauth@ietfa.amsl.com>; Wed, 1 Feb 2017 23:10:02 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4DB3128B44 for <oauth@ietf.org>; Wed, 1 Feb 2017 23:10:01 -0800 (PST)
Received: from [192.168.91.173] ([195.149.223.239]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MXr3H-1cvxS53UwB-00WoFK for <oauth@ietf.org>; Thu, 02 Feb 2017 08:09:59 +0100
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <ae7d8912-2a13-4d19-62b4-0b1d1106a555@gmx.net>
Date: Thu, 2 Feb 2017 08:09:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Q8NDIiNocBi4P9mrOTu45Oo4NgoWvCoh3"
X-Provags-ID: V03:K0:CFnYRQ0AjQGz8bXwzo4WNC1ZgWIiq27t5ERgzKMblGra8liZQDa 8wkmqCA9QFh8CDLPZQ1tc5NXy5cg0bpymFd8aI1jX0QbHhslO6s1FRdyHWZavYjTSEzSSl/ h3m35mWSjlpIWcI+LNbFEraLa9sb/ScjSj9i22iuzIRcnsNg0DHkTCVBkhpPciFyD01j0GF 0oSnLpLZ3XbTCpff2IUrg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:yQiZ39JzgLg=:1DnZJTli3YFLYivSIlwn99 Zt3kjRYHe4XyGVHiGabkNVME59Wt0WGnBY54expN6G1cRSSKaJ9OMgjNxqrvpEgaDxkB+iAD6 MQYzN+Zpofmwo/ZWr0ioxIqGNTXCYXHWziFtBDBb4xg+auWP4lWeLa4rtLPqka7vwzY9SIi0k FT/Mq0FeWOTTcReahLM7NM3cd5uwsDMw+BH+8WhRSJ9Yf0WtLu/y2m7z5ObInTgdqpEgFDD0D IPDS1OC610utNbkH+qGjSHxDJpLenZal/AK6H+kdLnoJKFlnnt1yilebUbf/eEkaKRJjazyeA k6gRI4h9iUVp8R2ZXS6oMlje8fxQxZA8QP5D8VCHZl2jSClJmYTV5z4udBtknix4PJHQu5KtR XEOsbxeA7hibgmKBNhpnrO+AlAbG06klhkFSdu0mssnS0wJp/0quJbA2bAF0f3vCAGZd66drS Y1TCVclidur4tQ6ErFj/YPWcHJTBCaY90neC7iuPsID60+mMWgI30rvoBrOjWu0A19Yys4UkU B5H26Dvp8qzJpG2e1RFwpOHCOHGM+Av3xdEAUXq+MTvTCEvL/2ucaFRPbsq7sidWXcETIi2X7 k4EZtTqpnEeGSeDmn0iY4RF3yXsLtAGK9r6QjN32uKs+qZ8wMlThR/yjxsBYJvEulEz6Va1Du 6UCNryW/46osVMfBTSjAtz1/uweY/nKgdYZZWH1VROdvZimGWZUPNWWV8rlQmnvxsqzOdhff4 E1PsnWAMa6p5DOZkLkdb9+UQsmxeVzSO+bEZ77antgwbqPyuiHU+iYloL2E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/m3FXX4bPhXECI8XIf0t40BkCR5Q>
Subject: [OAUTH-WG] Call for adoption: OAuth Security Topics
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 07:10:03 -0000

Hi all,

this is the call for adoption of the 'OAuth Security Topics' document
following the positive call for adoption at the last IETF
meeting in Seoul.

Here is the document:
https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00

The intention with this document is to have a place to collect
discussions and conclusions around OAuth 2.0 security and to reference
the actual solution specifications.

Please let us know by Feb 16th whether you accept / object to the
adoption of this document as a starting point for work in the OAuth
working group.

Ciao
Hannes & Derek