Re: [OAUTH-WG] Token Binding Presentations?

Brian Campbell <bcampbell@pingidentity.com> Fri, 17 March 2017 18:11 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7554F12894E for <oauth@ietfa.amsl.com>; Fri, 17 Mar 2017 11:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RB-5E2MfofeV for <oauth@ietfa.amsl.com>; Fri, 17 Mar 2017 11:11:29 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104B0124D68 for <oauth@ietf.org>; Fri, 17 Mar 2017 11:11:29 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id e129so1963205pfh.0 for <oauth@ietf.org>; Fri, 17 Mar 2017 11:11:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EXbW3EsgArKxQtRdDmrjIT7w1znQ3XMOqke7sEtt3/g=; b=SrTLlDfTfHTMAecMoboVZAtUqvZ4uWE9hP4bnvZ8cWUVk0VY0wMh+KaQYCj5xjXpXA L+tadOg5922hFHD3k8Heh4Ewk1ZZZfVPfNeljfRrOuLZZGIbY9scIPt9fKbVihIT8uNL CidVuAERAlnwOHsoqtzoDGS45izEqZKKpkM2o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EXbW3EsgArKxQtRdDmrjIT7w1znQ3XMOqke7sEtt3/g=; b=T0YdVACdrtQzGwmxfJ278T7a38MqglpgWA/gFKYtHN/6OaiqfLOxj/nkxIb/h1E6Le 3dr3hgXRfolDoI/4V7mgBz7LhC8W9/YpotUPkrW/b2hknTuIhMQ7/kPhRcthFnEn4JjE iR7aOgFxnYgP3/kxYet+XSIoYEV3LGrpGO6HUcgO85bAvJbZ40awaSgMYVVHgl89jjKC w1Z5Sjx1x2tv1M192NEH9UV7neix+xMMgFvu989dG6xw6BdgUr/K+5bCLVOJunpQz6xG HBpmUEwpP1Rn6ZRS4HOKS8Fft62qcX3NmzpkF3KycutEZV8YrEQ+LIH1uNpeLXUIRFsa EJWA==
X-Gm-Message-State: AFeK/H2u4hDiH/uAM3/nUIIrJs3u6SbwXeGiOkEEC2yuRzJv/Fj8qAFBJb1R8cplttI0RxY/yfLvSiAVCMZPS8h5
X-Received: by 10.98.216.202 with SMTP id e193mr18340513pfg.80.1489774288556; Fri, 17 Mar 2017 11:11:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.170.138 with HTTP; Fri, 17 Mar 2017 11:10:58 -0700 (PDT)
In-Reply-To: <411649D9-563A-49DA-8151-80DF5F45F3F8@manicode.com>
References: <411649D9-563A-49DA-8151-80DF5F45F3F8@manicode.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 17 Mar 2017 12:10:58 -0600
Message-ID: <CA+k3eCR4-fxCyRHSvPGDn1s9gnpksUrVPBOAMm9wzJ2wW7=Jwg@mail.gmail.com>
To: Jim Manico <jim@manicode.com>, Dirk Balfanz <balfanz@google.com>
Cc: IETF OAUTH <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a114672be43edeb054af11b72"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/pk-n8A9tcBrd64YwTN3cO506E3Y>
Subject: Re: [OAUTH-WG] Token Binding Presentations?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 18:11:31 -0000

Dirk gave this preso nearly 2 years ago https://www.slideshare.net/
CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015 which is
out of date but has the main concepts, I think. There's also this
http://www.browserauth.net/token-binding page by him.

I'm planing on a doing a presentation on Token Binding at CIS
<https://www.cloudidentitysummit.com> this summer. But that's not until
June and none of the content exists yet.

Otherwise the draft specs are probably the best bet at this point. And they
are all still in draft, though some are more stable than others, they may
still change.

Token Binding:
https://tools.ietf.org/html/draft-ietf-tokbind-https-08
https://tools.ietf.org/html/draft-ietf-tokbind-protocol-13
https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-07

Application in OAuth:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-02

Application in OpenID Connect:
http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html




On Fri, Mar 17, 2017 at 9:09 AM, Jim Manico <jim@manicode.com> wrote:

> Hello OAuthers,
>
> I'm trying to get my head around token binding beyond the RFC. Are there
> any presentations or other media on token binding that any of you are aware
> of? My google-fu is coming up empty.
>
> Thanks and Aloha,
> - Jim
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>