[OAUTH-WG] Last Call: <draft-ietf-oauth-v2-threatmodel-06.txt> (OAuth 2.0 Threat Model and Security Considerations) to Informational RFC
The IESG <iesg-secretary@ietf.org> Thu, 28 June 2012 05:08 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97E8D21F8554; Wed, 27 Jun 2012 22:08:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.525
X-Spam-Level:
X-Spam-Status: No, score=-102.525 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fx1OEa+M9Tly; Wed, 27 Jun 2012 22:08:14 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA70621F8528; Wed, 27 Jun 2012 22:08:14 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.21p1
Message-ID: <20120628050814.22367.47575.idtracker@ietfa.amsl.com>
Date: Wed, 27 Jun 2012 22:08:14 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-threatmodel-06.txt> (OAuth 2.0 Threat Model and Security Considerations) to Informational RFC
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2012 05:08:16 -0000
The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'OAuth 2.0 Threat Model and Security Considerations' <draft-ietf-oauth-v2-threatmodel-06.txt> as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-07-11. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document gives additional security considerations for OAuth, beyond those in the OAuth specification, based on a comprehensive threat model for the OAuth 2.0 Protocol. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/ballot/ No IPR declarations have been submitted directly on this I-D.