Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-architecture-06.txt

Phil Hunt <phil.hunt@oracle.com> Tue, 24 November 2015 20:07 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8B131A891F for <oauth@ietfa.amsl.com>; Tue, 24 Nov 2015 12:07:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.786
X-Spam-Level:
X-Spam-Status: No, score=-4.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2MRkeI7DQXi for <oauth@ietfa.amsl.com>; Tue, 24 Nov 2015 12:07:13 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 280D41A891E for <oauth@ietf.org>; Tue, 24 Nov 2015 12:07:13 -0800 (PST)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id tAOK75do020798 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 24 Nov 2015 20:07:06 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.13.8/8.13.8) with ESMTP id tAOK75AS024523 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 24 Nov 2015 20:07:05 GMT
Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by userv0122.oracle.com (8.13.8/8.13.8) with ESMTP id tAOK75Ws006826; Tue, 24 Nov 2015 20:07:05 GMT
Received: from [192.168.1.200] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 24 Nov 2015 12:07:05 -0800
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <20151124200512.20833.28463.idtracker@ietfa.amsl.com>
Date: Tue, 24 Nov 2015 12:07:03 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <F787FB76-5C8D-45F5-8A81-E430E75A0455@oracle.com>
References: <20151124200512.20833.28463.idtracker@ietfa.amsl.com>
To: "<oauth@ietf.org>" <oauth@ietf.org>
X-Mailer: Apple Mail (2.3096.5)
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/wyR5gNXhJcY3cNlC7lTMdYp0nZA>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-architecture-06.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2015 20:07:14 -0000

This draft addresses review comments from Kathleen and Erik raised since the last draft.

It may not include some of the discussion from yesterday/today.  I will add that as the group decides.

Cheers,

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com

> On Nov 24, 2015, at 12:05 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Web Authorization Protocol Working Group of the IETF.
> 
>        Title           : OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
>        Authors         : Phil Hunt
>                          Justin Richer
>                          William Mills
>                          Prateek Mishra
>                          Hannes Tschofenig
> 	Filename        : draft-ietf-oauth-pop-architecture-06.txt
> 	Pages           : 23
> 	Date            : 2015-11-24
> 
> Abstract:
>   The OAuth 2.0 bearer token specification, as defined in RFC 6750,
>   allows any party in possession of a bearer token (a "bearer") to get
>   access to the associated resources (without demonstrating possession
>   of a cryptographic key).  To prevent misuse, bearer tokens must be
>   protected from disclosure in transit and at rest.
> 
>   Some scenarios demand additional security protection whereby a client
>   needs to demonstrate possession of cryptographic keying material when
>   accessing a protected resource.  This document motivates the
>   development of the OAuth 2.0 proof-of-possession security mechanism.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-06
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-architecture-06
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth