[OAUTH-WG] OAuth 2.0 Threat Model and Security Considerations
Barry Leiba <barryleiba@computer.org> Mon, 27 June 2011 22:18 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB26A1F0C4D for <oauth@ietfa.amsl.com>; Mon, 27 Jun 2011 15:18:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juglUOM-qG3g for <oauth@ietfa.amsl.com>; Mon, 27 Jun 2011 15:18:34 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id B41ED1F0C49 for <oauth@ietf.org>; Mon, 27 Jun 2011 15:18:25 -0700 (PDT)
Received: by ywp31 with SMTP id 31so3057207ywp.31 for <oauth@ietf.org>; Mon, 27 Jun 2011 15:18:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:date:x-google-sender-auth :message-id:subject:from:to:content-type; bh=c65Pi6THKbnK8Aaa2T+ac8wVnyzdCpJmkOZi0AA6ydA=; b=R650XzrNVTzyXrWylocHLK7nUxeQTe/MycLMpLZVoSS+ZddbimFlT3g6TC87yNoIjw txtEZLmO346I5Wb1lgOUBjUbW5qpVfUFz0L0RH2isju2cg8upmXXXYuS62HYtf6AGbNM lIaLJ6paYCxAyYGO1BDxlnROawnXA/d8y0BH8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=jHt4zVkXQYBGYUAEiSfU+984f+CkG6mhEMGXUEmCn/xo14qQwvqeUI0sncijI6nBEJ r8MFzIaCvgWjEH4XBZBU8HXuF0NB5em2sWcUu9p//uKJvcO7pWwt+SBlLsEkknLzPeER pFsTButuSAhrsNXVQuDPSMmdZN6jtKvzwad60=
MIME-Version: 1.0
Received: by 10.146.28.25 with SMTP id b25mr171802yab.0.1309213104895; Mon, 27 Jun 2011 15:18:24 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.147.170.15 with HTTP; Mon, 27 Jun 2011 15:18:24 -0700 (PDT)
Date: Mon, 27 Jun 2011 18:18:24 -0400
X-Google-Sender-Auth: SWuy720nObu-_u1YhTvEVW_qUSo
Message-ID: <BANLkTimYKUybADYKAap_BGRpRxbBZnZgrg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: OAuth WG <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [OAUTH-WG] OAuth 2.0 Threat Model and Security Considerations
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2011 22:18:34 -0000
The subject document, draft-lodderstedt-oauth-security, is now on our charter, with the rechartering. The authors have a new version ready, and would like to post it this week. The chairs have approved the name "draft-ietf-oauth-v2-threatmodel-00" for this document, and if there are no objections the authors will post the new version on Friday. Keep in mind that the first priority is still the OAuth 2.0 main spec, so let's wrap that up. We're aiming for working-group last call on that within the month. Barry, as chair
- Re: [OAUTH-WG] OAuth 2.0 Threat Model and Securit… Peter Saint-Andre
- [OAUTH-WG] OAuth 2.0 Threat Model and Security Co… Barry Leiba
- Re: [OAUTH-WG] OAuth 2.0 Threat Model and Securit… Barry Leiba