[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-par-03.txt

Brian Campbell <bcampbell@pingidentity.com> Fri, 31 July 2020 15:30 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id EB4163A05A7 for <oauth@ietfa.amsl.com>; Fri, 31 Jul 2020 08:30:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id JNoKiEXJdboO for <oauth@ietfa.amsl.com>; Fri, 31 Jul 2020 08:30:14 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C523F3A0529 for <oauth@ietf.org>; Fri, 31 Jul 2020 08:30:13 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id r19so32784268ljn.12 for <oauth@ietf.org>; Fri, 31 Jul 2020 08:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=6DmTOQs2icyFrrO+cNp9s1FPQV9NU06v+fWtcpaygic=; b=FMsfWHnTGxxkpM4dnz1vpFnWKfYsL/oac3WeLOUNKlrolFuKMvHV0n7g1OyeC5qjVK uF7B0n3iy6P6hnc6fUvPG1B9MvHNdG8zYBc55Ym/fNcHV/A4P6YkLMwN+OrBfPsExq8u cqddyI8WJDfciOx5MyCjdIwHjcjsEXHG0fyujpV6FGNzYFH/88+Hx1PQz+vffxTWpadZ tBgfG5249Wed9owJ0EvgqMLra6fLchj7FpDANodLVpcMQ0IksOFIMty6i2+DhwLsqMem 87IhAN4TMVnHP2GlRzvZIgQLVL5PuFPjsL6liKW2Zqg/+Ra38j1gFBfGtVmawPosI9hn EXig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=6DmTOQs2icyFrrO+cNp9s1FPQV9NU06v+fWtcpaygic=; b=RcjBrJXaOCtzQZPq+klKrSnc2AobnEpbkjruDSwbwAb/hTHxJF+FQecWlvxYxK3KKp 0Owu8MaAHfoGbOn4VeW1HrH0+njeJPJyyj/4YgWAVtP2wOLh/vUsqKw+Sw25p2KIpQBb eP1kl7Sc4Mze4iKORfmD1iXQMk+L35St6yw5rHnCB3iNY15YMS+Kv2vTfGBE0vxmWPdM 6v6oL4PJDYGsOedk+NHbgSQx+H05GHFtBjz5IIosfBJnRYAMiu6hwNZeA1A1KtD9xf+8 ZnKK55/crKl80E3ukVx/XjbMVoKnGStyu4J1WBuRLhxIj55RJldy1s7K3vf+f8SdADNk KIYQ==
X-Gm-Message-State: AOAM530xqbqxmOW0SutJBZGJgplSRMsesm7FNDvnsJPy7hCxHC8MFf+X 8UNQVKzIkmxYoJd0T2EQndC2rEmmnUn8uhRaBOpLVsskvuv+gE29TPU2WwmHzZ3bXkhiCGrBdEZ R5CPkIWLGPDQqfC0GFVw=
X-Google-Smtp-Source: ABdhPJyD/Vszbyifv7x0VI1WsQ+NJ7Tc869GX/kaH4ksWy32jV4aFQiA0lDvOqLfNZE68y+/jlibAy7skHzfJ+mAwh4=
X-Received: by 2002:a05:651c:d0:: with SMTP id 16mr1880219ljr.313.1596209411148; Fri, 31 Jul 2020 08:30:11 -0700 (PDT)
MIME-Version: 1.0
References: <159620115034.32558.6249632084531225541@ietfa.amsl.com>
In-Reply-To: <159620115034.32558.6249632084531225541@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 31 Jul 2020 09:29:44 -0600
Message-ID: <CA+k3eCS6N_a+Xjs+AB6dFWJXGy0OhUSK-oxBhrxDAdni-gsZGw@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f06fd205abbe7655"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/zCCbbKCNQ0MTQHGdgR_TmgIcG6U>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-par-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 15:30:16 -0000


On behalf of my multinational cohort of esteemed co-authors, I published
PAR -03 this morning (MDT) wanting to get a new draft out with some lead
time before the Aug 10 interim
where PAR will be the topic de jour. The changes are summarized below,
which mostly consist of clarifications and various fixups to the text. The
"bits on the wire" protocol seems to be stable at this point, so we got
that going for us, which is nice.


   *  Editorial updates
   *  Mention that https is required for the PAR endpoint
   *  Add some discussion of browser form posting an authz request vs.
      the benefits of PAR for any application
   *  Added text about motivations behind PAR - integrity,
      confidentiality and early client auth
   *  Better explain one-time use recommendation of the request_uri
   *  Drop the section on special error responses for request objects
   *  Clarify authorization request examples to say that the client
      directs the user-agent to make the HTTP GET request (vs. making
      the request itself)

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Fri, Jul 31, 2020 at 7:12 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-par-03.txt
To: <i-d-announce@ietf.org>
Cc: <oauth@ietf.org>

A New Internet-Draft is available from the on-line Internet-Drafts
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : OAuth 2.0 Pushed Authorization Requests
        Authors         : Torsten Lodderstedt
                          Brian Campbell
                          Nat Sakimura
                          Dave Tonge
                          Filip Skokan
        Filename        : draft-ietf-oauth-par-03.txt
        Pages           : 19
        Date            : 2020-07-31

   This document defines the pushed authorization request endpoint,
   which allows clients to push the payload of an OAuth 2.0
   authorization request to the authorization server via a direct
   request and provides them with a request URI that is used as
   reference to the data in a subsequent authorization request.

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

OAuth mailing list

_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._