[saag] OAuth Report
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 23 July 2015 13:38 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9E31ACCFD for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:38:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ySGtP0qabQFQ for <saag@ietfa.amsl.com>; Thu, 23 Jul 2015 06:38:34 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BCA61A1B00 for <saag@ietf.org>; Thu, 23 Jul 2015 06:38:34 -0700 (PDT)
Received: from [192.168.10.139] ([31.133.161.51]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0M4WNA-1YzMs01ZxE-00yiB7 for <saag@ietf.org>; Thu, 23 Jul 2015 15:38:33 +0200
Message-ID: <55B0EE57.4050909@gmx.net>
Date: Thu, 23 Jul 2015 15:38:31 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: saag <saag@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="qkO334wAgke7Wdj62cFcCSphlIRqjv0Hg"
X-Provags-ID: V03:K0:z0i3WCI85B+Pb7OCc2eLd5GWO3nqFFRCAFqnVLc5BS+LPjE6OpV rVL/xD9489XD8xJiRewXIJ7Qf1FKE/wEjp+Ssm38GKL93rKKaV12pjGbLiYcyEiZE/OhZ3Q yUpcLRjbycwrcLn8g/RUhkLrZh0jTm/94vS2zOu+TeBD/Q4gAF8LQqgpiSr4RTS8fp+dy0b LTIm6CQJJXlCjFEgAssuw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:EKo75Kj0ss8=:boZ/G9OL+dUdM26ArQp80o recOd0mE6QjscZVRDyMRJQBA00RiFD8I04MORneO4JmWoqdjNw/rz5lmML5PFhtmltIWXNSrg SmyFKMiNXjUf9URHh3mF+bRYFNjNfwRWQar2p69nHTpPHTGu5VL8BCPxjMmI9Uqh/M/2jNZm2 /05MZhahem6ouBSEJSmGudR6fpE06Rld28JpbjSY3w/LwZ6jF+WH9ctNRovIvGZ2549YM2eJN rq2mEPehizPzdVCv/4McVkRe2E7Nvclok4G9o4vkL95es1YQchTDsoiYdLC5pKw4LPWcDKHOv t97nTGDXx/yfj9LiADPp/+TNEMLFUZkH+q7I6x1UvAdnCkJMRm19pEBMXfzGgg+yY4MAUjP6B 839uisXGbfOmq5dsiAcp1XbXr/6ni4qv5RIrLklK1Pq77WgALywTDex/KLJsTDQOM8Gd/nldh juFBc4w4jtMhCLVFWItsjsbszGvb28Keh8V7PMdpquOBaHfGDtP+n2xEx+oMNLI9TTcjRQo9h P9vM4Jh92CpDsYD+BS82UZ7kZC9wY9HUYlnnqTLH4vdsFjsMs5z919EJGa+ftax7M7nO9iqNn 0L9f8Mhmst7JCoHr7/W/gQEytvpPddyLM0FudcAh4M1fU5FD6h4nYoH3guRJvELcaFgMpb5sp zxZ8X+iJzpBIGkJRvbEjABK0hOzFWS7CXzAnQlW2LGPC1KQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/Rn6NJoXOd_HhkiwtMfmdppYCjiQ>
Subject: [saag] OAuth Report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 13:38:39 -0000
We had our OAuth working group meeting Wednesday afternoon. We celebrated the publication of 6 RFCs since the last f2f meeting in Dallas and focused our discussions on the remaining working group items, namely * Token Exchange, * Proof-of-Possession Tokens, and * Request by JWS for OAuth 2. We went through the open issues and collected feedback from the participants. In addition, we had presentations about several new items, namely * Native Apps, which is about guidance for developers of smart phone apps and alike regarding security. * Open Redirector discussing security problems with redirect URIs discovered in the wild. * An extension to the JSON Web Token claims to add further security features. There was lots of support for writing guidance about native apps in the working group and several persons volunteered to review <draft-wdenniss-oauth-native-apps-00>. There was also interest to document the open redirector problem. The chairs will talk to the AD about re-chartering in the next month or two. Ciao Hannes
- [saag] OAuth Report Hannes Tschofenig
- [saag] OAuth Report Hannes Tschofenig