[Unbearable] Token binding for Oauth2.0
tharmakulasingham inthirakumaaran <inthiraj1994@gmail.com> Mon, 30 October 2017 05:15 UTC
Return-Path: <inthiraj1994@gmail.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1766713FBB2 for <unbearable@ietfa.amsl.com>; Sun, 29 Oct 2017 22:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.049
X-Spam-Level:
X-Spam-Status: No, score=-1.049 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9Z28YuEs9we for <unbearable@ietfa.amsl.com>; Sun, 29 Oct 2017 22:15:36 -0700 (PDT)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63C1F13F5BB for <unbearable@ietf.org>; Sun, 29 Oct 2017 22:15:36 -0700 (PDT)
Received: by mail-io0-x236.google.com with SMTP id j17so24406201iod.5 for <unbearable@ietf.org>; Sun, 29 Oct 2017 22:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=eAz+GcmMzhqq7KJhBpu++qR4R0V4e2MgkDl2hmyvbiI=; b=Ju7qXPa5GJoXH9NMu49QpP8CWldHW4c4gibS8PfNJO/eQ6OXQ/JTAxKrh2pp7P/SPd VFer0U0YO3Tsi8ZyT9MsPFg0C9FrZqbFeQNL7eZjI+iuWIY1vaNyykqhtLn/ifAL66lV f6kYswrtMil6QQlQ6VILvjHMj9ewH4Qyt/ZyTiWv2WbCAwcEe6cKu0gxg7s5pm5Qtn26 NeT90x0Kp8fVH2a1V8xdav5NT9Ot/N6uLn+PrZiQQxPoMegFOBFFxabizQ2q1J3bWpkL iLgp+TisxXohEAfzd/h5YAbuywXWv+osaDp3bll8PRk95gDvgYV+R+M26t1Y3OXLeIy3 iiLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=eAz+GcmMzhqq7KJhBpu++qR4R0V4e2MgkDl2hmyvbiI=; b=j3KT5TLLIWYPIjLtkfRWhCkAiDlEHIvUjGEMOFT/d08U32AMzYtHdWDMRz8h348y1l C9Z0lemXHnTlyEz1YpxQkAS4eU4+bqz32jZMMPm2U7Bl7rUnIdv8e2iScI1aCoDV7uWN 7Ayc35ZdnHiROwchJHQUYUwdSsbgkqghFaBZ6lad7ckqTWeR2ykx0qEo4HMw/291/wFk h+m+AYVc62B4txXMribFOYucxLUDjDssu3yRpO3OGXOJdf7ZrEpD8IHT1eY1EzR+8jhN NcHOyoPX5VLWzvTutqEKreKD59pKDoznTrAVvYP02QnIvjaqDufYnyDtQMGAal+9qhkt Uh9A==
X-Gm-Message-State: AMCzsaXZezeynJE023SSMMb3A7rwoC0BgFq3KIWcnvaqCb5KS2BbdElW F5QE/jqNaB3coMQWZyhS38ll18KfaR4bppCtpwQ=
X-Google-Smtp-Source: ABhQp+Tdg0RRENNTJqlvhhkl13hcvSYU1Tja9bfPTl7PcqgjhpYnssc/ps66LbdblgqXk7Lx81fXlA3LTo0AtJk1oZU=
X-Received: by 10.107.83.22 with SMTP id h22mr9930247iob.40.1509340535423; Sun, 29 Oct 2017 22:15:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.7.140 with HTTP; Sun, 29 Oct 2017 22:15:34 -0700 (PDT)
From: tharmakulasingham inthirakumaaran <inthiraj1994@gmail.com>
Date: Mon, 30 Oct 2017 10:45:34 +0530
Message-ID: <CAFUY97p7DNUms9_f+P5jg0dFzr2BO4DibxAM5_E04UoLejCa_A@mail.gmail.com>
To: unbearable@ietf.org
Content-Type: multipart/alternative; boundary="089e08285970758b04055cbcbaf8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/GgkWGItDy6GbTAhCyINs0iyQTlc>
Subject: [Unbearable] Token binding for Oauth2.0
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 05:15:38 -0000
Hi all, I am a university student and trying to implement token binding for oauth2.0 in one of my projects. Currently, I am using nginx as proxy to do the token binding but hope to write a token binding implementation in java. I want to know how we can send referred token binding ID(RID) without redirection or Include-referred-ID header. Especially in the point where client application send access token request with including referred token binding ID (ID between the client app and resource server).Although spec says we can use other methods, I cannot find what are those. Please clarify me on this matter and open to any suggestion on how to do this project.If you can suggest any example implementations that would be helpful too. Thank you, kumaaran
- [Unbearable] Token binding for Oauth2.0 tharmakulasingham inthirakumaaran
- Re: [Unbearable] Token binding for Oauth2.0 Mike Jones