[websec] unbearable - new mailing list to discuss better than bearer tokens...

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 05 December 2014 16:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id A2BFD1AD041; Fri, 5 Dec 2014 08:43:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id beeU6Es0wsNS; Fri, 5 Dec 2014 08:43:32 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) by ietfa.amsl.com (Postfix) with ESMTP id 0C2DC1A1B7D; Fri, 5 Dec 2014 08:43:20 -0800 (PST)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3C969BF0A; Fri, 5 Dec 2014 16:43:19 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id jmXYFvKbK2O3; Fri, 5 Dec 2014 16:43:19 +0000 (GMT)
Received: from [] (stephen-think.dsg.cs.tcd.ie []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 1819FBF06; Fri, 5 Dec 2014 16:43:19 +0000 (GMT)
Message-ID: <5481E0A7.2090604@cs.tcd.ie>
Date: Fri, 05 Dec 2014 16:43:19 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: "saag@ietf.org" <saag@ietf.org>, websec <websec@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/BluUg13PK39XvrRJ5Vfh_TO79-8
Subject: [websec] unbearable - new mailing list to discuss better than bearer tokens...
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Stephen Farrell <Stephen.Farrell@cs.tcd.ie>
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2014 16:43:33 -0000


Following up on the presentation at IETF-91 on this topic, [1]
we've created a new list [2] for moving that along. The list
description is:

"This list is for discussion of proposals for doing better than bearer
tokens (e.g. HTTP cookies, OAuth tokens etc.) for web applications.
The specific goal is chartering a WG focused on preventing security
token export and replay attacks."

If you're interested please join in.

Thanks to Vinod and Andrei for agreeing to admin the list.

We'll kick off discussion in a few days when folks have had
a chance to subscribe.


PS: Please don't reply-all to this, join the new list, wait
a few days and then say what you need to say:-)

[1] https://tools.ietf.org/agenda/91/slides/slides-91-uta-2.pdf
[2] https://www.ietf.org/mailman/listinfo/unbearable