--- 1/draft-ietf-kitten-sasl-oauth-12.txt	2014-02-14 08:14:46.542682963 -0800
+++ 2/draft-ietf-kitten-sasl-oauth-13.txt	2014-02-14 08:14:46.582683941 -0800
@@ -1,21 +1,21 @@
 
 KITTEN                                                          W. Mills
 Internet-Draft                                               Yahoo! Inc.
 Intended status: Standards Track                            T. Showalter
-Expires: June 18, 2014
+Expires: August 18, 2014
                                                            H. Tschofenig
-                                            Nokia Solutions and Networks
-                                                       December 15, 2013
+                                                                ARM Ltd.
+                                                       February 14, 2014
 
                    A set of SASL Mechanisms for OAuth
-                  draft-ietf-kitten-sasl-oauth-12.txt
+                  draft-ietf-kitten-sasl-oauth-13.txt
 
 Abstract
 
    OAuth enables a third-party application to obtain limited access to a
    protected resource, either on behalf of a resource owner by
    orchestrating an approval interaction, or by allowing the third-party
    application to obtain access on its own behalf.
 
    This document defines how an application client uses credentials
    obtained via OAuth over the Simple Authentication and Security Layer
@@ -38,62 +38,62 @@
 
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
-   This Internet-Draft will expire on June 18, 2014.
+   This Internet-Draft will expire on August 18, 2014.
 
 Copyright Notice
 
-   Copyright (c) 2013 IETF Trust and the persons identified as the
+   Copyright (c) 2014 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
    carefully, as they describe your rights and restrictions with respect
    to this document.  Code Components extracted from this document must
    include Simplified BSD License text as described in Section 4.e of
    the Trust Legal Provisions and are provided without warranty as
    described in the Simplified BSD License.
 
 Table of Contents
 
-   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
+   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
    2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   5
    3.  OAuth SASL Mechanism Specifications . . . . . . . . . . . . .   6
      3.1.  Initial Client Response . . . . . . . . . . . . . . . . .   7
        3.1.1.  Reserved Key/Values . . . . . . . . . . . . . . . . .   7
      3.2.  Server's Response . . . . . . . . . . . . . . . . . . . .   8
        3.2.1.  OAuth Identifiers in the SASL Context . . . . . . . .   8
        3.2.2.  Server Response to Failed Authentication  . . . . . .   8
        3.2.3.  Completing an Error Message Sequence  . . . . . . . .   9
      3.3.  OAuth Access Token Types using Keyed Message Digests  . .   9
    4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  10
-     4.1.  Successful Bearer Token Exchange  . . . . . . . . . . . .  11
+     4.1.  Successful Bearer Token Exchange  . . . . . . . . . . . .  10
      4.2.  Failed Exchange . . . . . . . . . . . . . . . . . . . . .  11
      4.3.  SMTP Example of a Failed Negotiation  . . . . . . . . . .  12
    5.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
    6.  Internationalization Considerations . . . . . . . . . . . . .  14
    7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
      7.1.  SASL Registration . . . . . . . . . . . . . . . . . . . .  14
    8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  15
      8.1.  Normative References  . . . . . . . . . . . . . . . . . .  15
      8.2.  Informative References  . . . . . . . . . . . . . . . . .  16
    Appendix A.  Acknowlegements  . . . . . . . . . . . . . . . . . .  16
-   Appendix B.  Document History . . . . . . . . . . . . . . . . . .  16
+   Appendix B.  Document History . . . . . . . . . . . . . . . . . .  17
    Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19
 
 1.  Introduction
 
    OAuth 1.0a [RFC5849] and OAuth 2.0 [RFC6749] are protocol frameworks
    that enable a third-party application to obtain limited access to a
    protected resource, either on behalf of a resource owner by
    orchestrating an approval interaction, or by allowing the third-party
    application to obtain access on its own behalf.
 
@@ -686,27 +688,27 @@
    [RFC6749]  Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
               6749, October 2012.
 
    [RFC6750]  Jones, M. and D. Hardt, "The OAuth 2.0 Authorization
               Framework: Bearer Token Usage", RFC 6750, October 2012.
 
 8.2.  Informative References
 
    [I-D.ietf-oauth-json-web-token]
               Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
-              (JWT)", draft-ietf-oauth-json-web-token-13 (work in
-              progress), November 2013.
+              (JWT)", draft-ietf-oauth-json-web-token-15 (work in
+              progress), January 2014.
 
    [I-D.ietf-oauth-v2-http-mac]
               Richer, J., Mills, W., Tschofenig, H., and P. Hunt, "OAuth
               2.0 Message Authentication Code (MAC) Tokens", draft-ietf-
-              oauth-v2-http-mac-04 (work in progress), July 2013.
+              oauth-v2-http-mac-05 (work in progress), January 2014.
 
    [RFC3501]  Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
               4rev1", RFC 3501, March 2003.
 
    [RFC5321]  Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
               October 2008.
 
    [RFC6819]  Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
               Threat Model and Security Considerations", RFC 6819,
               January 2013.
@@ -721,20 +723,25 @@
    Lodderstadt, Ryan Troll, Alexey Melnikov, Jeffrey Hutzelman, and Nico
    Williams.
 
    This document was produced under the chairmanship of Alexey Melnikov,
    Tom Yu, Shawn Emery, Josh Howlett, Sam Hartman.  The supervising area
    directors was Stephen Farrell.
 
 Appendix B.  Document History
 
    [[ to be removed by RFC editor before publication as an RFC ]]
+
+   -13
+
+   o  Changed affiliation.
+
    -12
 
    o  Removed -PLUS components from the specification.
 
    -11
 
    o  Removed GSS-API components from the specification.
 
    o  Updated security consideration section.
 
@@ -837,18 +844,17 @@
    William Mills
    Yahoo! Inc.
 
    Email: wmills_92105@yahoo.com
 
    Tim Showalter
 
    Email: tjs@psaux.com
 
    Hannes Tschofenig
-   Nokia Solutions and Networks
-   Linnoitustie 6
-   Espoo  02600
-   Finland
+   ARM Ltd.
+   110 Fulbourn Rd
+   Cambridge  CB1 9NJ
+   Great Britain
 
-   Phone: +358 (50) 4871445
-   Email: Hannes.Tschofenig@gmx.net
+   Email: Hannes.tschofenig@gmx.net
    URI:   http://www.tschofenig.priv.at