* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Oauth Status Pages

Web Authorization Protocol (Active WG)
Sec Area: Roman Danyliw, Benjamin Kaduk | 2009-May-13 —  
Chairs
 
 


IETF-95 oauth agenda

Session 2016-04-06 1000-1230: Buen Ayre B - Audio stream - oauth chatroom

Agenda

          
          
          
          IETF 95 OAuth Meeting Agenda
          Wednesday, 10:00-12:30
          Chairs: Hannes Tschofenig/Derek Atkins
          
          - Status Update (Hannes, 5 min)
          
           (a) Informal OAuth Security Workshop (December 2015)
           (b) OAuth Security Workshop (July 2016)
           (c) Re-chartering
           (d) "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" as RFC
          
          *** WG Documents ***
          
          - OAuth 2.0 Mix-Up Mitigation (Hannes, 45 min)
          https://datatracker.ietf.org/doc/draft-ietf-oauth-mix-up-mitigation/
          
            Presentation about the problems/threats we are solving:
            (a) OAuth Mix-Up (John)
            (b) Cut-and-paste Attack (Nat)
          
            Move cut-and-paste threat to a different document?
          
          - OAuth Discovery (45min)
          
            What are the use cases the discovery document is solving?
          
            OAuth 2.0 Authorization Server Discovery Metadata (Mike, 15 min)
          https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/
          
            OAuth Response Metadata (Nat, 15min)
          https://datatracker.ietf.org/doc/draft-sakimura-oauth-meta/
          
            OAuth 2.0 Bound Configuration Lookup (Phil, 15min)
          https://tools.ietf.org/html/draft-hunt-oauth-bound-config-00
          
          - Token Exchange (Brian, 15 min)
          https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/
          
            What has been done and discuss open issues?
            Implementation status? Interoperability?
          
          - OAuth 2.0 for Native Apps (William, 15 min)
          http://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/
          
            Presentation of availability of code. Moving the document to WGLC as soon as enough people did interop tests.
          
          *** Non-WG Documents ***
          
          - Resource Indicators for OAuth 2.0 (Brian/John, 15 min)
          https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/
          
          *** Not Discussed ***
          
          - Authentication Method Reference Values document published.
          https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/
          
          - Proof-of-Possession
          http://datatracker.ietf.org/doc/draft-ietf-oauth-proof-of-possession/
          http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/
          http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/
          https://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/
          
          - OAuth 2.0 JWT Authorization Request (JAR)
          https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/
          
            Why is the document important? (related to mix-up attack)
            After the WGLC is the document ready?
          
          - OAuth 2.0 Security: Closing Open Redirectors in OAuth
          https://datatracker.ietf.org/doc/draft-ietf-oauth-closing-redirectors/
          
            Haven't received more feedback. WGLC?
          
          - OAuth 2.0 Device Flow
          https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/
          
            Compare the document with current deployment and provide feedback.
            Mike to send feedback from the Microsoft team.
          
          - Conclusion (Hannes, 10 min)
          



Generated from PyHt script /wg/oauth/agenda.pyht Latest update: 24 Oct 2012 16:51 GMT -