draft-ietf-oauth-v2-threatmodel-03.txt   draft-ietf-oauth-v2-threatmodel-04.txt 
Web Authorization Protocol (oauth) T. Lodderstedt, Ed. Web Authorization Protocol (oauth) T. Lodderstedt, Ed.
Internet-Draft Deutsche Telekom AG Internet-Draft Deutsche Telekom AG
Intended status: Informational M. McGloin Intended status: Informational M. McGloin
Expires: November 26, 2012 IBM Expires: November 26, 2012 IBM
P. Hunt P. Hunt
Oracle Corporation Oracle Corporation
May 25, 2012 May 25, 2012
OAuth 2.0 Threat Model and Security Considerations OAuth 2.0 Threat Model and Security Considerations
draft-ietf-oauth-v2-threatmodel-03 draft-ietf-oauth-v2-threatmodel-04
Abstract Abstract
This document gives security considerations based on a comprehensive This document gives additional security considerations for OAuth,
beyond those in the OAuth specification, based on a comprehensive
threat model for the OAuth 2.0 Protocol. threat model for the OAuth 2.0 Protocol.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
skipping to change at page 6, line 9 skipping to change at page 6, line 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 63 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 63
8.1. Normative References . . . . . . . . . . . . . . . . . . . 63 8.1. Normative References . . . . . . . . . . . . . . . . . . . 63
8.2. Informative References . . . . . . . . . . . . . . . . . . 64 8.2. Informative References . . . . . . . . . . . . . . . . . . 64
Appendix A. Document History . . . . . . . . . . . . . . . . . . 64 Appendix A. Document History . . . . . . . . . . . . . . . . . . 64
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 66
1. Introduction 1. Introduction
This document gives additional security considerations for OAuth, This document gives additional security considerations for OAuth,
beyond those in the OAuth specification, based on a comprehensive beyond those in the OAuth specification, based on a comprehensive
threat model for the OAuth 2.0 Protocol threat model for the OAuth 2.0 Protocol [I-D.ietf-oauth-v2]. It
contains the following content:
[I-D.ietf-oauth-v2]. It contains the following content:
o Documents any assumptions and scope considered when creating the o Documents any assumptions and scope considered when creating the
threat model. threat model.
o Describes the security features in-built into the OAuth protocol o Describes the security features in-built into the OAuth protocol
and how they are intended to thwart attacks. and how they are intended to thwart attacks.
o Gives a comprehensive threat model for OAuth and describes the o Gives a comprehensive threat model for OAuth and describes the
respective counter measures to thwart those threats. respective counter measures to thwart those threats.
 End of changes. 3 change blocks. 
5 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/