Discussion:
[OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-03.txt
i***@ietf.org
2017-03-27 16:31:23 UTC
Permalink
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.

Title : OAuth 2.0 Token Binding
Authors : Michael B. Jones
John Bradley
Brian Campbell
William Denniss
Filename : draft-ietf-oauth-token-binding-03.txt
Pages : 26
Date : 2017-03-27

Abstract:
This specification enables OAuth 2.0 implementations to apply Token
Binding to Access Tokens, Authorization Codes, and Refresh Tokens.
This cryptographically binds these tokens to a client's Token Binding
key pair, possession of which is proven on the TLS connections over
which the tokens are intended to be used. This use of Token Binding
protects these tokens from man-in-the-middle and token export and
replay attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-03
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-binding-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-binding-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Brian Campbell
2017-03-27 16:32:33 UTC
Permalink
-03 only fixes a few mistakes in and around the examples that I noticed
preparing the slides for the IETF 98 Chicago meeting.

---------- Forwarded message ----------
From: <internet-***@ietf.org>
Date: Mon, Mar 27, 2017 at 11:31 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-03.txt
To: i-d-***@ietf.org
Cc: ***@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol of the IETF.

Title : OAuth 2.0 Token Binding
Authors : Michael B. Jones
John Bradley
Brian Campbell
William Denniss
Filename : draft-ietf-oauth-token-binding-03.txt
Pages : 26
Date : 2017-03-27

Abstract:
This specification enables OAuth 2.0 implementations to apply Token
Binding to Access Tokens, Authorization Codes, and Refresh Tokens.
This cryptographically binds these tokens to a client's Token Binding
key pair, possession of which is proven on the TLS connections over
which the tokens are intended to be used. This use of Token Binding
protects these tokens from man-in-the-middle and token export and
replay attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-03
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-binding-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-binding-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Takahiko Kawasaki
2017-06-24 06:46:35 UTC
Permalink
Dear Brian,

Just a small editorial issue on the 4th line in the 2nd paragraph in "*2.1.
Example Token Binding for Refresh Tokens".* "the" should be removed from
"the of PKCS is".

Best Regards,
Takahiko Kawasaki
Post by Brian Campbell
-03 only fixes a few mistakes in and around the examples that I noticed
preparing the slides for the IETF 98 Chicago meeting.
---------- Forwarded message ----------
Date: Mon, Mar 27, 2017 at 11:31 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : OAuth 2.0 Token Binding
Authors : Michael B. Jones
John Bradley
Brian Campbell
William Denniss
Filename : draft-ietf-oauth-token-binding-03.txt
Pages : 26
Date : 2017-03-27
This specification enables OAuth 2.0 implementations to apply Token
Binding to Access Tokens, Authorization Codes, and Refresh Tokens.
This cryptographically binds these tokens to a client's Token Binding
key pair, possession of which is proven on the TLS connections over
which the tokens are intended to be used. This use of Token Binding
protects these tokens from man-in-the-middle and token export and
replay attacks.
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-03
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-binding-03
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-binding-03
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
Brian Campbell
2017-06-24 13:36:31 UTC
Permalink
Thanks Takahiko,

fixed
https://github.com/oauth-token-binding/i-d/commit/f0c61c19e02a54147c3b9280b1f5c41112de35a0
Post by Takahiko Kawasaki
Dear Brian,
Just a small editorial issue on the 4th line in the 2nd paragraph in "*2.1.
Example Token Binding for Refresh Tokens".* "the" should be removed from
"the of PKCS is".
Best Regards,
Takahiko Kawasaki
Post by Brian Campbell
-03 only fixes a few mistakes in and around the examples that I noticed
preparing the slides for the IETF 98 Chicago meeting.
---------- Forwarded message ----------
Date: Mon, Mar 27, 2017 at 11:31 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-binding-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol of the IETF.
Title : OAuth 2.0 Token Binding
Authors : Michael B. Jones
John Bradley
Brian Campbell
William Denniss
Filename : draft-ietf-oauth-token-binding-03.txt
Pages : 26
Date : 2017-03-27
This specification enables OAuth 2.0 implementations to apply Token
Binding to Access Tokens, Authorization Codes, and Refresh Tokens.
This cryptographically binds these tokens to a client's Token Binding
key pair, possession of which is proven on the TLS connections over
which the tokens are intended to be used. This use of Token Binding
protects these tokens from man-in-the-middle and token export and
replay attacks.
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-03
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-binding-03
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-binding-03
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth
--
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you.*
Loading...