Mike Jones
2016-07-07 23:09:13 UTC
The only change to the new draft is to use terminology more consistently. Specifically, it changes the terms "issuer URL" and "configuration information location" to "issuer identifier" so that consistent terminology is used for this. (This is the terminology used by OpenID Connect.)
This is being posted in preparation for discussions at the upcoming OAuth Security Workshop in Trier, Germany<https://infsec.uni-trier.de/events/osw2016> and the IETF 96 meeting in Berlin<http://ietf.org/meeting/96/>.
The specification is available at:
* http://tools.ietf.org/html/draft-ietf-oauth-mix-up-mitigation-01
An HTML-formatted version is also available at:
* http://self-issued.info/docs/draft-ietf-oauth-mix-up-mitigation-01.html
This notice was also posted at http://self-issued.info/?p=1582 and as @selfissued<https://twitter.com/selfissued>.
This is being posted in preparation for discussions at the upcoming OAuth Security Workshop in Trier, Germany<https://infsec.uni-trier.de/events/osw2016> and the IETF 96 meeting in Berlin<http://ietf.org/meeting/96/>.
The specification is available at:
* http://tools.ietf.org/html/draft-ietf-oauth-mix-up-mitigation-01
An HTML-formatted version is also available at:
* http://self-issued.info/docs/draft-ietf-oauth-mix-up-mitigation-01.html
This notice was also posted at http://self-issued.info/?p=1582 and as @selfissued<https://twitter.com/selfissued>.