[OAUTH-WG] JOSE/JWT Security Update Presentation

Discussion:

Mike Jones

2017-03-29 20:08:38 UTC

Yaron Sheffer had asked me to give an update on JOSE/JWT security to the SecEvent working group. As promised during our working group meeting Monday, that presentation is attached. At the microphone, Kathleen suggested that we may want to collect information about best practices for implementers and deployers and write a BCP containing them. She said that JWT is being used in many places in the IETF at this point.

-- Mike

Dave Tonge

2017-03-31 14:58:54 UTC

Permalink

Thanks Mike

I agree with all the next steps, we need some articles to help combat the
FUD that is being spread.
Is there any action on who will write those articles?

Dave

Post by Mike Jones
Yaron Sheffer had asked me to give an update on JOSE/JWT security to the
SecEvent working group. As promised during our working group meeting
Monday, that presentation is attached. At the microphone, Kathleen
suggested that we may want to collect information about best practices for
implementers and deployers and write a BCP containing them. She said that
JWT is being used in many places in the IETF at this point.
-- Mike
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth

--
Dave Tonge

Dick Hardt

2017-03-31 15:16:19 UTC

Permalink

Mike, Yaron Cheffer and myself have volunteered to write a JWT BCP. It is a
topic on the agenda in the OAuth meeting currently underway.

Post by Dave Tonge
Thanks Mike
I agree with all the next steps, we need some articles to help combat the
FUD that is being spread.
Is there any action on who will write those articles?
Dave

--
Dave Tonge
_______________________________________________
OAuth mailing list
https://www.ietf.org/mailman/listinfo/oauth

--
Subscribe to the HARDTWARE <http://hardtware.com/> mail list to learn about
projects I am working on!