Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Agenda for OAUTH at IETF-95
agenda-95-oauth-2

Versions:

Meeting Agenda		Web Authorization Protocol (oauth) WG
Date and time		2016-04-06 13:00 Meeting Local UTC
Title		Agenda for OAUTH at IETF-95
State		Active
Other versions		plain text
Last updated		2016-04-01

agenda-95-oauth-2

IETF 95 OAuth Meeting Agenda
Wednesday, 10:00-12:30
Chairs: Hannes Tschofenig/Derek Atkins

- Status Update (Hannes, 5 min)

 (a) Informal OAuth Security Workshop (December 2015)
 (b) OAuth Security Workshop (July 2016)
 (c) Re-chartering
 (d) "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" as RFC

*** WG Documents ***

- OAuth 2.0 Mix-Up Mitigation (Hannes, 45 min)
https://datatracker.ietf.org/doc/draft-ietf-oauth-mix-up-mitigation/

  Presentation about the problems/threats we are solving:
  (a) OAuth Mix-Up (John)
  (b) Cut-and-paste Attack (Nat)

  Move cut-and-paste threat to a different document?

- OAuth Discovery (45min)

  What are the use cases the discovery document is solving?

  OAuth 2.0 Authorization Server Discovery Metadata (Mike, 15 min)
https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/

  OAuth Response Metadata (Nat, 15min)
https://datatracker.ietf.org/doc/draft-sakimura-oauth-meta/

  OAuth 2.0 Bound Configuration Lookup (Phil, 15min)
https://tools.ietf.org/html/draft-hunt-oauth-bound-config-00

- Token Exchange (Brian, 15 min)
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/

  What has been done and discuss open issues?
  Implementation status? Interoperability?

- OAuth 2.0 for Native Apps (William, 15 min)
http://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/

  Presentation of availability of code. Moving the document to WGLC as soon as
  enough people did interop tests.

*** Non-WG Documents ***

- Resource Indicators for OAuth 2.0 (Brian/John, 15 min)
https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/

*** Not Discussed ***

- Authentication Method Reference Values document published.
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/

- Proof-of-Possession
http://datatracker.ietf.org/doc/draft-ietf-oauth-proof-of-possession/
http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/
http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/
https://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/

- OAuth 2.0 JWT Authorization Request (JAR)
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/

  Why is the document important? (related to mix-up attack)
  After the WGLC is the document ready?

- OAuth 2.0 Security: Closing Open Redirectors in OAuth
https://datatracker.ietf.org/doc/draft-ietf-oauth-closing-redirectors/

  Haven't received more feedback. WGLC?

- OAuth 2.0 Device Flow
https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/

  Compare the document with current deployment and provide feedback.
  Mike to send feedback from the Microsoft team.

- Conclusion (Hannes, 10 min)

Agenda for OAUTH at IETF-95 agenda-95-oauth-2

Agenda for OAUTH at IETF-95
agenda-95-oauth-2