Skip to main content

Agenda for OAUTH at IETF-96
agenda-96-oauth-3

Meeting Agenda Web Authorization Protocol (oauth) WG
Date and time 2016-07-18 12:00
Title Agenda for OAUTH at IETF-96
State Active
Other versions plain text
Last updated 2016-07-18

agenda-96-oauth-3
OAuth Working Group Agenda
--------------------------

** 14:00-15:30	Monday Afternoon session I

Welcome and Status Update (15 min, Chairs)

 Milestone status
 OAuth Security Workshop summary

OAuth 2.0 Token Exchange: An STS for the REST of Us (Brian, 15 min)
https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/

 New document version available.
 Discussions about open issues.

OAuth 2.0 for Native Apps (10 min, William)
https://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/

 New document version available.
 No open issues known. Ready for WGLC?

OAuth 2.0 Device Flow (25 min, William)
https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/

 Discussion of open issues and use cases (John).

Authentication Method Reference Values (10 min, Mike)
https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/

 No open issues. Ready for WGLC?

** 15:50-17:20	Wednesday Afternoon session II

NOTE: AGENDA CHANGES FOR WEDNESDAY LIKELY

OAuth 2.0 Authorization Server Discovery Metadata (Mike, 30 min)
https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/

 Discussions of use case where the discovery process starts with the
 resource server.

 Introduction of meta-data about resources (new document)
 Introduction of signed meta data

OAuth 2.0 Mix-Up Mitigation (15 min, John)
https://datatracker.ietf.org/doc/draft-ietf-oauth-mix-up-mitigation/

Encoding claims in the OAuth 2 state parameter using a JWT (15 min, John)
https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-05
https://www.ietf.org/mail-archive/web/oauth/current/msg15696.html

Proof-of-Possession / Token Binding (30 min, Mike/Brian/John)
https://datatracker.ietf.org/doc/draft-jones-oauth-token-binding/
https://datatracker.ietf.org/doc/draft-campbell-oauth-tbpkce/
https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/

Side meeting Tuesday evening, at 18:20
to discuss the following OAuth security topics:
 - Fragment
 - 307
 - Mix-up
 - Redirector
 - Injection
 - Code Phishing
 - Containment
 - Authentication

We will meet at the IETF registration desk.