OAuth 2.0 Security: Closing Open Redirectors in OAuth
draft-ietf-oauth-closing-redirectors-00
| Document | Type | Expired Internet-Draft (oauth WG) | |
|---|---|---|---|
| Last updated | 2016-08-07 (latest revision 2016-02-04) | ||
| Replaces | draft-bradley-oauth-open-redirector | ||
| Stream | IETF | ||
| Intended RFC status | Best Current Practice | ||
| Formats |
Expired & archived
pdf
htmlized
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired | |
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-ietf-oauth-closing-redirectors-00.txt
Abstract
This document gives additional security considerations for OAuth, beyond those in the OAuth 2.0 specification and in the OAuth 2.0 Threat Model and Security Considerations.
Authors
John Bradley
(ve7jtb@ve7jtb.com)
Antonio Sanso
(asanso@adobe.com)
Hannes Tschofenig
(Hannes.Tschofenig@gmx.net)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)