OAuth 2.0 Token Binding
draft-jones-oauth-token-binding-00

Document Type Replaced Internet-Draft (individual)
Last updated 2016-07-04
Replaced by draft-ietf-oauth-token-binding
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-oauth-token-binding
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-jones-oauth-token-binding-00.txt

Abstract

This specification enables OAuth 2.0 implementations to apply Token Binding to Access Tokens and Refresh Tokens. This cryptographically binds these tokens to the TLS connections over which they are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.

Authors

Michael Jones (mbj@microsoft.com)
John Bradley (ve7jtb@ve7jtb.com)
Brian Campbell (brian.d.campbell@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)