Minutes for OAuth Working Group, IETF 81, 27 July 2011

9:00, convene

Administrative:

0.       Thanks to Tony Nadalin for taking notes.

1.       Update the agenda to indicate correct assertions draft (IETF draft not
         individual draft).

Documents:

2.       No objections for WGLC on core, comments due 12 Aug.

3.       No objections for WGLC on Bearer Token draft, comments due 12 Aug.

4.       SAML Assertions draft due 8/12; will wait for WGLC on assertions until
         SAML assertion draft is done.

5.       Status on security considerations section complete as of draft 16.

6.       Threat model document:
         New revision, WG item, author complete with minor updates.
         Heading towards informational track.
         Torsten to post to list requesting additional input needed.

Other Business:

7.       OMA liaison document discussion:
         Discussion on discovery.
            OMA asking for OAUTH WG discovery mechanism.
            WG Discovery mechanism is not in the current charter.
         Chairs soliciting further input for response to OMA liaison.
         Chairs will draft a response.
         Mike Jones to look at OMA document to review "scope" question.

8.       Phil Hunt issue on slidejacking:
         Problem exists, draft 20 seems to take care of this by making TLS a SHOULD.
         There could be alternatives to TLS in future.
         Decided to leave as is and if something comes in, solution is still open.

9.       Thomas Hardjono gave a presentation on UMA, which is used to manage
         sharing and protect access from a single hub.  Thomas is asking that
         during the re-charter discussions include dynamic client registration,
         among other things, but it's unclear yet what would actually be done
         in the IETF.

10:24, adjourn