OAuth Working Group Agenda -------------------------- ** 14:00-15:30 Monday Afternoon session I Welcome and Status Update (15 min, Chairs) Milestone status OAuth Security Workshop summary OAuth 2.0 Token Exchange: An STS for the REST of Us (Brian, 15 min) https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ New document version available. Discussions about open issues. OAuth 2.0 for Native Apps (10 min, William) https://datatracker.ietf.org/doc/draft-ietf-oauth-native-apps/ New document version available. No open issues known. Ready for WGLC? OAuth 2.0 Device Flow (25 min, William) https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ Discussion of open issues and use cases (John). Authentication Method Reference Values (10 min, Mike) https://datatracker.ietf.org/doc/draft-ietf-oauth-amr-values/ No open issues. Ready for WGLC? ** 15:50-17:20 Wednesday Afternoon session II NOTE: AGENDA CHANGES FOR WEDNESDAY LIKELY OAuth 2.0 Authorization Server Discovery Metadata (Mike, 30 min) https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ Discussions of use case where the discovery process starts with the resource server. Introduction of meta-data about resources (new document) Introduction of signed meta data OAuth 2.0 Mix-Up Mitigation (15 min, John) https://datatracker.ietf.org/doc/draft-ietf-oauth-mix-up-mitigation/ Encoding claims in the OAuth 2 state parameter using a JWT (15 min, John) https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-05 https://www.ietf.org/mail-archive/web/oauth/current/msg15696.html Proof-of-Possession / Token Binding (30 min, Mike/Brian/John) https://datatracker.ietf.org/doc/draft-jones-oauth-token-binding/ https://datatracker.ietf.org/doc/draft-campbell-oauth-tbpkce/ https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ Side meeting Tuesday evening, at 18:20 to discuss the following OAuth security topics: - Fragment - 307 - Mix-up - Redirector - Injection - Code Phishing - Containment - Authentication We will meet at the IETF registration desk.