I-D Action: draft-tschofenig-oauth-hotk-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : The OAuth 2.0 Authorization Framework: Holder-of-the-Key Token Usage
	Author(s)       : Hannes Tschofenig
	Filename        : draft-tschofenig-oauth-hotk-00.txt
	Pages           : 15
	Date            : 2012-07-09

Abstract:
   OAuth 2.0 deployments currently rely on bearer tokens for securing
   access to protected resources.  Bearer tokens require Transport Layer
   Security to be used between an OAuth client and the resource server
   when presenting the access token in order to get access.  The
   security model is based on proof-of-possession of the access token:
   access token storage and transfer has to be done with care to prevent
   leakage.

   There are, however, use cases that require a more active involvement
   of the OAuth client to offer increased security, particularly against
   token leakage.  This document specifies an OAuth security framework
   using ephemeral asymmetric credentials that are bound to the access
   token.  A client can create these key pairs dynamically and use them,
   after they are bound to an access token by the authorization server,
   in communication interactions with resource servers.

   This document is discussed at
   https://www.ietf.org/mailman/listinfo/oauth.  This initial version of
   the specification shall serve as a discussion starter.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-00


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux