I-D Action: draft-ietf-kitten-sasl-oauth-04.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Common Authentication Technology Next Generation Working Group of the IETF.

	Title           : A SASL and GSS-API Mechanism for OAuth
	Author(s)       : William Mills
                          Tim Showalter
                          Hannes Tschofenig
	Filename        : draft-ietf-kitten-sasl-oauth-04.txt
	Pages           : 28
	Date            : 2012-08-20

Abstract:
   OAuth enables a third-party application to obtain limited access to a
   protected resource, either on behalf of a resource owner by
   orchestrating an approval interaction, or by allowing the third-party
   application to obtain access on its own behalf.

   This document defines how an application client uses OAuth over the
   Simple Authentication and Security Layer (SASL) or the Generic
   Security Service Application Program Interface (GSS-API) to access a
   protected resource at a resource serve.  Thereby, it enables schemes
   defined within the OAuth framework for non-HTTP-based application
   protocols.

   Clients typically store the user's long term credential.  This does,
   however, lead to significant security vulnerabilities, for example,
   when such a credential leaks.  A significant benefit of OAuth for
   usage in those clients is that the password is replaced by a token.
   Tokens typically provided limited access rights and can be managed
   and revoked separately from the user's long-term credential
   (password).


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-04

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-kitten-sasl-oauth-04


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux