A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : OAuth 2.0 Security: Going Beyond Bearer Tokens
Author(s) : Hannes Tschofenig
Phil Hunt
Filename : draft-tschofenig-oauth-security-00.txt
Pages : 22
Date : 2012-09-06
Abstract:
The OAuth working group has finished work on the OAuth 2.0 core
protocol as well as the Bearer Token specification. The Bearer Token
is a TLS-based solution for ensuring that neither the interaction
with the Authorization Server (when requesting a token) nor the
interaction with the Resource Server (for accessing a protected
resource) leads to token leakage. There has, however, always been
the desire to develop a security solution that is "better" than
Bearer Tokens (or at least different) where the Client needs to show
possession of some keying material when accessing a Resource Server.
This document tries to capture the discussion and to come up with
requirements to process the work on solutions.
This document aims to discuss threats, security requirements and
desired design properties of an enhanced OAuth security mechanism.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-security
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-tschofenig-oauth-security-00
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
