A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : OAuth 2.0: Audience Information Author(s) : Hannes Tschofenig Filename : draft-tschofenig-oauth-audience-00.txt Pages : 12 Date : 2013-02-18 Abstract: The OAuth 2.0 Bearer Token specification allows any party in possession of a bearer token to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, two important security assumptions must hold: bearer tokens must be protected from disclosure in storage and in transport and the access token must only be valid for use with a specific resource server (the audience) and with a specific scope. This document defines a new header that is used by the client to indicate what resource server, as the intended recipient, it wants to access. This information is subsequently also communicated by the authorization server securely to the resource server, for example within the audience field of the access token. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-tschofenig-oauth-audience There's also a htmlized version available at: http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
