I-D Action: draft-tschofenig-oauth-hotk-02.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : The OAuth 2.0 Authorization Framework: Holder-of-the-Key Token Usage
	Author(s)       : John Bradley
                          Phil Hunt
                          Tony Nadalin
                          Hannes Tschofenig
	Filename        : draft-tschofenig-oauth-hotk-02.txt
	Pages           : 22
	Date            : 2013-02-25

Abstract:
   OAuth 2.0 deployments currently rely on bearer tokens for securing
   access to protected resources.  Bearer tokens require Transport Layer
   Security to be used between an OAuth client and the resource server
   when presenting the access token.  The security model is based on
   proof-of-possession: access token storage and transfer has to be done
   with care to prevent leakage.

   There are, however, use cases that require a more active involvement
   of the OAuth client for an increased level of security, particularly
   to secure against token leakage.  This document specifies an OAuth
   security framework using the holder-of-the-key concept, which
   requires the OAuth client when presenting an OAuth access token to
   also demonstrate knowledge of keying material that is bound to the
   token.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-02

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-tschofenig-oauth-hotk-02


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux