A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution
Authors : John Bradley
Phil Hunt
Michael B. Jones
Hannes Tschofenig
Filename : draft-bradley-oauth-pop-key-distribution-00.txt
Pages : 18
Date : 2014-04-23
Abstract:
RFC 6750 specified the bearer token concept for securing access to
protected resources. Bearer tokens need to be protected in transit
as well as at rest since the security model is based on proof-of-
possession.
The OAuth 2.0 Proof-of-Possession security concept extends bearer
token security and requires the client to demonstrate possession of a
key when accessing a protected resource.
This document describes how the client obtains this keying material
from the authorization server.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-bradley-oauth-pop-key-distribution/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
