A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : OAuth 2.0 Mix-Up Mitigation
Author : Michael B. Jones
Filename : draft-jones-oauth-mix-up-mitigation-00.txt
Pages : 15
Date : 2016-01-11
Abstract:
This specification defines an extension to The OAuth 2.0
Authorization Framework that enables an authorization server to
provide a client using it with a consistent set of metadata about
itself. This information is returned in the authorization response.
It can be used by the client to prevent classes of attacks in which
the client might otherwise be tricked into using inconsistent sets of
metadata from multiple authorization servers, including potentially
using a token endpoint that does not belong to the same authorization
server as the authorization endpoint used. Recent research
publications refer to these as "IdP Mix-Up" and "Malicious Endpoint"
attacks.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-jones-oauth-mix-up-mitigation/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-jones-oauth-mix-up-mitigation-00
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
