[IPP] Fwd: [saag] OAuth Meeting Report

[IPP] Fwd: [saag] OAuth Meeting Report

Ira McDonald blueroofmusic at gmail.com
Thu Jul 19 18:48:04 UTC 2018


IETF OAuth stuff that may be of interest from IETF 102 this week.

- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
mailto: blueroofmusic at gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434

---------- Forwarded message ----------
From: Hannes Tschofenig <Hannes.Tschofenig at arm.com>
Date: Thu, Jul 19, 2018 at 1:29 PM
Subject: [saag] OAuth Meeting Report
To: "saag at ietf.org" <saag at ietf.org>

Hi all,

we had two sessions for OAuth this week.

On Tuesday we discussed ‘OAuth 2.0 Incremental Authorization’ and
‘Reciprocal OAuth’. These two specifications recently became OAuth WG
documents. Brian Campbell gave a presentation about ‘OAuth 2.0 Token
Binding’, which has been in development for some time in the group already.
It is also getting close to completion..

The chairs were working with participants on two shepherd write-ups during
this week for ‘OAuth MTLS’ and ‘JSON Web Token Best Current Practices’.
These two documents will leave the working group any day now. There are
also three documents, namely the ‘OAuth 2.0 Device Flow for Browserless and
Input Constrained Devices’, the ‘OAuth 2.0 Authorization Framework: JWT
Secured Authorization Request (JAR)’ and the ‘OAuth 2.0 Token Exchange’, in
IESG processing right now.

Today we spent some time discussing OAuth Proof-of-Possession tokens, which
turned into a heated discussion: we couldn't agree on the worksplit between
the ACE and the OAuth working groups. Area director guidance will be

At the end of the meeting John Bradley spoke about OAuth 2.0 Security Best
Current Practice, pointed to two open issues and indicated that the
document will soon be ready for WGLC.

We did calls for adoption of three documents during the meeting with
positive feedback from the participants in the room, namely

 * Distributed OAuth

* Resource Indicators for OAuth 2.0

 * JWT Response for OAuth Token Introspection

We will confirm the call on the mailing list this week.


IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy the
information in any medium. Thank you.

saag mailing list
saag at ietf.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180719/1ef112ec/attachment.html>

More information about the ipp mailing list