PPT-IETF 90 OAuth WG

OAuth Symmetric Proof of Possession for Code Extension Nat Sakimura Nomura Research Institute Ltd draftsakimuraoauthtcse03 2014724 Problem Statement Code interception attack against public clients. Zhenhua. . (Gerald) . Guo. and Marlon Pierce. Indiana University. OAuth and Gateways. OAuth is a security protocol for Web applications.. Security for REST and XML-RPC services.. Three-legged OAuth. to Science Gateways for TeraGrid . Users. Jim Basney and Jeff Gaynor. {. jbasney,gaynor. }@. illinois.edu. . Goals. Support use of . individual TeraGrid accounts. via gateways. Independent of support for gateway . Russ Housley, IETF Chair. 2. IETF Grey Beard Beer?. 3. IETF 78 Participants. 1153 people. 267 newcomers. IETF 75 was 1124 people. 53 countries. . IETF 75 was 51 countries. IETF 75 was held in . Stockholm. ?. Internet Standards and How to Get . Involved. Chris Grundemann. Internet Society. MENOG 15 – Dubai – 2 April 2015. The Internet Engineering Task Force (IETF). First, one important point:. No one really speaks FOR the IETF.. OAuth. draft-ietf-kitten-sasl-oauth-00. . William Mills. Tim Showalter. Hannes Tschofenig. Status. J. F. M. A. M. J. J. A. S. O. N. D. J. F. M. A. M. J. J. A. S. O. N. D. 2010. 2011. Indiv-00. Indiv-01. MEXT WG. 2. Administrativia. We need:. Two note takers. At least one jabber scribe. Blue Sheets. 3. Note Well. Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to:. Zhenhua. . (Gerald) . Guo. and Marlon Pierce. Indiana University. OAuth and Gateways. OAuth is a security protocol for Web applications.. Security for REST and XML-RPC services.. Three-legged OAuth. (29 July – 3 Aug. 2012). Cloud . Computing, . N. etworking, and Service (CCNS) . Update for . GISFI-10, New . Delhi, . India . 10-12 Sept. 2012. Monday-10-September-2012 . 1. IETF84 update for GISFI-10, New Delhi . Chairs:. Alan . DeKok. Joe . Salowey. . Note Well. Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". . Hannes Tschofenig. Status. Finished various specifications, including . OAuth. Core: RFC 6749. Bearer Tokens: RFC 6750. Security Threats: RFC 6819. Discussion about an enhancement to Bearer Token security (now called “Proof-of-Possession”) since the early days of the working group. . March 29, 2011. Mar 29, 2011. IETF NEA Meeting. 1. Note Well. Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to:. Good Progress with Our Documents. Specifications. We are making progress in the working group. . Where do we go next?. Luckily we have various proposals sitting around.. http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-. ?. Internet Standards and How to Get . Involved. Chris Grundemann. Internet Society. MENOG 15 – Dubai – 2 April 2015. The Internet Engineering Task Force (IETF). First, one important point:. No one really speaks FOR the IETF.. OAuth 20WeinaMaAgendaOAuth overviewSimple exampleOAuth protocol workflowServer-side web application flowClient-side web application flowWhats the problemAs the web grows more and more sites rely on di