The OAuth bearer and base last calls had to be re-done
since I forgot to include some downref information. Other
than adding a day to IETF LC, there should be no other
Sorry about that.
On 01/24/2012 03:00 PM, The IESG wrote:
The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'The OAuth 2.0 Authorization Protocol: Bearer Tokens'
<draft-ietf-oauth-v2-bearer-15.txt> as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2012-02-07. Exceptionally, comments
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
This specification describes how to use bearer tokens in HTTP
requests to access OAuth 2.0 protected resources. Any party in
possession of a bearer token (a "bearer") can use it to get access to
the associated resources (without demonstrating possession of a
cryptographic key). To prevent misuse, bearer tokens need to be
protected from disclosure in storage and in transport.
* There is a normative reference to RFC 2246 (TLS 1.0), which has been
obsoleted by RFC 5246 (TLS 1.2). The document uses this reference to
note that TLS 1.0 is, at this writing, the most widely deployed
version. The working group believes it is necessary to note that, and
that the reference be normative.
The file can be obtained via
IESG discussion can be tracked via
No IPR declarations have been submitted directly on this I-D.
IETF-Announce mailing list
Ietf mailing list