Hi,
IETF Secretariat <ietf-secretariat(_at_)ietf(_dot_)org> writes:
A new IETF non-working group email list has been created.
List address: unbearable(_at_)ietf(_dot_)org
Archive: http://www.ietf.org/mail-archive/web/unbearable/
To subscribe: https://www.ietf.org/mailman/listinfo/unbearable
Purpose:
This list is for discussion of proposals for doing better than bearer
tokens (e.g. HTTP cookies, OAuth tokens etc.) for web
applications. The specific goal is chartering a WG focused on
preventing security token export and replay attacks.
The OAUTH Working Group is already (and has been for a while!) looking
into "holder of key" protocols to improve upon Bearer Tokens.
I would suggest that this work happen there instead of creating a whole
new group for it.
-derek
For additional information, please contact the list administrators.
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant