ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

** OAuth Tutorial & OAuth Security Session **

2010-11-07 18:03:05
from [Hannes Tschofenig] [Permanent Link] 
Hi all, 

please consider attending the following two meetings! 

** OAuth Security Session **

        • Date: Monday, 13:00-15:00
        • Location: IAB breakout room (Jade 2)
        • Contact: Hannes Tschofenig hannes(_dot_)tschofenig(_at_)gmx(_dot_)net
The security consideration section of OAuth 2.0 (draft -10) is still empty. 
Hence, we would like to put some time aside to discuss what security threats, 
requirements, and countermeasures need to be described. We will use the Monday, 
November 8, 1300-1500 slot to have a  discussion session.

As a starting point I suggest to look at the following documents:

        • http://trac.tools.ietf.org/wg/oauth/trac/wiki/SecurityConsiderationshttp://trac.tools.ietf.org/wg/oauth/trac/wiki/SignaturesWhyhttp://tools.ietf.org/id/draft-tschofenig-oauth-signature-thoughts-00.txt

Note: If you are unfamiliar with OAuth then the OAuth tutorial session might be 
more suitable for you!



** OAuth Tutorial **

        • Date: Wednesday, 19:30 (after the plenary)
        • Location: IAB breakout room (Jade 2)
        • Contact: Hannes Tschofenig hannes(_dot_)tschofenig(_at_)gmx(_dot_)net
OAuth allows a user to grant a third-party Web site or application access to 
their resources, without necessarily revealing their credentials, or even their 
identity. The OAuth working group, see 
http://datatracker.ietf.org/wg/oauth/charter/, is currently trying to finalize 
their main specification, namely OAuth v2: 
http://datatracker.ietf.org/doc/draft-ietf-oauth-v2/

Based on the positive response at the last IETF meeting (in Maastricht) we 
decided to hold another OAuth tutorial, namely on *Wednesday, starting at 19:30 
(after the IETF Operations and Administration Plenary) till about 21:00. (Note: 
I had to switch the day because of the social event!)

It is helpful to read through the documents available int he working group but 
not required.

Up-to-date information can be found here: 
http://www.ietf.org/registration/MeetingWiki/wiki/79bofs

Ciao
Hannes

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [mpls] Last Call: draft-ietf-mpls-ldp-upstream (MPLS Upstream Label Assignment for LDP) to Proposed Standard, Rahul Aggarwal
Next by Date:  Re: [OAUTH-WG] ** OAuth Tutorial & OAuth Security Session **, Torsten Lodderstedt
Previous by Thread:  Re: [mpls] Last Call: draft-ietf-mpls-ldp-upstream (MPLS Upstream Label Assignment for LDP) to Proposed Standard, Rahul Aggarwal
Next by Thread:  Re: [OAUTH-WG] ** OAuth Tutorial & OAuth Security Session **, Torsten Lodderstedt
Indexes:  [Date] [Thread] [Top] [All Lists]