OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: "IETF-Announce" <email@example.com> Cc: firstname.lastname@example.org, Kathleen.Moriarty.email@example.com, firstname.lastname@example.org, "The IESG" <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Document Action: 'OAuth 2.0 Proof-of-Possession (PoP) Security Architecture' to Informational RFC (draft-ietf-oauth-pop-architecture-07.txt) The IESG has approved the following document: - 'OAuth 2.0 Proof-of-Possession (PoP) Security Architecture' (draft-ietf-oauth-pop-architecture-07.txt) as Informational RFC This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/
Technical Summary This document describes an architecture extending OAuth 2.0 security, which is today based on the use of bearer tokens (defined in RFC 6750). Some scenarios demand additional security protection whereby a client needs to demonstrate possession of cryptographic keying material when accessing a protected resource. This document motivates the development of the OAuth 2.0 proof-of-possession security mechanism. This specification is an Informational RFC describing the architecture and requirements. Working Group Summary The document was initially developed by a design team and then accepted by the working group. There is strong consensus behind this work. Document Quality Implementations are planned for the follow up documents. This is an architecture draft. Personnel The document shepherd is Kepeng Li. The responsible Area Director is Kathleen Moriarty.