Symmetric Proof of Possession for the OAuth Authorization Code Grant
draft-ietf-oauth-spop-04

The information below is for an old version of the document
Document Type None Internet-Draft (oauth WG)
Last updated 2014-11-12
Replaces draft-sakimura-oauth-tcse
Stream IETF
Intended RFC status Proposed Standard
Formats
Expired & archived
pdf htmlized bibtex
Reviews
OPSDIR Last Call Review (of -11): Ready
SECDIR Last Call Review (of -11): Has Issues
GENART Last Call Review (of -11): Almost Ready
Additional URLs
- Mailing list discussion
Stream WG state (None)
Document shepherd Hannes Tschofenig
IESG IESG state Unknown state
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-oauth-spop-04.txt

Abstract

The OAuth 2.0 public client utilizing Authorization Code Grant (RFC 6749 - 4.1) is susceptible to the code interception attack. This specification describes a mechanism that acts as a control against this threat.

Authors

Nat Sakimura (n-sakimura@nri.co.jp)
John Bradley (ve7jtb@ve7jtb.com)
Naveen Agarwal (naa@google.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)

RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools