OAuth 2.0 Token Binding
draft-jones-oauth-token-binding-00
| Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Michael B. Jones , John Bradley , Brian Campbell | ||
| Last updated | 2016-07-04 | ||
| Replaced by | draft-ietf-oauth-token-binding | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-oauth-token-binding | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This specification enables OAuth 2.0 implementations to apply Token Binding to Access Tokens and Refresh Tokens. This cryptographically binds these tokens to the TLS connections over which they are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.
Authors
Michael B. Jones
John Bradley
Brian Campbell
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)