Using Referred Token Binding ID for Token Binding of Access Tokens

OAuth logoThe OAuth Token Binding specification has been revised to use the Referred Token Binding ID when performing token binding of access tokens. This was enabled by the Implementation Considerations in the Token Binding HTTPS specification being added to make it clear that Token Binding implementations will enable using the Referred Token Binding ID in this manner. Protected Resource Metadata was also defined. Thanks to Brian Campbell for clarifications on the differences between token binding of access tokens issued from the authorization endpoint versus those issued from the token endpoint. The specification is available at: An HTML-formatted version is also available at: < ul>
  • http://self-issued.info/docs/draft-ietf-oauth-token-binding-01.html
  • < ul>

    Turing wins again

    screen-shot-2016-09-14-at-7-46-59-pm

    Chevrolet asks, at FindNewRoads.com.

    It continues, “Choose your account and IBM Watson will analyze your latest posts to find out and give you a glimpse into your social personality.”

    I chose Twitter.

    After looking at my tweets, which now number 11,100, it concluded,

    You are shrewd and somewhat inconsiderate.

    You are solemn: you are generally serious and do not joke much. You are philosophical: you are open to and intrigued by new ideas and love to explore them. And you are authority-challenging: you prefer to challenge authority and traditional values to help bring about positive changes.

    You are motivated to seek out experiences that provide a strong feeling of efficiency.

    You are relatively unconcerned with both tradition and helping others. You care more about making your own path than following what others have done. And you think people can handle their own business without interference.

    Then it
    screen-shot-2016-09-14-at-7-51-59-pm
    screen-shot-2016-09-14-at-7-53-38-pm
    Continue reading "Turing wins again"

    “amr” Values specification addressing WGLC comments

    OAuth logoDraft -02 of the Authentication Method Reference Values specification addresses the Working Group Last Call (WGLC) comments received. It adds an example to the multiple-channel authentication description and moves the “amr” definition into the introduction. No normative changes were made. The specification is available at:
    • http://tools.ietf.org/html/draft-ietf-oauth-amr-values-02 An HTML-formatted version is also available at:
    • http://self-issued.info/docs/draft-ietf-oauth-amr-values-02.html The specification is available at: An HTML-formatted version is also available at:

    Initial Working Group Draft of OAuth Token Binding Specification

    OAuth logoThe initial working group draft of the OAuth Token Binding specification has been published. It has the same content as draft-jones-oauth-token-binding-00, but with updated references. This specification defines how to perform token binding for OAuth access tokens and refresh tokens. Note that the access token mechanism is expected to change shortly to use the Referred Token Binding, per working group discussions at IETF 96 in Berlin. The specification is available at: An HTML-formatted version is also available at: < ul>
  • http://self-issued.info/docs/draft-ietf-oauth-token-binding-00.html
  • < ul>

    Second public draft of W3C Web Authentication Specification

    W3C logoThe W3C Web Authentication working group has announced publication of the second public draft of the W3C Web Authentication specification. The working group expects to be issuing more frequent working drafts as we approach a Candidate Recommendation.