[Openid-specs-ab] FW: OpenID Connect Token Bound Authentication

Mike Jones Michael.Jones at microsoft.com
Tue Jul 5 05:47:03 UTC 2016


Apparently the openid-specs-eap at lists.openid.net<mailto:openid-specs-eap at lists.openid.net> mailing list isn't working at present.  While I'd sent the contribution below, the archives say that no messages have been sent.  I'm sending this note to record the contribution to the OpenID Enhanced Authentication Profile (EAP) working group until such time as the EAP mailing list is functioning correctly.

                                                       -- Mike

From: Mike Jones
Sent: Monday, July 4, 2016 7:34 PM
To: 'openid-specs-eap at lists.openid.net' <openid-specs-eap at lists.openid.net>
Subject: OpenID Connect Token Bound Authentication

The enclosed specification is a submission to the OpenID Connect Enhanced Authentication Profile (EAP) working group.  It specifies syntax and semantics for applying Token Binding to OpenID Connect ID Tokens.

                                                       -- Mike

From: Mike Jones
Sent: Monday, July 4, 2016 7:33 PM
To: oauth at ietf.org<mailto:oauth at ietf.org>
Subject: Token Binding for Access Tokens, Refresh Tokens, and ID Tokens

Two new related specifications define syntax and semantics for applying Token Binding to OAuth Access Tokens and Refresh Tokens and to OpenID Connect ID Tokens.  draft-jones-oauth-token-binding<http://tools.ietf.org/html/draft-jones-oauth-token-binding> contains the OAuth portions.  openid-connect-token-bound-authentication-1_0<http://self-issued.info/docs/openid-connect-token-bound-authentication-1_0.html> contains the OpenID Connect portions.

These are being submitted now to hopefully enable end-to-end implementations and interop testing of Token Bound Access Tokens, Refresh Tokens, and ID Tokens across multiple platforms before the Token Binding specifications are finalized.

The OAuth specification is available at:

*       http://tools.ietf.org/html/draft-jones-oauth-token-binding-00 (HTMLized text plus links to other formats)

*       http://self-issued.info/docs/draft-jones-oauth-token-binding-00.html (HTML)

The OpenID Connect specification is available at:

*       http://self-issued.info/docs/openid-connect-token-bound-authentication-1_0-00.html (HTML)

*       http://self-issued.info/docs/openid-connect-token-bound-authentication-1_0-00.txt (Text)

*       http://self-issued.info/docs/openid-connect-token-bound-authentication-1_0-00.xml (XML Source)

Thanks to Andrei Popov, Yordan Rouskov, John Bradley, and Brian Campbell for reviews of earlier versions of these specifications and to Dirk Balfanz and William Denniss for some earlier discussions providing input to these specifications.

                                                       -- Mike

P.S.  This note was also posted at http://self-issued.info/?p=1577 and as @selfissued<https://twitter.com/selfissued>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160705/278640ce/attachment-0002.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160705/278640ce/attachment-0003.html>


More information about the Openid-specs-ab mailing list