The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'OAuth 2.0 Threat Model and Security Considerations'
<draft-ietf-oauth-v2-threatmodel-06.txt> as Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-07-11. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This document gives additional security considerations for OAuth,
beyond those in the OAuth specification, based on a comprehensive
threat model for the OAuth 2.0 Protocol.
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/ballot/
No IPR declarations have been submitted directly on this I-D.