Releases: oauth-wg/oauth-cross-device-security
Releases · oauth-wg/oauth-cross-device-security
draft-ietf-oauth-cross-device-security-16
What's Changed
- Update affiliation
- Update references and add mentions of the DC API using BLE enabled proximity by @danielfett in #274
- Added document history section by @PieterKas in #275
Full Changelog: draft-ietf-oauth-cross-device-security-15...draft-ietf-oauth-cross-device-security-16
Contributors
danielfett and PieterKas
Assets 2
draft-ietf-oauth-cross-device-security-15
Updated with feedback received from area reviews and IESG
What's Changed
- Fix typo in cross-device security document by @PieterKas in #254
- Clarify best practices for cross-device security by @PieterKas in #246
- Update guidance for defending against cross-device attacks by @PieterKas in #247
- Update user education and add NIST phishing reference by @PieterKas in #253
- Clarify practical mitigations summary wording by @PieterKas in #252
- Update authorization server misuse detection language by @PieterKas in #250
- Enhance trusted network section with SIM inference by @PieterKas in #251
- Refine proximity considerations in authorization scenarios by @PieterKas in #249
- Remind implementors to evaluate privacy implications. by @PieterKas in #248
- Nits flagged in Med's IESG Review by @boucadair in #237
- Enhance physical connectivity section with security risks by @PieterKas in #264
- Clarify user interface for declining authorization requests by @PieterKas in #265
- Clarify mitigation selection process in best practices by @PieterKas in #267
- Refine authorization data flow and examples by @PieterKas in #269
- Update cross-device protocol guidance for same-device use by @PieterKas in #270
- Clarify proximity checks in cross-device security guidelines by @PieterKas in #268
- Update CTAP title and add publisher information by @PieterKas in #266
- Fix spelling and grammatical issues in document by @PieterKas in #271
- Figure numbering by @PieterKas in #273
New Contributors
- @boucadair made their first contribution in #237
Full Changelog: draft-ietf-oauth-cross-device-security-14...draft-ietf-oauth-cross-device-security-15
Contributors
boucadair and PieterKas
Assets 2
draft-ietf-oauth-cross-device-security-14
Changes
Updates to text and diagrams to provide additional clarity based on IETF Last Call feedback
Details
- Clarify exploitation of unauthenticated channel in OAuth by @PieterKas in #206
- Enhance limitations section with VPN guidance by @PieterKas in #205
- Clarify limitations of short-lived user codes by @PieterKas in #204
- Enhance document with glossary reference and CDCP details by @PieterKas in #209
- Eliminate duplicate patterns in cross-device security document by @PieterKas in #220
- Update User-Transferred Authorization Data Pattern details by @PieterKas in #221
- Enhance security discussion on authorization requests by @PieterKas in #222
- Clarify cross-device flow use cases and descriptions by @PieterKas in #223
- Refine mitigations and proximity establishment details by @PieterKas in #224
- Clarify limitations of trusted devices in cross-device flows by @PieterKas in #225
- Forward reference to FIDO in wireless proximity section by @PieterKas in #226
- Editoria updates by @PieterKas in #227
- Clarify Authenticat-the-Initiate mitigation by @PieterKas in #228
- Update Diagrams: 1 of 4 by @PieterKas in #229
- Update Diagram 2 of 4 by @PieterKas in #230
- Update Diagram 3 of 4 by @PieterKas in #233
- Update Diagram 4 of 4 by @PieterKas in #234
- Writing Nits by @PieterKas in #235
- Cross references between use case and exploit examples by @PieterKas in #236
Full Changelog: draft-ietf-oauth-cross-device-security-13...draft-ietf-oauth-cross-device-security-14
Contributors
PieterKas
Assets 2
draft-ietf-oauth-cross-device-security-13
Address Area Director (AD) feedback - details below:
What's Changed
- Add IANA Considerations section by @PieterKas in #186
- Add security considerations by @PieterKas in #187
- Fix references by @PieterKas in #190
- Correct capitalization of 'SHOULD not' to 'SHOULD NOT' by @PieterKas in #191
- Adress AD Nits by @PieterKas in #196
- Refine cross-device flow descriptions and headings by @PieterKas in #197
- Remove repetitive text about what an AS can (and can't) do. by @PieterKas in #198
- Clarify limits of authenticate-then-initiate mitigations by @PieterKas in #199
Full Changelog: draft-ietf-oauth-cross-device-security-12...draft-ietf-oauth-cross-device-security-13
Contributors
PieterKas
Assets 2
draft-ietf-oauth-cross-device-security-12
Fixed references to point to final versions of specifications
What's Changed
- Fixed FIDO CTAP V2.2 URL by @PieterKas in #178
- Update SSF Reference by @PieterKas in #179
- CAEP Reference Update by @PieterKas in #180
- Fix IEEE reference by @PieterKas in #177
- Update IEEE Reference by @PieterKas in #181
Full Changelog: draft-ietf-oauth-cross-device-security-11...draft-ietf-oauth-cross-device-security-12
Contributors
PieterKas
Assets 2
draft-ietf-oauth-cross-device-security-11
Includes formatting and editorial changes to clarify existing text.
What's Changed
- Fixing Labels by @PieterKas in #170
- Editorial Updates - Issue 164 by @PieterKas in #171
- Devices not sharing a network by @PieterKas in #172
- Clarify authorization server role in establishing proximity by @PieterKas in #173
- Add Dan Moore to acknowledgement by @PieterKas in #175
- Authorization Server only mitigations by @PieterKas in #174
Full Changelog: draft-ietf-oauth-cross-device-security-10...draft-ietf-oauth-cross-device-security-11
Contributors
PieterKas
Assets 2
draft-ietf-oauth-cross-device-security-10
Addresses shepherd feedback
- Shepherd feedback: Describe unauthenticated channel.
- Shepherd feedback: Separate normative and informative references.
- Shepherd feedback: Update FIDO/WebAuthn references
draft-ietf-oauth-cross-device-security-09
- Affiliation change to allow publication to Datatracker.
- No content changes - re-published to avoid expiry while waiting on shepherd review.
draft-ietf-oauth-cross-device-security-08
- Editorial updates.
draft-ietf-oauth-cross-device-security-07
Includes feedback from Working Group Last Call. Changes include:
- Clarification of FIDO\WebAuthn section.
- Updated langugage in section on FIDO to allow for use of FIDO keys on consumption devices.
- Clarified origin of QR Code.
- Editorial updates
- Updated examples to be consistent.
- Made diagram description clearer.
- Added CTAP 2.2 Draft.
- Added additional guidance on geolocation inaccuracies.
- Added Roy Williams to acknowledgements
- Clarified that authorization servers can detect
- Consistent use of "smart TV"
- Fixed references