Web Authorization Protocol Agenda --------------------------------- Two sessions - 9:30-12:00 Monday Morning session I - 15:20-16:20 Wednesday Afternoon session II Agenda - Welcome & Status Update (Hannes) A few documents have been sent to the IESG and others are close. This is a short status update. - Device Flow (Hannes) https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ The authors received a fair amount of feedback at the Berlin IETF meeting and have identified a few areas where feedback from the group is appreciated. During the meeting we will discuss these open issues. - OAuth 2.0 Authorization Server Metadata (Mike/Phil) https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ A WGLC was started on the meta-data document earlier this year, which lead to some discussion. A few months have passed and do we now know better which direction we would like to go? - OAuth 2.0 Token Exchange (Brian) https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ The token binding work has been around for a while. Is it ready for WGLC? - OAuth Security (Torsten) [document to be published in time for the meeting] - PoP/Token Binding (John) https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/ https://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/ https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ After the Berlin IETF meeting we have adopted the token binding work and this session is to discuss the current status, the open issues and potential challenges. - Mutual X.509 Transport Layer Security (TLS) Authentication for OAuth Clients (Brian) https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/ This is a new document. The question to the group is whether this is something of interest. - Revocation (John) With RFC 7009 we published a token revocation mechanism with limited scope. The discussion to initiate with this item is whether we should extend the already published revocation mechanism to other use cases.