{"draft":"draft-ietf-kitten-sasl-oauth-23","doc_id":"RFC7628","title":"A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth","authors":["W. Mills","T. Showalter","H. Tschofenig"],"format":["ASCII","HTML"],"page_count":"21","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Common Authentication Technology Next Generation","abstract":"OAuth enables a third-party application to obtain limited access to a\r\nprotected resource, either on behalf of a resource owner by\r\norchestrating an approval interaction or by allowing the third-party\r\napplication to obtain access on its own behalf.\r\n\r\nThis document defines how an application client uses credentials\r\nobtained via OAuth over the Simple Authentication and Security Layer\r\n(SASL) to access a protected resource at a resource server.  Thereby,\r\nit enables schemes defined within the OAuth framework for\r\nnon-HTTP-based application protocols.\r\n\r\nClients typically store the user's long-term credential.  This does,\r\nhowever, lead to significant security vulnerabilities, for example,\r\nwhen such a credential leaks.  A significant benefit of OAuth for\r\nusage in those clients is that the password is replaced by a shared\r\nsecret with higher entropy, i.e., the token.  Tokens typically\r\nprovide limited access rights and can be managed and revoked\r\nseparately from the user's long-term password.","pub_date":"August 2015","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7628","errata_url":null}