Hi, Based on feedback from a number of you, I've submitted a PR to the OAuth Transaction Token draft to clarify how transaction tokens are requested and obtained. You can find the PR here [1].
I've also created a number of new issues based on this work: 1. RFC 9493 and sub_id formats [2] 2. Authorization details presentation and processing [3] 3. Use of base64url encoding for request_context and authz_details [4] 4. Use of actor_token and actor_token_type [5] 5. How is the 'purp' claim of the Txn-Token defined? [6] As always, reviews, feedback, corrections, etc are greatly appreciated! [1] https://github.com/oauth-wg/oauth-transaction-tokens/pull/57 [2] https://github.com/oauth-wg/oauth-transaction-tokens/issues/56 [3] https://github.com/oauth-wg/oauth-transaction-tokens/issues/58 [4] https://github.com/oauth-wg/oauth-transaction-tokens/issues/59 [5] https://github.com/oauth-wg/oauth-transaction-tokens/issues/60 [6] https://github.com/oauth-wg/oauth-transaction-tokens/issues/61 Thanks, George ______________________________________________________________________ The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth