The IESG has approved the following document: - 'Grant Negotiation and Authorization Protocol' (draft-ietf-gnap-core-protocol-19.txt) as Proposed Standard
This document is the product of the Grant Negotiation and Authorization Protocol Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/ Technical Summary GNAP defines a mechanism for delegating authorization to a piece of software, and conveying the results and artifacts of that delegation to the software. This delegation can include access to a set of APIs as well as subject information passed directly to the software. Working Group Summary There was WG consensus to publish. Document Quality There are a number of implementations that informed the development of this document: * GNAP Authorization Service in Rust implementation by David Skyberg. https://github.com/dskyberg/gnap Prototype implementation of AS and client in Rust. MIT license. * GNAP JS Client from Interop Alliance, implementation by Dmitri Zagidulin. https://github.com/interop-alliance/gnap-client-js Prototype implementation of client in JavaScript. MIT License. * Rafiki from Interledger Foundation. https://github.com/interledger/rafiki Production implementation of AS in JavaScript. Apache 2.0 license. * Sample GNAP Client in PHP implementation by Aaron Parecki. https://github.com/aaronpk/gnap-client-php Prototype implementation of web application client and CLI client in PHP, with common support library. CC0 license. * SUNET Auth Server from SUNET. https://github.com/SUNET/sunet-auth-server Production implementation of AS in Python. BSD license. * Trustbloc from Gen Digital. https://github.com/trustbloc/docs/blob/main/readthedocs/designs/auth.md Production implementation of AS and client in Go. Apache 2.0 license. * Verified.ME from SecureKey. https://verified.me/ Production implementation of AS, client and RS. Proprietary license. * XYZ from Bespoke Engineering, implementation by Justin Richer. https://github.com/bspk/oauth.xyz-java Advanced prototype implementation of AS, client, and RS in Java, with common support library. Prototype implementation of SPA client in JavaScript. Apache 2.0 license. Personnel The Document Shepherd for this document is Yaron Sheffer. The Responsible Area Director is Roman Danyliw. _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
