[OAUTH-WG] FW: New Version Notification for draft-ietf-oauth-access-token-jwt-06.txt

Wed, 15 Apr 2020 00:26:27 -0700 

Dear all,

Thanks again for the constructive discussions leading to, during and following 
the Virtual interim meeting on Monday.

I uploaded a new draft reflecting the changes we discussed- here’s a summary:



Changes discussed during  the interim meeting:

   o  In Section 
2.2.3<https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06#section-2.2.3>
 and Section 
3<https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06#section-3> 
eliminated language prohibiting JWT AT requests featuring multiple resources, 
substituting it with the

      prohibition for the AS to emit JWT ATs expressing ambiguous authorization 
grants.  In Section 
5<https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06#section-5>, 
added language warning against scope confusion and mentioned the existence of 
other ambiguous authorization grant.

   o  In Section 
2.2<https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06#section-2.2>
 promoted claims iat and jti from RECOMMENDED to REQUIRED.



Changes from the subsequent follow ups:

·         In Section 
2.2<https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06#section-2.2>
 and Section 
6<https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06#section-6> 
added a discussion about how different sub values affect the privacy properties 
of a solution.



Thanks

V.









On 4/15/20, 00:16, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote:





    A new version of I-D, draft-ietf-oauth-access-token-jwt-06.txt

    has been successfully submitted by Vittorio Bertocci and posted to the

    IETF repository.



    Name:                              draft-ietf-oauth-access-token-jwt

    Revision:          06

    Title:                  JSON Web Token (JWT) Profile for OAuth 2.0 Access 
Tokens

    Document date:           2020-04-14

    Group:                              oauth

    Pages:                               19

    URL:            
https://www.ietf.org/internet-drafts/draft-ietf-oauth-access-token-jwt-06.txt

    Status:         
https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/

    Htmlized:       
https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06

    Htmlized:       
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-access-token-jwt

    Diff:           
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-access-token-jwt-06



    Abstract:

       This specification defines a profile for issuing OAuth 2.0 access

       tokens in JSON web token (JWT) format.  Authorization servers and

       resource servers from different vendors can leverage this profile to

       issue and consume access tokens in interoperable manner.









    Please note that it may take a couple of minutes from the time of submission

    until the htmlized version and diff are available at tools.ietf.org.



    The IETF Secretariat







_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to