Just under the wire for the Internet Draft submission cut-off today, a new
-01 revision of "OAuth 2.0 Step-up Authentication Challenge Protocol" has
been published with the following updates (copied from the document
history):
-01
* Added AS Metadata section with pointer to acr_values_supported
* Mention that it's not necessarily the case that a new 'stepped-up'
token always supersedes older tokens
* Add examples with max_age
---------- Forwarded message ---------
From: <[email protected]>
Date: Mon, Jul 11, 2022 at 7:11 AM
Subject: [OAUTH-WG] I-D Action:
draft-ietf-oauth-step-up-authn-challenge-01.txt
To: <[email protected]>
Cc: <[email protected]>
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Step-up Authentication Challenge
Protocol
Authors : Vittorio Bertocci
Brian Campbell
Filename : draft-ietf-oauth-step-up-authn-challenge-01.txt
Pages : 13
Date : 2022-07-11
Abstract:
It is not uncommon for resource servers to require different
authentication strengths or freshness according to the
characteristics of a request. This document introduces a mechanism
for a resource server to signal to a client that the authentication
event associated with the access token of the current request doesn't
meet its authentication requirements and specify how to meet them.
This document also codifies a mechanism for a client to request that
an authorization server achieve a specific authentication strength or
freshness when processing an authorization request.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-step-up-authn-challenge/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-01.html
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-step-up-authn-challenge-01
Internet-Drafts are also available by rsync at rsync.ietf.org:
:internet-drafts
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
