I support adoption. In the past, when considering the encryption of JWT access tokens, I learned that the draft regarding the metadata of the resource server had expired, which was disappointing. For an authorization server to encrypt an access token with an asymmetric algorithm, it must obtain a public key of the target resource server, but there was no standardized way. I'm glad to see the specification has been revived. If it had been revived a bit earlier, the addition that was made as "client" metadata in the "JWT Response for OAuth Token Introspection" specification would likely have been treated as metadata for the "resource server."
Best Regards, Takahiko Kawasaki On Thu, Aug 24, 2023 at 4:02 AM Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> wrote: > All, > > This is an official call for adoption for the *Protected Resource > Metadata* draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > Please, reply on the mailing list and let us know if you are in favor of > adopting this draft as WG document, by *Sep 6th.* > > Regards, > Rifaat & Hannes > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
