I too have these open questions: https://mailarchive.ietf.org/arch/msg/oauth/NLj-xnAZ4BtFs9z62OzCro4xxoc/ But I hope they are answered as the draft progresses in the WG.
On Wed, Sep 6, 2023 at 7:08 AM Brian Campbell <bcampbell= 40pingidentity....@dmarc.ietf.org> wrote: > I did have a few unanswered comments/questions on the draft > https://mailarchive.ietf.org/arch/msg/oauth/LA6sqNOV98D7wP44p2Hl6dpSmtg/ > that hopefully can be addressed as it progresses. > > On Wed, Sep 6, 2023 at 5:50 AM Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> > wrote: > >> All, >> >> Based on the responses on this thread, we declare the *Protected >> Resource Metadata* draft adopted as a WG document. >> >> >> Authors, >> >> Feel free to submit a WG document at your convenience. >> >> Regards, >> Rifaat & Hannes >> >> >> On Mon, Aug 28, 2023 at 5:28 AM Takahiko Kawasaki <t...@authlete.com> >> wrote: >> >>> I support adoption. >>> >>> In the past, when considering the encryption of JWT access tokens, I >>> learned that the draft regarding the metadata of the resource server had >>> expired, which was disappointing. For an authorization server to encrypt an >>> access token with an asymmetric algorithm, it must obtain a public key of >>> the target resource server, but there was no standardized way. I'm glad to >>> see the specification has been revived. If it had been revived a bit >>> earlier, the addition that was made as "client" metadata in the "JWT >>> Response for OAuth Token Introspection" specification would likely have >>> been treated as metadata for the "resource server." >>> >>> Best Regards, >>> Takahiko Kawasaki >>> >>> >>> On Thu, Aug 24, 2023 at 4:02 AM Rifaat Shekh-Yusef < >>> rifaat.s.i...@gmail.com> wrote: >>> >>>> All, >>>> >>>> This is an official call for adoption for the *Protected Resource >>>> Metadata* draft: >>>> https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ >>>> >>>> Please, reply on the mailing list and let us know if you are in favor >>>> of adopting this draft as WG document, by *Sep 6th.* >>>> >>>> Regards, >>>> Rifaat & Hannes >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth