Hi all, As promised, work is continuing on OAuth 2.1. This latest draft has the following changes:
- Added DPoP and Step-Up Auth to appendix of extensions - Updated reference for case insensitivity of auth scheme to HTTP instead of ABNF - Corrected an instance of "relying party" vs "client" - Moved client_id requirement to the individual grant types - Updated language around client registration to better reflect alternative registration methods such as those in use by OpenID Federation and open ecosystems - consolidated descriptions of query string, form and JSON serializations - fixed typos and editorial changes https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html As a reminder, there are still many open issues that need text to resolve, so if you have strong opinions about any of these issues, it would be extremely helpful to comment with suggested text. https://github.com/oauth-wg/oauth-v2-1/issues Thanks! Aaron On Fri, Nov 15, 2024 at 9:18 AM <[email protected]> wrote: > Internet-Draft draft-ietf-oauth-v2-1-12.txt is now available. It is a work > item of the Web Authorization Protocol (OAUTH) WG of the IETF. > > Title: The OAuth 2.1 Authorization Framework > Authors: Dick Hardt > Aaron Parecki > Torsten Lodderstedt > Name: draft-ietf-oauth-v2-1-12.txt > Pages: 96 > Dates: 2024-11-15 > > Abstract: > > The OAuth 2.1 authorization framework enables an application to > obtain limited access to a protected resource, either on behalf of a > resource owner by orchestrating an approval interaction between the > resource owner and an authorization service, or by allowing the > application to obtain access on its own behalf. This specification > replaces and obsoletes the OAuth 2.0 Authorization Framework > described in RFC 6749 and the Bearer Token Usage in RFC 6750. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-v2-1-12 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
