Dear OAuth Working Group, Alex and I would like to introduce a personal Draft to you. We have been working on since the beginning of the year while we were water testing our use cases and preliminary thoughts at OSW25.
Personal Draft - OAuth 2.0 client extension claims [https://datatracker.ietf.org/doc/draft-lombardo-oauth-client-extension-claims/] would allow the ability to represent in JWT profile OAuth2 Access Tokens how the Client interacted with the Authorization Sever for the benefit of a better access control at the Resource Provider. We would like to introduce 4 new claims to describe the client authentication technical methods and optionally standardized level of assurance as well as the grant flow and the grant flow extensions used as part of the issuance of the associated tokens. This Personal Draft aims at supporting requirements for [FAPI2.0-Security-Profiles] or [hl7.fhir.uv.smart-app-launch] regulated APIs when they require peculiar client authentication mechanisms to be enforced or transaction specific details to be present in the token. We are also requesting, please, a 10 minutes time slot at IETF-123 / Madrid to be able to present our work and gather comments, questions, and support in the aim of working forward on this proposal as an IETF Draft. In the meantime, we remain available to answer any questions, comments, suggestions. Regards, Jeff Jean-François "Jeff" Lombardo | Amazon Web Services Architecte Principal de Solutions, Spécialiste de Sécurité Principal Solution Architect, Security Specialist Montréal, Canada ( +1 514 778 5565 Commentaires à propos de notre échange? Exprimez-vous ici<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>. Thoughts on our interaction? Provide feedback here<https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>.
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
