I support adoption of this draft. I think there are some rough edges, especially in positioning how this fits alongside the other token exchange profiles that are in use, but it’s entirely reasonable as a starting point for the WG.
— Justin > On Aug 25, 2025, at 8:38 AM, Rifaat Shekh-Yusef via Datatracker > <nore...@ietf.org> wrote: > > > Subject: Call for adoption: > draft-parecki-oauth-identity-assertion-authz-grant-05 (Ends 2025-09-08) > > This message starts a 2-week Call for Adoption for this document. > > Abstract: > This specification provides a mechanism for an application to use an > identity assertion to obtain an access token for a third-party API by > coordinating through a common enterprise identity provider using > Token Exchange [RFC8693] and JWT Profile for OAuth 2.0 Authorization > Grants [RFC7523]. > > File can be retrieved from: > https://datatracker.ietf.org/doc/draft-parecki-oauth-identity-assertion-authz-grant/ > > Please reply to this message keeping oauth@ietf.org in copy by indicating > whether you support or not the adoption of this draft as a WG document. > Comments to motivate your preference are highly appreciated. > > Authors, and WG participants in general, are reminded of the Intellectual > Property Rights (IPR) disclosure obligations described in BCP 79 [2]. > Appropriate IPR disclosures required for full conformance with the provisions > of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. > Sanctions available for application to violators of IETF IPR Policy can be > found at [3]. > > Thank you. > [1] https://datatracker.ietf.org/doc/bcp78/ > [2] https://datatracker.ietf.org/doc/bcp79/ > [3] https://datatracker.ietf.org/doc/rfc6701/ > > > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
