Can you say what you would have expected or liked to have seen in the security considerations or elsewhere about it?
Some form of claims transcription, sometimes by other names like mapping or linking, is extremely common in cross domain token swapping scenarios like this and SSO type scenarios in general. I think it's a largely unwritten thing that some of the contributors thought would be worthwhile to give some treatment to in the draft. There's always opportunity to improve that treatment though. On Wed, Aug 27, 2025 at 8:44 AM Watson Ladd <watsonbl...@gmail.com> wrote: > Dear oauth WG, > > I read the draft-ietf-oauth-identity-chaining, and have some concerns > about the security considerations section. As it stands it seems to > completely ignore the security issues associated with mapping and > restricting attributes and assuming that this will work on the other > side of the transition. Section 2.5 describes reasons this process > might exist, but there's no guidance on what this looks like or the > need for both domains A and B to agree on the meaning of the > attributes that are being rewritten. > > Sincerely, > Watson > > --- > Astra mortemque praestare gradatim > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
