I support adoption. We're working with a few organizations for whom this will be valuable.
Noah > > From: Joseph Salowey <[email protected]> > Date: Mon, Nov 17, 2025 at 7:16 PM > Subject: Re: [OAUTH-WG] Re: Call for adoption: > draft-schwenkschuster-oauth-spiffe-client-auth-01 (Ends 2025-11-27) > To: Dmitry Izumskiy <[email protected]> > Cc: Warren Parad <[email protected]>, < > [email protected]>, < > [email protected]>, <[email protected]> > > > I think this is useful and I support adoption. > > Joe > > On Sat, Nov 15, 2025 at 10:08 PM Dmitry Izumskiy <[email protected]> > wrote: > >> I support adoption >> >> -- `Dmitry >> >> On Fri, Nov 14, 2025 at 7:11 AM Warren Parad <wparad= >> [email protected]> wrote: >> >>> +1 to What exactly what Neil said. >>> >>> On Fri, Nov 14, 2025 at 1:20 PM Neil Madden <[email protected]> >>> wrote: >>> >>>> I support adoption in principle. It would be good to have some >>>> explanation in the draft as to why the existing jwt bearer and mTLS client >>>> auth methods are not sufficient, though. >>>> >>>> -- Neil >>>> >>>> > On 13 Nov 2025, at 20:04, Rifaat Shekh-Yusef via Datatracker < >>>> [email protected]> wrote: >>>> > >>>> > >>>> > Subject: Call for adoption: >>>> draft-schwenkschuster-oauth-spiffe-client-auth-01 >>>> > (Ends 2025-11-27) >>>> > >>>> > This message starts a 2-week Call for Adoption for this document. >>>> > >>>> > Abstract: >>>> > This specification profiles the Assertion Framework for OAuth 2.0 >>>> > Client Authentication and Authorization Grants [RFC7521] and JWT >>>> > Profile for OAuth 2.0 Client Authentication and Authorization Grants >>>> > [RFC7523] to enable the use of SPIFFE Verifiable Identity Documents >>>> > (SVIDs) as client credentials in OAuth 2.0. It defines how OAuth >>>> > clients with SPIFFE credentials can authenticate to OAuth >>>> > authorization servers using their JWT-SVIDs or X.509-SVIDs without >>>> > the need for client secrets. This approach enhances security by >>>> > enabling seamless integration between SPIFFE-enabled workloads and >>>> > OAuth authorization servers while eliminating the need to distribute >>>> > and manage shared secrets such as static client secrets. >>>> > >>>> > File can be retrieved from: >>>> > >>>> https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-spiffe-client-auth/ >>>> > >>>> > Please reply to this message keeping [email protected] in copy by >>>> indicating >>>> > whether you support or not the adoption of this draft as a WG >>>> document. >>>> > Comments to motivate your preference are highly appreciated. >>>> > >>>> > Authors, and WG participants in general, are reminded of the >>>> Intellectual >>>> > Property Rights (IPR) disclosure obligations described in BCP 79 [2]. >>>> > Appropriate IPR disclosures required for full conformance with the >>>> provisions >>>> > of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. >>>> > Sanctions available for application to violators of IETF IPR Policy >>>> can be >>>> > found at [3]. >>>> > >>>> > Thank you. >>>> > [1] https://datatracker.ietf.org/doc/bcp78/ >>>> > [2] https://datatracker.ietf.org/doc/bcp79/ >>>> > [3] https://datatracker.ietf.org/doc/rfc6701/ >>>> > >>>> > >>>> > >>>> > _______________________________________________ >>>> > OAuth mailing list -- [email protected] >>>> > To unsubscribe send an email to [email protected] >>>> >>>> _______________________________________________ >>>> OAuth mailing list -- [email protected] >>>> To unsubscribe send an email to [email protected] >>>> >>> _______________________________________________ >>> OAuth mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
