Dear OAuth Chairs and Working Group,
The editors have updated the draft in
https://www.ietf.org/archive/id/draft-ietf-oauth-rfc7523bis-05.html to
incorporate the last call feedback received. Specifically, we applied
editorial suggestions by Jamshid Khosravian and Axel Nennker.
We believe that the next step is to obtain a shepherd review and then request
publication.
Thanks,
-- Mike (for
the editors)
-----Original Message-----
From: [email protected] <[email protected]>
Sent: Monday, January 12, 2026 10:31 AM
To: [email protected]
Cc: [email protected]
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-rfc7523bis-05.txt
Internet-Draft draft-ietf-oauth-rfc7523bis-05.txt is now available. It is a
work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: Updates to OAuth 2.0 JSON Web Token (JWT) Client Authentication and
Assertion-Based Authorization Grants
Authors: Michael B. Jones
Brian Campbell
Chuck Mortimore
Filip Skokan
Name: draft-ietf-oauth-rfc7523bis-05.txt
Pages: 15
Dates: 2026-01-12
Abstract:
This specification updates the requirements for audience values in
OAuth 2.0 Client Assertion Authentication and Assertion-based
Authorization Grants to address a security vulnerability identified
in the previous requirements for those audience values in multiple
OAuth 2.0 specifications.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc7523bis/
There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rfc7523bis-05
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-rfc7523bis-05
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
