Hi all, We just published version -04 of this document capturing additional feedback from the last IETF meeting as well as feedback from several implementors who have been working on building out the various parts of this spec, in particular those who have a SAML SSO relationship to an IdP. There is a changelog in the document with additional details.
https://www.ietf.org/archive/id/draft-ietf-oauth-identity-assertion-authz-grant-04.html Aaron On Thu, May 21, 2026 at 3:19 PM <[email protected]> wrote: > Internet-Draft draft-ietf-oauth-identity-assertion-authz-grant-04.txt is > now > available. It is a work item of the Web Authorization Protocol (OAUTH) WG > of > the IETF. > > Title: Identity Assertion JWT Authorization Grant > Authors: Aaron Parecki > Karl McGuinness > Brian Campbell > Name: draft-ietf-oauth-identity-assertion-authz-grant-04.txt > Pages: 65 > Dates: 2026-05-21 > > Abstract: > > This specification provides a mechanism for an application to use an > identity assertion to obtain an access token for a third-party API by > coordinating through an identity provider that the downstream > Resource Authorization Server already trusts for single sign-on > (SSO), using Token Exchange [RFC8693] and JWT Profile for OAuth 2.0 > Authorization Grants [RFC7523]. This pattern is informally referred > to as Cross-App Access (XAA). > > The IETF datatracker status page for this Internet-Draft is: > > https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-assertion-authz-grant/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-oauth-identity-assertion-authz-grant-04.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-identity-assertion-authz-grant-04 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
