Dear OAuth Working Group, I would like to request your review and feedback for this draft: https://datatracker.ietf.org/doc/draft-zehavi-oauth-rar-metadata/
The document addresses a practical interoperability challenge around Rich Authorization Requests (RAR): discovery of metadata for authorization details types, allowing clients dynamic discovery rather than relying on out-of-band agreements. It also standardizes error signaling in case insufficient RAR was provided and offers structured ways of remediation. The draft was presented at IETF 125 and OAuth Security Workshop (OSW) 2026, where it generated valuable discussion and received positive feedback, which has been incorporated into the latest revision of the draft. Importantly, the draft is already seeing interest and adoption across real-world deployments, including: * Norway's HelseID healthcare identity platform * Raiffeisen Bank Romania * The Model Context Protocol (MCP) Fine-Grained Authorization Working Group (see SEP-2643<https://github.com/modelcontextprotocol/modelcontextprotocol/pull/2643>) These deployments and positive feedback demonstrate the need for a standardized mechanism for RAR capability discovery and metadata publication. Given the willingness to adopt the proposal and positive feedback from the community, we'd like to ask the Working Group to consider its adoption. We would greatly appreciate additional review, feedback, and discussion from OAuth WG participants. Thank you for your consideration. Best regards, Yaron Zehavi This message and any attachment ("the Message") are confidential. If you have received the Message in error, please notify the sender immediately and delete the Message from your system, any use of the Message is forbidden. Correspondence via e-mail is primarily for information purposes. RBI neither makes nor accepts legally binding statements via e-mail unless explicitly agreed otherwise. Information pursuant to ? 14 Austrian Companies Code: Raiffeisen Bank International AG; Registered Office: Am Stadtpark 9, 1030 Vienna, Austria; Company Register Number: FN 122119m at the Commercial Court of Vienna (Handelsgericht Wien). Classification: GENERAL
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
