Hi Efe, Have you seen this oauth-wg draft? https://drafts.oauth.net/draft-ietf-oauth-attestation-based-client-auth/draft-ietf-oauth-attestation-based-client-auth.html
I think it's related to or doing a very similar thing to what you're outlining? — Emelia > On 12 Jun 2026, at 16:28, Efe Kahraman <[email protected]> > wrote: > > Dear OAuth Working Group, > > I would appreciate your review and feedback on the following Internet-Draft: > > https://datatracker.ietf.org/doc/draft-ekahraman-oauth-attestation-authz-native-app/ > > This draft proposes an OAuth 2.0 extension that enables Authorization Servers > to consider attestation results associated with native applications when > making authorization decisions. The goal is to support authorization policies > that take into account the security characteristics and trustworthiness of > the application and its execution environment. > > I would be grateful for any comments on the document, security > considerations, and whether this work addresses a problem that the OAuth WG > believes is worth pursuing. > > Thank you for your time and consideration. > > Best regards, > > Efe Kahraman > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
