The IESG has approved the following document: - 'OAuth Identity and Authorization Chaining Across Domains' (draft-ietf-oauth-identity-chaining-15.txt) as Proposed Standard
This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Christopher Inacio and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/ Technical Summary This specification defines a mechanism to preserve identity and authorization information across trust domains that use the OAuth 2.0 Framework. Discussion Venues This note is to be removed before publishing as an RFC. Discussion of this document takes place on the Web Authorization Protocol Working Group mailing list ([email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/oauth/. Source for this draft and an issue tracker can be found at https://github.com/oauth-wg/oauth-identity-chaining. Working Group Summary There was strong support for this work. Document Quality There are many implementations: KeyCloak 26.5 https://www.keycloak.org/2026/01/jwt-authorization-grant Ping Identity has implementations based on existing functionality supporting those specs. Okta https://developer.okta.com/blog/2025/09/03/cross-app-access Auth0 https://auth0.com/docs/secure/call-apis-on-users-behalf/xaa Okta Open Source https://github.com/oktadev/okta-cross-app-access-mcp Okta Standalone implementation https://xaa.dev/ Basic testing implementation https://motd.xaa.rocks/ WSO2 Identity Server has some basic building blocks https://is.docs.wso2.com/en/latest/references/grant-types/#jwt-bearer-grant https://is.docs.wso2.com/en/latest/references/grant-types/#token-exchange-grant This work is related to the work in WIMSE. Many people active in OAUTH are also active in WIMSE. There are no expert reviews required - no Yang, no MIB, no media types, etc. There are no downrefs. JSONLint was used to validate the JSON examples. The AD approved having six authors on this work. Personnel The Document Shepherd for this document is Rifaat Shekh-Yusef. The Responsible Area Director is Deb Cooley. _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
