Hi Rifaat, Hannes, and OAuth WG, We would like to request 10+5 minutes of agenda time to present and discuss our new draft, Sender-Constrained Delegation Handle for Asynchronous OAuth 2.0 Identity Chaining<https://datatracker.ietf.org/doc/draft-zhu-oauth-async-delegation/>.
The draft extends OAuth 2.0 Token Exchange and OAuth Identity Chaining to support asynchronous, “walk-away” workflows that must continue after the end user has gone offline. It defines a sender-constrained delegation handle that allows an acting client to obtain new short-lived chained access tokens without requiring the user to re-authenticate. We would particularly appreciate feedback on: 1. The problem statement and proposed delegation-handle model. 2. Its relationship to refresh tokens and OAuth Identity Chaining. 3. The proposed security boundaries, including sender constraint, audience and scope restrictions, lifetime and refresh limits, session validity, and revocation. Regards, Larry Zhu From: Rifaat Shekh-Yusef <[email protected]> Date: Saturday, June 20, 2026 at 3:43 PM To: oauth <[email protected]> Subject: [OAUTH-WG] Call for topics for Vienna All, As per the preliminary agenda, we have two OAuth sessions at: Thursday, 2:00-4:00pm Friday, 9:00-11:00am If you have not done so already, let us know, as soon as possible, if you have a topic that you would like to present and discuss in Vienna. Regards, Rifaat & Hannes
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
