Hi Rifaat, Hannes, and OAuth WG,

We would like to request 10+5 minutes of agenda time to present and discuss our 
new draft, Sender-Constrained Delegation Handle for Asynchronous OAuth 2.0 
Identity 
Chaining<https://datatracker.ietf.org/doc/draft-zhu-oauth-async-delegation/>.

The draft extends OAuth 2.0 Token Exchange and OAuth Identity Chaining to 
support asynchronous, “walk-away” workflows that must continue after the end 
user has gone offline. It defines a sender-constrained delegation handle that 
allows an acting client to obtain new short-lived chained access tokens without 
requiring the user to re-authenticate.

We would particularly appreciate feedback on:

  1.  The problem statement and proposed delegation-handle model.
  2.  Its relationship to refresh tokens and OAuth Identity Chaining.
  3.  The proposed security boundaries, including sender constraint, audience 
and scope restrictions, lifetime and refresh limits, session validity, and 
revocation.

Regards,
Larry Zhu


From: Rifaat Shekh-Yusef <[email protected]>
Date: Saturday, June 20, 2026 at 3:43 PM
To: oauth <[email protected]>
Subject: [OAUTH-WG] Call for topics for Vienna

All,

As per the preliminary agenda, we have two OAuth sessions at:
Thursday, 2:00-4:00pm
Friday, 9:00-11:00am

If you have not done so already, let us know, as soon as possible, if you have 
a topic that you would like to present and discuss in Vienna.

Regards,
 Rifaat & Hannes
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to