[OAUTH-WG] Signed JWK Sets
Hi all, A few of us have been considering use cases for JWTs related to Verifiable Credentials and container signing, which require better "proof of authority" for JWT signing keys. Sharon Goldberg and I wrote up a quick specification for how to sign a JWK set, and how you might extend discovery mechanisms to present such a signed JWK set: https://github.com/bifurcation/redistributable-jwks/blob/main/draft-barnes-oauth-redistributable-jwks.md (Just in GitHub for now; will publish as an I-D when the window reopens tomorrow.) If we could get this functionality added to OAuth / OIDC, it would make these use cases work a lot better. As a prelude toward proposing working group adoption, it would be great to know if this design seems helpful to other folks as well. Obviously, happy to answer any questions / comments. Thanks, --Richard ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Draft 01 of Transaction Tokens posted
Just a quick note to say that draft 01 of the Transaction Token spec has been posted to the data tracker. https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/ Thanks, George __ The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] I-D Action: draft-ietf-oauth-transaction-tokens-01.txt
Internet-Draft draft-ietf-oauth-transaction-tokens-01.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Transaction Tokens Authors: Atul Tulshibagwale George Fletcher Pieter Kasselman Name:draft-ietf-oauth-transaction-tokens-01.txt Pages: 22 Dates: 2024-03-16 Abstract: Transaction Tokens (Txn-Tokens) enable workloads in a trusted domain to ensure that user identity and authorization context of an external programmatic request, such as an API invocation, are preserved and available to all workloads that are invoked as part of processing such a request. Txn-Tokens also enable workloads within the trusted domain to optionally immutably assert to downstream workloads that they were invoked in the call chain of the request. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-01.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-transaction-tokens-01 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth