Releases: oauth-wg/oauth-identity-chaining
Releases · oauth-wg/oauth-identity-chaining
draft-ietf-oauth-identity-chaining-06
-06
- Use IANA.media-types so the tooling can find the media types registry without an explicit target
- Mention that the RFC8693 token exchange is not strictly necessary, if trust domain A's platform provides other means to obtain a JWT authorization grant
- Better describe the trust relationship necessary (domain B has to trusts domain A to issue JWT authz grants and trust its signing key(s)) and mention that AS Metadata's
jwks_urican be used to obtain the verification keys for trust domain A - add a note about agreeing on semantics etc. when transcribing claims
- Editorial fixes
draft-ietf-oauth-identity-chaining-05
- Editorial pass on Appendix for consistency
- Clarified introduction
- Added security considerations for unconstrained authorization grants.
- Updated some contributors' affiliation and contact information
- Added examples in claims transcription text
- Simplify some text in the JWT Authorization Grant section
- Fix some toolchain complaints and other nitpicks
- Added some Privacy Considerations
- Move Mr. Parecki from acknowledgements to contributors in acknowledgement of his contributions
- Added Authorization Server Metadata registry to publish supported Token Exchange requested token types
draft-ietf-oauth-identity-chaining-04
-04
Clarified diagrams and description of authorization server acting as a client.
Remove references to sd-jwt.
Added text to recommend use of explicit typing.
Added security consideration on preventing lateral moves.
Editorial updates to be consistent about the trust domain for a client, authorization server or resource server.
Added sender constraining of tokens to security considerations
draft-ietf-oauth-identity-chaining-03
-03
- Added two more use cases
- Editorial updates
draft-ietf-oauth-identity-chaining-02
-02
- remove recommendation to not use RFC8693's requested_token_type
- Corrected discrepancy between alphabetic numbering of the diagram and text in the resource acting as client example
draft-ietf-oauth-identity-chaining-01
-01
- limit the authorization grant format to RFC7523 JWT
- minor example fixes
- editorial fixes
- added Aaron Parecki to acknowledgements
- renamed section headers to be more explicit
- use more specific term "JWT authorization grant"
- changed name to "OAuth Identity and Authorization Chaining Across Domains"
- move use cases to appendix and add continuous integration use case