Protocol Action: 'Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants' to Proposed Standard (draft-ietf-oauth-assertions-18.txt)
The IESG <iesg-secretary@ietf.org> Tue, 13 January 2015 00:15 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C1A31ACE29; Mon, 12 Jan 2015 16:15:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KhGdRHxjHlue; Mon, 12 Jan 2015 16:15:45 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4501ACE4D; Mon, 12 Jan 2015 16:15:15 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants' to Proposed Standard (draft-ietf-oauth-assertions-18.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150113001515.3307.23130.idtracker@ietfa.amsl.com>
Date: Mon, 12 Jan 2015 16:15:15 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/5shreaX_UriaGiqNI6zcvaDaGn4>
Cc: oauth chair <oauth-chairs@tools.ietf.org>, oauth mailing list <oauth@ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 00:15:47 -0000
The IESG has approved the following document: - 'Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants' (draft-ietf-oauth-assertions-18.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/ Technical Summary The Assertion Framework for OAuth 2.0 allows the use of assertions in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for transporting assertions during interactions with a token endpoint, as well as general processing rules. The intent of this specification is to provide a common framework for OAuth 2.0 to interwork with other identity systems using assertions, and to provide alternative client authentication mechanisms. Note that this specification only defines abstract message flows and processing rules. In order to be implementable, companion specifications are necessary to provide the corresponding concrete instantiations. Working Group Summary There was no controversy around this document. Document Quality The working group decided to separate the framework for assertion handling from instance documents supporting SAML assertion and JSON- based encoded tokens. Readers who want to implement the functionality also need to consult one of the extension documents, such as draft-ietf-oauth-saml2-bearer The draft previously went through IESG review and was sent back to the WG to improve interoperability. Updates have been made to address the prior concerns. Personnel The document shepherd is Hannes Tschofenig and the responsible-ish area director is Kathleen Moriarty. RFC Editor Note: This draft is part of a set of drafts that cross 2 working groups. I am working through the reviews (shepherd just confirmed them for the OAuth ones) and would like them processed as a set. The JOSE drafts will hopefully be ready shortly as well. The set includes (in order): 1 draft-ietf-jose-json-web-signature 2 draft-ietf-jose-json-web-encryption 3 draft-ietf-jose-json-web-key 4 draft-ietf-jose-json-web-algorithms 5 draft-ietf-oauth-json-web-token 6 draft-ietf-jose-cookbook 7 draft-ietf-oauth-assertions 8 draft-ietf-oauth-saml2-bearer 9 draft-ietf-oauth-jwt-bearer