[OAUTH-WG] Re: Call for adoption: draft-schwenkschuster-oauth-spiffe-client-auth-01 (Ends 2025-11-27)

Sorin Dumitru <sorin@returnze.ro> Wed, 26 November 2025 18:02 UTC

Return-Path: <sorin@returnze.ro>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 84FC69139415 for <oauth@mail2.ietf.org>; Wed, 26 Nov 2025 10:02:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=returnze-ro.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBVMr1zZkVl3 for <oauth@mail2.ietf.org>; Wed, 26 Nov 2025 10:02:14 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 09C2E9139367 for <oauth@ietf.org>; Wed, 26 Nov 2025 10:01:56 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id ffacd0b85a97d-42b3b0d76fcso60548f8f.3 for <oauth@ietf.org>; Wed, 26 Nov 2025 10:01:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=returnze-ro.20230601.gappssmtp.com; s=20230601; t=1764180115; x=1764784915; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=h2gXmbBRaEphOYKsfusYhfZ1yzqTEbgew/+Z05ZVVyI=; b=X9g9CJR0glnGNluPZaJgrVxibruFU4Ks+txTVXd9r1KCriZ2sQgjP0YYNpglCfsbpX NaSlNR/qJiClJFncLQZaovp96KwzVBNZhR/PCw+khJNO3sC/Vr/OnlCgPEgqQ+CsvOAm +EEGs/EIzXn2E/qIjCYLRg4KfWWinFy0L5WixdX6x8P7nbsGoruSoMFIJAxA8t0Ve8QC VfaMaMsqikOBzBZy53Xi+5yEvFd/6NJHxlDC3yXDOfuglN2ZdQIg6u36oOGltrNzVcqN bj2ZdofX4JIVGobKQ1CYLb+TGzrmRIDxndvBVC3Hkyn2dB7YjAR61i96z3YiVDGYvf4k RSOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764180115; x=1764784915; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=h2gXmbBRaEphOYKsfusYhfZ1yzqTEbgew/+Z05ZVVyI=; b=i4IsidGWy9nLb179SdbhGTZtoqGqZBHGbY1k0DE6NBnNJXf1g2Yf5jASOx1KJt7BAp gztER6SVsWhiMBTY2ZbzvJxQxlee0jtiun15pydzK4tM9oqReeMtso3vLLyfDe2zESMh gqzbfcAfU5O8OiXr4Bbh6J7HIjvgIOTqdqsNNo/zlfp9/9YQfQA0gTMngthFNFpz1FDM lOrKyd0TDkxnYtRDacBYskhktVijhIl1vcKmkIIcS/EsNn1gHs1/YVF/PCNKLoKo6vgN JMhhztL2oUD6yZYn8AWX6zDucj8SlsIER5dVk9AhVCV+7G/NtF+BmpuyuxMeFht4bTr6 hktA==
X-Forwarded-Encrypted: i=1; AJvYcCV9qfTmbmMIdFNb6sEojkL1/2fLgcG6DuxR2OMVTCroHbX5fibvg3DZzB0E9lJWu77x2JYD3w==@ietf.org
X-Gm-Message-State: AOJu0YwBeCPnn8omgGqmv13Bi2yrlkBZHUQxomNiQ/TytbdDnbzu3DFs hC+2GYTnmDL8QZaV2ilUt3RWoTATDCTce53yi5u43pSSQr8Ay1FXP35NDNL0YmO+q7o=
X-Gm-Gg: ASbGnct0EF+GMSqbXnfyKnVzsGOTi8C2gGj+3tatmHRy0yWdCZZSyg+843jPjxooVi8 6qbZ9gKZbl1FdT9RFe1jHb08hZJfzeAcAW95R0LckVXWeqPVgzRNt882VHIbJgfsbf4DUHBxUpi qnDdWSHHVIE1JUVecHVGNMPRg1h5BxF9xQ00EgeDok7LABG2w0uxAaL21YWIH7FkOzVHGPS+nG8 /zNmOfEErdmwCgt7Yn6lord2kpwzMGMIPG09t72i742LD5HVQWQLh279pKw0PM/GLavmPq+jtxl QpUyVkdaGk4JNTkOwxnEm5kmmEty89NO3EBJfOvjPvAYoVw7vr8FDDDvQQT5Ir2tviWmXRAPlfF siZeWPO2KDT12kVCJC0WFLouz8SiKn+mgmsBMtTeDtze58CVYFftthrKrVa9rb6NMEc43SoKBDQ iwATEJDKph1yDSuv5Je42xhZWu6mC/QkvZ1edeiZ++3LU59gTkZw==
X-Google-Smtp-Source: AGHT+IE9IP+W9DKn0ofYWD7/qEv69CKiXYfqlTwOehlnqDwEpicGREYB5Fd66Sc7FvON/6NvgwMfEQ==
X-Received: by 2002:a05:6000:1a8e:b0:3ff:17ac:a34b with SMTP id ffacd0b85a97d-42cc1d351ffmr20886391f8f.42.1764180115009; Wed, 26 Nov 2025 10:01:55 -0800 (PST)
Received: from ?IPV6:2606:4700:110:8af7:2ac7:2ef6:7e6e:30c0? ([2a09:bac1:28a0:148::41d:1e]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42cb7f2e581sm39631370f8f.8.2025.11.26.10.01.54 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Nov 2025 10:01:54 -0800 (PST)
Message-ID: <838e76c1-4131-42fe-9595-83df2c0390cd@returnze.ro>
Date: Wed, 26 Nov 2025 18:02:57 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: draft-schwenkschuster-oauth-spiffe-client-auth@ietf.org, oauth@ietf.org
References: <176306425545.723.7575571157729601398@dt-datatracker-5bd94c585b-wk4l4>
Content-Language: en-US
From: Sorin Dumitru <sorin@returnze.ro>
In-Reply-To: <176306425545.723.7575571157729601398@dt-datatracker-5bd94c585b-wk4l4>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Message-ID-Hash: ANIPEWSYZVL4KMU7MRDLSRB4J7QR36TA
X-Message-ID-Hash: ANIPEWSYZVL4KMU7MRDLSRB4J7QR36TA
X-MailFrom: sorin@returnze.ro
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Call for adoption: draft-schwenkschuster-oauth-spiffe-client-auth-01 (Ends 2025-11-27)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/80GI5fr6603zlbXBZ804oNXKgKo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

I also support adoption.

On 11/13/25 8:04 PM, Rifaat Shekh-Yusef via Datatracker wrote:
> Subject: Call for adoption: draft-schwenkschuster-oauth-spiffe-client-auth-01
>   (Ends 2025-11-27)
>
> This message starts a 2-week Call for Adoption for this document.
>
> Abstract:
>     This specification profiles the Assertion Framework for OAuth 2.0
>     Client Authentication and Authorization Grants [RFC7521] and JWT
>     Profile for OAuth 2.0 Client Authentication and Authorization Grants
>     [RFC7523] to enable the use of SPIFFE Verifiable Identity Documents
>     (SVIDs) as client credentials in OAuth 2.0.  It defines how OAuth
>     clients with SPIFFE credentials can authenticate to OAuth
>     authorization servers using their JWT-SVIDs or X.509-SVIDs without
>     the need for client secrets.  This approach enhances security by
>     enabling seamless integration between SPIFFE-enabled workloads and
>     OAuth authorization servers while eliminating the need to distribute
>     and manage shared secrets such as static client secrets.
>
> File can be retrieved from:
> https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-spiffe-client-auth/
>
> Please reply to this message keeping oauth@ietf.org in copy by indicating
> whether you support or not the adoption of this draft as a WG document.
> Comments to motivate your preference are highly appreciated.
>
> Authors, and WG participants in general, are reminded of the Intellectual
> Property Rights (IPR) disclosure obligations described in BCP 79 [2].
> Appropriate IPR disclosures required for full conformance with the provisions
> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
> Sanctions available for application to violators of IETF IPR Policy can be
> found at [3].
>
> Thank you.
> [1] https://datatracker.ietf.org/doc/bcp78/
> [2] https://datatracker.ietf.org/doc/bcp79/
> [3] https://datatracker.ietf.org/doc/rfc6701/
>
>
>