[OAUTH-WG] OAuth 2.0 Token Exchange is now RFC 8693

Mike Jones <Michael.Jones@microsoft.com> Wed, 15 January 2020 23:12 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7114E120113 for <oauth@ietfa.amsl.com>; Wed, 15 Jan 2020 15:12:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1WTRUetHcok4 for <oauth@ietfa.amsl.com>; Wed, 15 Jan 2020 15:11:58 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640092.outbound.protection.outlook.com [40.107.64.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF3FD120110 for <oauth@ietf.org>; Wed, 15 Jan 2020 15:11:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U17DFjMPkZ0/qvylfkL5XgMFCHj7Im0goLQqN2buZ1JdTjytjWvM8iZaoG1PWNJwf25vrtkHZAlfCBJAByyQ0sXnVxsJSKbKb8cYEZl/8PvzwvsvuUFFT9n+KHTT+6h/d1TpNvM5Cg/ARspwMWVnOVhNAPqIWkg4xieBrwvw3Z8S+pLA8HZc+Hc8kxie516RoSZYC7JrOfyDxolqcaAEa7ZnvifL8Tk5uiBzUWW7eYzPaSzK5HYvk9iKTR81rQ5RTgvAqhu7KzUY766vihx8rKYycnD/ChHTAEdeuFrsjJYUYKzY/6tdYKZEEZOpIDkkEL6QEww/Xl6551Br08Eo5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zQVT4EQyqai2wqfRfdMbIIvynx33jAYBNIhbRHNsD4M=; b=ao6y6xcS4B0TPd9RcRSrNuaTKHbImp0ldLSjajNm9s+Cy/hf5e+9uNXq9C8InzmOGLjtyqzQPslXi+Z2rVHiPBewH0pO1p/qcnIsOay/x2U3jMaXmxLNjuXAK9v/Su+F+ZZ3GLXVUNlLmeAjJrXaMS1joP1p7ELeEoUkBCSq/ok+ulAJfEoKs34/7Khw0AWOzv1HTV4+pFlN+llProuAhMBNFbRv4J/nmVmXOgRATRxaNGVAnNmOvilMmI6Upbk07G6gBzjkgIrQJYrh4vxROlYUFimKcoRDF8lcPvRERMioEp+v3ljCKIb7PdjRJSxavhIeTbfOsWu71p98Xlf3JA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zQVT4EQyqai2wqfRfdMbIIvynx33jAYBNIhbRHNsD4M=; b=PCNOfXeBL0bqDFVaLpfQq5dnm3VnzjmpjoUG0s9JAbGi/FHm6Iv6iHqwKHeL9Xo6RkmJkmvR5qZAGi2bSYPKYN9rdZkI0oagiRE1H/XaYR48HzDL/lVy16MZDRHjBNZeCka8g68ubiTdXaqkiL8Z9refCwVUmkcgbWUsg1gVlE8=
Received: from CH2PR00MB0679.namprd00.prod.outlook.com (20.180.16.71) by CH2PR00MB0812.namprd00.prod.outlook.com (10.186.139.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2684.0; Wed, 15 Jan 2020 23:11:56 +0000
Received: from CH2PR00MB0679.namprd00.prod.outlook.com ([fe80::bc12:5826:ded6:299]) by CH2PR00MB0679.namprd00.prod.outlook.com ([fe80::bc12:5826:ded6:299%5]) with mapi id 15.20.2671.000; Wed, 15 Jan 2020 23:11:56 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2.0 Token Exchange is now RFC 8693
Thread-Index: AdXL+N5yJ7+3/yxcQkuV3r8hGIpXRw==
Date: Wed, 15 Jan 2020 23:11:56 +0000
Message-ID: <CH2PR00MB0679112F25F3B90D9C3DEB26F5370@CH2PR00MB0679.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=457b4dbd-7e75-4fb1-b642-000085b3e52b; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-01-15T23:09:38Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:9:9985:3257:75a:5b2f]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: aa3ebfc1-ff6f-47c6-1531-08d79a1050e9
x-ms-traffictypediagnostic: CH2PR00MB0812:
x-microsoft-antispam-prvs: <CH2PR00MB081298391B5969517559A325F5370@CH2PR00MB0812.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 02830F0362
x-forefront-antispam-report: SFV:NSPM; SFS:(10001)(10019020)(4636009)(366004)(396003)(39860400002)(376002)(346002)(136003)(189003)(199004)(4744005)(8936002)(9686003)(5660300002)(81166006)(81156014)(8676002)(71200400001)(6916009)(8990500004)(7696005)(478600001)(316002)(6506007)(2906002)(66476007)(66556008)(66446008)(66946007)(64756008)(86362001)(76116006)(186003)(10290500003)(33656002)(52536014)(55016002)(966005)(21615005)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CH2PR00MB0812; H:CH2PR00MB0679.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: i7WwjWahv8Aj1IsmXmxneBCVNMIKoOVsgDhL8/v/vC/dHzw5JXWmRAM3k2GwQGhnLpWv+UQGFqAr5C1e40I7+4dc0/gtb0b/4HnOO8gjvZjfAwKwTRxvLt202njPLhjozefGagzeYHnfVgIZyYco83rbb50si1p+FRbeP087x4iAkai3aqi/rQ5rGFtoaVagUBpRp2pUFLExxH/LUfW/C9PsHxOhehApyCxLDKR8Atc1dx1mgFAlfKfRGJI0On+Wo/GCVESWAvJjuiURsgUARAUy3Y0shOxgMiPgXkHbQnB33kv2I4/bcomMfgYX9QY8imYXdHphOPrw+48CZy8QRjvsFhltz1S1FnULlh/sqxxN4X4t7nxhHFaUGZD41jDDT8gPh8y7PuI8g6fMZ0o8hTx2luzh8V6kzCLuM3xDtrAcsNXFVLJ8i9fbu6i89gFdbxfeGkrWa+q+7Da2UmmPD7IIFajsNb9N+44C+Zm21sIPpQwsP2EoiczeHLB2mIFQQ6sNfX4ccawsgFvfcFo4HsKsPSWUpvzqX/0Vf8WkgmX14hREU41XicT+umG/JbSeHMG91qVmCHFPpq55SaRJcAel7y9rk7Ejc/g5F2l/Hks=
x-ms-exchange-antispam-messagedata: HWdonSjnCtV4fzY4E2reoL27lnv7gYR6vNh1VQFql7TEKjeCHSHXdAKKmu/10E5abpH4f8LqUOuqxcqnZXQ5Dz9Fn1O5XBlvQifpCYWylkkxTC7BGun8Uzpv2+eGgFcZOVkJgkEvv7/+OUqxQHPDfVd18Dt2xKwJ3N2/WVRXocDIC0vxf7hULP3Jz5pm8Si0dOi51W2D8UsauVgCsPDwMw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CH2PR00MB0679112F25F3B90D9C3DEB26F5370CH2PR00MB0679namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aa3ebfc1-ff6f-47c6-1531-08d79a1050e9
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2020 23:11:56.2069 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l8/UTgc1kFqY4o0R0dfOSDCfpVR2c6sV5gsxnJArQ684TWZjnAlITGXKwiUXC8OKpfqpnwiqQEFgW1DICZZ2Cg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0812
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/QV5Acelm4StKVslcX0kJU1z__0Q>
Subject: [OAUTH-WG] OAuth 2.0 Token Exchange is now RFC 8693
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 23:12:00 -0000

The OAuth 2.0 Token Exchange specification  is now RFC 8693<https://www.rfc-editor.org/rfc/rfc8693.html>ml>.  The abstract of the specification is:
This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.

This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others.  Thanks to all of you who helped make a standard for this important functionality!

                                                       -- Mike

P.S.  This notice was also posted at https://self-issued.info/?p=2036 and as @selfissued<https://twitter.com/selfissued>.