[OAUTH-WG] Protocol Action: 'Resource Indicators for OAuth 2.0' to Proposed Standard (draft-ietf-oauth-resource-indicators-07.txt)
The IESG <iesg-secretary@ietf.org> Wed, 11 September 2019 17:06 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E715B1201E4; Wed, 11 Sep 2019 10:06:39 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.101.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: rdd@cert.org, The IESG <iesg@ietf.org>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, rifaat.ietf@gmail.com, oauth@ietf.org, draft-ietf-oauth-resource-indicators@ietf.org, oauth-chairs@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <156822159987.13427.2378166334301574021.idtracker@ietfa.amsl.com>
Date: Wed, 11 Sep 2019 10:06:39 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/RBDq398hU0-NgQ34VvD_5cqUzl4>
Subject: [OAUTH-WG] Protocol Action: 'Resource Indicators for OAuth 2.0' to Proposed Standard (draft-ietf-oauth-resource-indicators-07.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2019 17:06:40 -0000
The IESG has approved the following document: - 'Resource Indicators for OAuth 2.0' (draft-ietf-oauth-resource-indicators-07.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/ Technical Summary An extension to the OAuth 2.0 Authorization Framework defining request parameters that enable a client to explicitly signal to an authorization server about the identity of the protected resource(s) to which it is requesting access. Working Group Summary The document adds new parameter for requests sent by a Client to an Authorization Server. The document received many reviews and feedback from multiple WG members on the mailing list and during the WG meetings. The document was updated to reflect a late review to make sure that the document makes it clear that the parameter might carry a location or an abstract identifier. Document Quality The document has been implemented by the following: * Ping has an implementation but with a different parameter name ("aud"): https://documentation.pingidentity.com/pingfederate/pf92/index.shtml#adminGuide/tokenEndpoint.html * Microsoft https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code * Auth0 has an implementation but with a different parameter name ("audience"): https://auth0.com/docs/api/authentication#authorize-application * Node.JS Open Source oidc-provider implements the draft in full https://github.com/panva/node-oidc-provider/blob/master/docs/configuration.md#featuresresourceindicators * ARM has an implementation as part of the Pelion Secure Device Access (SDA) product: https://cloud.mbed.com/docs/v1.2/device-management/secure-device-access.html Personnel The document shepherd is Rifaat Shekh-Yusef. The responsible Area Director is Roman Danyliw.