IETF Logo Mail Archive

[OAUTH-WG] I-D Action: draft-ietf-oauth-spiffe-client-auth-00.txt

internet-drafts@ietf.org Mon, 01 December 2025 15:11 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from [10.244.8.105] (unknown [4.156.85.76]) by mail2.ietf.org (Postfix) with ESMTP id 78DB9933FC60; Mon, 1 Dec 2025 07:11:36 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.54.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <176460189640.3641988.13863550221540624634@dt-datatracker-5bd94c585b-wk4l4>
Date: Mon, 01 Dec 2025 07:11:36 -0800
Message-ID-Hash: WMZQVAWUJFIW426OV3XEGCHN3HGMSVUE
X-Message-ID-Hash: WMZQVAWUJFIW426OV3XEGCHN3HGMSVUE
X-MailFrom: internet-drafts@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-spiffe-client-auth-00.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/RtLmAWPHg4fSHHms_b6VTFW6D2w>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Internet-Draft draft-ietf-oauth-spiffe-client-auth-00.txt is now available. It
is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.

   Title:   OAuth SPIFFE Client Authentication
   Authors: Arndt Schwenkschuster
            Pieter Kasselmann
            Scott Rose
   Name:    draft-ietf-oauth-spiffe-client-auth-00.txt
   Pages:   18
   Dates:   2025-12-01

Abstract:

   This specification profiles the Assertion Framework for OAuth 2.0
   Client Authentication and Authorization Grants [RFC7521] and JWT
   Profile for OAuth 2.0 Client Authentication and Authorization Grants
   [RFC7523] to enable the use of SPIFFE Verifiable Identity Documents
   (SVIDs) as client credentials in OAuth 2.0.  It defines how OAuth
   clients with SPIFFE credentials can authenticate to OAuth
   authorization servers using their JWT-SVIDs or X.509-SVIDs without
   the need for client secrets.  This approach enhances security by
   enabling seamless integration between SPIFFE-enabled workloads and
   OAuth authorization servers while eliminating the need to distribute
   and manage shared secrets such as static client secrets.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-spiffe-client-auth-00.html

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

v2.37.1 | Report a Bug | By Email | System Status