[OAUTH-WG] Re: Token Status List Shepherd Write-up - Implementations
Michael Schwartz <mike@gluu.org> Mon, 02 June 2025 15:14 UTC
Return-Path: <mike@gluu.org>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 162CF2FC05FF for <oauth@mail2.ietf.org>; Mon, 2 Jun 2025 08:14:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=gluu.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3J7R-dN3W8R for <oauth@mail2.ietf.org>; Mon, 2 Jun 2025 08:14:09 -0700 (PDT)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 22D652FC05E8 for <oauth@ietf.org>; Mon, 2 Jun 2025 08:14:08 -0700 (PDT)
Received: by mail-qt1-x82f.google.com with SMTP id d75a77b69052e-4a4323fe8caso29689411cf.2 for <oauth@ietf.org>; Mon, 02 Jun 2025 08:14:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gluu.org; s=google; t=1748877248; x=1749482048; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=dIgrRd0hcVD6LQL7Qjm/0c2g1BxDS1zgzeKVebaYxnE=; b=DMPGmNoV1T/EKkrUArlCjMAnBlaszMouRRUKbM2gO0ZeBlZqVnZX5O/OLANn3S7mfL tnZBAU8U9/ge8BMwiHmQfBn+fCIHOmXmtTseIJYIHkY+G6bfePwNR7XNOgbUsYjmRjc1 MXUX7yvZZy6PVESoKIZLXLdFTtNCzbhbRRQqM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748877248; x=1749482048; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dIgrRd0hcVD6LQL7Qjm/0c2g1BxDS1zgzeKVebaYxnE=; b=A2Ip6+HcvoAscAmae1skWAqAaIn4V4TT+dvPQRjf86GHk9jJuCsrirIH1iQ6U/NGd+ llvXJnWlZBr+rUKNTciXoBfcc0+Y6iBbrjCWYMN4Udkkh5oaCWNwjMLwstibogn7uJWT xka4YJuXixrx/cTZ0LPcSx3N1CUMqNIK9lzrgI5hYXkG4uWrLHxogkdZpXjv/NRxw4pm pNczKLyNSQKncdzbPnw/Ah1ceHAkL3EWW5djgls81sVPDmslI8hDZ7jNeLoPBtJnK11j iz1KfUOcxI0SM9sdce7oH8kMpFv+GqREgya3oIUN5NmWJ0VcrWHmJdaa3perpIlvrGVY ORoA==
X-Gm-Message-State: AOJu0YwNElf93AqSy5OthUGCEsWpWJTSoYbMgy5qwJPLXb4+ljbOnZLg tfpU+PF7Mq86oSIPCX8CtugERbClXXHVT/5FkY1kAMIcbvAjgnrvfoPMtnCI3OFVGTDwWpZqRC7 dhHJsjkfSt6ay6zH14siH+vc7p/nMX5Oxw1DcO7VDHiKRGw1C1B/mPIcEvV3X3qzgx9Mtb44bsr eHraMHwu7DVhFy0GFDOAAlyUh5CtUN9xTN
X-Gm-Gg: ASbGncvB+t5dzBtVPGTFwljApmg3zpVpQi1mzOpEHah9GjecmIJip0f8pHe0F0oo9yU 0+eguEwrFMnAm7yJqkxfGZkB0Qe7iVcLZzK7Aae8sDNp/SeaM/bSTyL8HsOT/C1Yg0bGrgPyr9N P8YbWImyZgTtzD93tf95ueVJD/QipgR7w12Jur0RD/1LEiQkJgSXnm8gB+ZxpzE+rd
X-Google-Smtp-Source: AGHT+IEqv1O9lHChfB5B4H4H/3O76/tZG0dQqhF8sRzVOVxRbMG/iWlUX2Dc0kv4einXtR4trAh1AnXZswBZtBLRJQ4=
X-Received: by 2002:ac8:6f13:0:b0:4a4:3e89:d5c0 with SMTP id d75a77b69052e-4a4aecf52eamr120610351cf.12.1748877247957; Mon, 02 Jun 2025 08:14:07 -0700 (PDT)
MIME-Version: 1.0
References: <174887501454.25371.12592136904157247695@mail2.ietf.org>
In-Reply-To: <174887501454.25371.12592136904157247695@mail2.ietf.org>
From: Michael Schwartz <mike@gluu.org>
Date: Mon, 02 Jun 2025 10:13:57 -0500
X-Gm-Features: AX0GCFujjXkbE9SR8-Y5uTO7xz1gDKgyrxcniWMmyps7ciMeQa4JfvVL5zspk2E
Message-ID: <CA+baiBhSmV1+6Qj5PQJLOP12LaTSPwZ0noVHTtF7=4DjWe1+EQ@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001edf5c06369837f5"
Message-ID-Hash: M2WTK75ZEBTEWY4AX5CLJUVXHCMNXMYW
X-Message-ID-Hash: M2WTK75ZEBTEWY4AX5CLJUVXHCMNXMYW
X-MailFrom: mike@gluu.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Token Status List Shepherd Write-up - Implementations
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/vC-NRJjMSOmSKbMmuw6WGnvirMw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Christian, We implemented Session Status List in Janssen Auth Server: https://docs.jans.io/head/janssen-server/auth-server/endpoints/session-status-list/ Also, we have a PR for Status List token validation in the Cedarling PDP which is almost done: https://github.com/JanssenProject/jans/pull/11520 - Mike -------------------------------------- Michael Schwartz Gluu Founder/CEO mike@gluu.org https://www.linkedin.com/in/nynymike On Mon, Jun 2, 2025 at 9:37 AM <oauth-request@ietf.org> wrote: > Send OAuth mailing list submissions to > oauth@ietf.org > > To subscribe or unsubscribe via email, send a message with subject or > body 'help' to > oauth-request@ietf.org > > You can reach the person managing the list at > oauth-owner@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of OAuth digest..." > > Today's Topics: > > 1. Re: Token Status List Shepherd Write-up - Implementations > (Christian Bormann) > 2. Re: OAuth 2.1 Draft version 12 expired 19.05.2025 > (Antic Kristian (C/CYG-GE)) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 2 Jun 2025 15:02:18 +0200 > From: Christian Bormann <chris.bormann@gmx.de> > Subject: [OAUTH-WG] Re: Token Status List Shepherd Write-up - > Implementations > To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> > Cc: oauth <oauth@ietf.org> > Message-ID: <52AFA656-490E-4A1E-A90B-1481AD07D9A7@gmx.de> > Content-Type: multipart/alternative; > boundary="Apple-Mail=_814837D8-8D6F-44E8-9B9B-0B27BDC45877" > > Hi Rifaat, > > We have a small list of open source implementations that we are aware of > and which agreed to being added to our repository: > > https://github.com/oauth-wg/draft-ietf-oauth-status-list?tab=readme-ov-file#implementations-open-source > > Regards, > Christian > > > On 1. Jun 2025, at 14:04, Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> > wrote: > > > > All, > > > > As part of the shepherd write-up for the Token Status List document, > > we are looking for information about implementations of this draft. > > > > https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ > > > > Please, reply to this email, on the mailing list, with any > implementations that you are aware of to support this document. > > > > Regards, > > Rifaat > > _______________________________________________ > > OAuth mailing list -- oauth@ietf.org > > To unsubscribe send an email to oauth-leave@ietf.org > > -------------- next part -------------- > A message part incompatible with plain text digests has been removed ... > Name: not available > Type: text/html > Size: 1492 bytes > Desc: not available > > ------------------------------ > > Message: 2 > Date: Mon, 2 Jun 2025 14:36:48 +0000 > From: "Antic Kristian (C/CYG-GE)" <Kristian.Antic@de.bosch.com> > Subject: [OAUTH-WG] Re: OAuth 2.1 Draft version 12 expired 19.05.2025 > To: Aaron Parecki <aaron=40parecki.com@dmarc.ietf.org>, Rifaat > Shekh-Yusef <rifaat.s.ietf@gmail.com> > Cc: "oauth@ietf.org" <oauth@ietf.org> > Message-ID: <DB9PR10MB80762ECF2748CA29098F2569A162A@DB9PR10MB8076.EUR > PRD10.PROD.OUTLOOK.COM> > Content-Type: multipart/alternative; boundary="_000_DB9PR10MB80762E > CF2748CA29098F2569A162ADB9PR10MB8076EURP_" > > Hi, > > thank you both for your quick reply and Aaron for the updated draft > version (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13) > > Mit freundlichen Grüßen / Best regards > > Kristian Antic > > Cyber Security - Governance Enterprise IT (C/CYG-GE) > Robert Bosch GmbH | Postfach 30 02 20 | 70442 Stuttgart | GERMANY | > www.bosch.com<http://www.bosch.com/> > Kristian.Antic@de.bosch.com<mailto:Kristian.Antic@de.bosch.com> > > Sitz: Stuttgart, Registergericht: Amtsgericht Stuttgart, HRB 14000; > Aufsichtsratsvorsitzender: Prof. Dr. Stefan Asenkerschbaumer; > Geschäftsführung: Dr. Stefan Hartung, Dr. Christian Fischer, Dr. Markus > Forschner, > Stefan Grosch, Dr. Markus Heyn, Dr. Frank Meyer, Katja von Raven, Dr. > Tanja Rückert > > From: Aaron Parecki <aaron=40parecki.com@dmarc.ietf.org> > Sent: Wednesday, May 28, 2025 4:07 PM > To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> > Cc: Antic Kristian (C/CYG-GE) <Kristian.Antic@de.bosch.com>; > oauth@ietf.org > Subject: Re: [OAUTH-WG] Re: OAuth 2.1 Draft version 12 expired 19.05.2025 > > I've been working on related documents, mainly the OAuth for Browser Apps > BCP, and haven't come back around to this one in a while. > > I just published an update that fixes some references including updating > the Security BCP references to RFC 9700, so it shows as an active draft > again. > > Aaron > > > On Fri, May 23, 2025 at 4:09 AM Rifaat Shekh-Yusef < > rifaat.s.ietf@gmail.com<mailto:rifaat.s.ietf@gmail.com>> wrote: > Hi Kristian, > > No, this does not mean that the document is near finalization. > This just means that the authors did not have a chance to work on the > document. > > Regards, > Rifaat > > > > On Fri, May 23, 2025 at 5:02 AM Antic Kristian (C/CYG-GE) <Kristian.Antic= > 40de.bosch.com@dmarc.ietf.org<mailto:40de.bosch.com@dmarc.ietf.org>> > wrote: > Dear OAuth Working Group, > > I have noticed that the latest draft (draft-ietf-oauth-v2-1-12< > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12>) for > OAuth 2.1 has expired on May 19, 2024. > I would like to inquire whether this indicates that the specification is > nearing finalization, or if work is underway on a new draft version. > Thank you for your time and clarification. > > Mit freundlichen Grüßen / Best regards > > Kristian Antic > > Cyber Security - Governance Enterprise IT (C/CYG-GE) > Robert Bosch GmbH | Postfach 30 02 20 | 70442 Stuttgart | GERMANY | > www.bosch.com<http://www.bosch.com/> > Kristian.Antic@de.bosch.com<mailto:Kristian.Antic@de.bosch.com> > > Sitz: Stuttgart, Registergericht: Amtsgericht Stuttgart, HRB 14000; > Aufsichtsratsvorsitzender: Prof. Dr. Stefan Asenkerschbaumer; > Geschäftsführung: Dr. Stefan Hartung, Dr. Christian Fischer, Dr. Markus > Forschner, > Stefan Grosch, Dr. Markus Heyn, Dr. Frank Meyer, Katja von Raven, Dr. > Tanja Rückert > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> > To unsubscribe send an email to oauth-leave@ietf.org<mailto: > oauth-leave@ietf.org> > _______________________________________________ > OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> > To unsubscribe send an email to oauth-leave@ietf.org<mailto: > oauth-leave@ietf.org> > -------------- next part -------------- > A message part incompatible with plain text digests has been removed ... > Name: not available > Type: text/html > Size: 9718 bytes > Desc: not available > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > > > ------------------------------ > > End of OAuth Digest, Vol 200, Issue 2 > ************************************* > -- *CONFIDENTIALITY NOTICE* This message may contain confidential or legally privileged information. If you are not the intended recipient, please immediately advise the sender by reply e-mail that you received this message, and delete this e-mail from your system. Thank you for your cooperation
- [OAUTH-WG] Token Status List Shepherd Write-up - … Rifaat Shekh-Yusef
- [OAUTH-WG] Re: Token Status List Shepherd Write-u… Michael Schwartz
- [OAUTH-WG] Re: Token Status List Shepherd Write-u… Christian Bormann
- [OAUTH-WG] Re: Token Status List Shepherd Write-u… Paul Bastian
- [OAUTH-WG] Re: Token Status List Shepherd Write-u… Rifaat Shekh-Yusef