[OAUTH-WG] Protocol Action: 'JWT Response for OAuth Token Introspection' to Proposed Standard (draft-ietf-oauth-jwt-introspection-response-12.txt)

The IESG <iesg-secretary@ietf.org> Mon, 06 September 2021 18:28 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietf.org
Delivered-To: oauth@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0690A3A1991; Mon, 6 Sep 2021 11:28:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-oauth-jwt-introspection-response@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, rifaat.s.ietf@gmail.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <163095292394.10816.17903407107606335812@ietfa.amsl.com>
Date: Mon, 06 Sep 2021 11:28:43 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/wIzIRlEGv541uxFJbOUPn-8a6T4>
Subject: [OAUTH-WG] Protocol Action: 'JWT Response for OAuth Token Introspection' to Proposed Standard (draft-ietf-oauth-jwt-introspection-response-12.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2021 18:28:44 -0000

The IESG has approved the following document:
- 'JWT Response for OAuth Token Introspection'
  (draft-ietf-oauth-jwt-introspection-response-12.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/





Technical Summary

   This draft proposes an additional JSON Web Token (JWT) based response
   for OAuth 2.0 Token Introspection.

Working Group Summary

The document received many reviews and feedback from multiple WG members on the 
mailing list and during the WG meetings.

During initial IESG review, it received a DISCUSS that required a change of sufficient scope that that it was returned to the WG.  The WG addressed the issue and the document again went through WGLC and IETF LC.  The proposed change moves the data of the introspected token into a top-level JWT claim to allow for the separation of the carrier JWT claims from the actual 
token introspection response claims.

Document Quality:

The document has been implemented by the following:

* node.js OSS oidc-provider implements the document in full behind an optional feature toggle
https://github.com/panva/node-oidc-provider/blob/master/docs/README.md#featuresjwtintrospection

* connect2id has an implementation:
https://connect2id.com/products/server/docs/api/token-introspection

* ForgeRock:
https://github.com/ForgeRock/PSD2-Accelerators/tree/yes.com/openig/yes-openig-signed-introspect-filter

Personnel:

The document shepherd is Rifaat Shekh-Yusef. 
The responsible Area Director is Roman Danyliw.