Return-Path: <pieter.kasselman@microsoft.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id 63669C14F6A5
	for <wimse@ietfa.amsl.com>; Thu, 15 Aug 2024 08:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level: 
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
	HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
	RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001,
	SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01,
	URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
	header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id GUmnIf44TYVF for <wimse@ietfa.amsl.com>;
	Thu, 15 Aug 2024 08:27:34 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 (mail-vi1eur05on2113.outbound.protection.outlook.com [40.107.21.113])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 6FF15C14F69E
	for <wimse@ietf.org>; Thu, 15 Aug 2024 08:27:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=no1GZIOcNLIcG6aSbOCecVLYG4BzCOl6P9FofH9INq5r9FU5yjRt8bn1TEbQRaZ9xZTcJn149LOc53rCX1dk34QbM2ZV+GdhSTq7gPue0fQHKiVj+0YNVtcB3P3OZmVuS4pxBSfvJMW0VLaEVY2UZLOeTGoDFrPBqHQfH6IidGgkGyDlf6isYKkjXYnzdUKMK20PKZv8iN+qxNG4obScJvW4xI4zYGthR5M0yGzhLv3+l2pQlaa/oTrF7XsUmhQLuuyC1b+r6HANybJ2GU35AAQWQfZueLg1lmhFci+D9+ThUG9WHtGuhZhjO4t8juY++Q344oDQEOo6hhJ5GXBL2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=uRuy0X1BFQ3xmGNTcUyZNNHkMCh1Yj8Y//J68RWDubs=;
 b=a/N6zcFXpQLnc6WINNIVbk9bxGhwR/3lBPwEOHhD7N44AqyHOOGKxNjc3Y3PucAySg0Kpx5cpQ3F0JClls0S3oVl9Xou2C1tVqbowQ8/LbLfLonmiFwiG0/u8zRFkcAS+X76w5R8MMV6TlIIDDHjI5sVeOvGE57u5NhXYEms+5ehH2sJ/aqNzBDjllJlkoocdPgAmyva2usGyITmq/KJYzAzUo1LgYCBhPRgvVojuTlbj6k7T7mLf/hP0IP9dcCCMpacF5Yt1w3S8xVU4yEs51pqMqjKL6ovk3EvuMiPhObOWVOpcMAwsLOdeinWkVqUwX0mKrqKAttfyIM2G6lRBw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=microsoft.com; dmarc=pass action=none
 header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uRuy0X1BFQ3xmGNTcUyZNNHkMCh1Yj8Y//J68RWDubs=;
 b=Y9wCZEJd4Ie1Hsv0n9BnS9hr9CTZjOFVIvI3Rg3ezXGkJv2xw8P07NpMZ2AbNNJC/rnHjm3vxeTsCKZIf4YF1SE+2IAn2qjXMwnCXfWC/C6fVIyx/QXQ27K+czuL1ZVfYIIDzolCbWspvyEYleIEqNHOZ1/OPolf4AKXgT3S2+c=
Received: from PR3PR83MB0441.EURPRD83.prod.outlook.com (2603:10a6:102:76::18)
 by VI2PR83MB0718.EURPRD83.prod.outlook.com (2603:10a6:800:270::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.10; Thu, 15 Aug
 2024 15:27:31 +0000
Received: from PR3PR83MB0441.EURPRD83.prod.outlook.com
 ([fe80::d76c:55be:e63:4085]) by PR3PR83MB0441.EURPRD83.prod.outlook.com
 ([fe80::d76c:55be:e63:4085%5]) with mapi id 15.20.7897.009; Thu, 15 Aug 2024
 15:27:31 +0000
From: Pieter Kasselman <pieter.kasselman@microsoft.com>
To: "wimse@ietf.org" <wimse@ietf.org>
Thread-Topic: Next Steps: Best Current Practice for OAuth 2.0 Client
 Authentication in Workload Environments
Thread-Index: AdrvJ1oL8X+5L3nZSaeLVpvOjovXgw==
Date: Thu, 15 Aug 2024 15:27:30 +0000
Message-ID: 
 <PR3PR83MB0441A9ACBEC993AC0239398991802@PR3PR83MB0441.EURPRD83.prod.outlook.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: 
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=4cda6d46-6fbd-442b-bdf7-6e9843178e44;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-08-15T15:24:21Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PR3PR83MB0441:EE_|VI2PR83MB0718:EE_
x-ms-office365-filtering-correlation-id: 83511cfb-e9e6-4bdf-085d-08dcbd3ec74f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: 
 =?us-ascii?Q?Gou8tsNGKsYs+tSWIUKlfXSqUQtmB+7Ias8WOYAbdNfmYAjunrHE+Q3Uy7UL?=
 =?us-ascii?Q?Uq3p0d6bPDYX9xXsLHAMzcI2nt4PDxNlKNSGzbLOlL9wKZZ+mXr/IXxy9ZVS?=
 =?us-ascii?Q?5uy8Yt06XfTP9NVMV3MiSZtQTA8BLB2xYf5Nqly7KrSW/VF9JQvrE/Olx57i?=
 =?us-ascii?Q?Y5TPzvPvKvT7hI3Q3cEKlLas4WoUDbzSnnLvgD8B5/zd17bGz/F+tkIKSJYF?=
 =?us-ascii?Q?hr/uxvq48/aP7T4wbD9nZPC6kXs3BnOoHh9l3vJ9RPn/fSLrK7YgsRnH0wcu?=
 =?us-ascii?Q?GVUmPxCqQpvgbYUrEAAoo581QN6s0TwGaAKdbh55M963TkPPwa7uhFJBewHv?=
 =?us-ascii?Q?0jL1yfw/3vvdRFcP2KWQ7bdh2b5iL68ulmn/HUELsk2L2pP6jfFqqLZpkLQm?=
 =?us-ascii?Q?wINRQhUEOygCykQFGSbs4zzIC+EQNezvP/mFnO0vWOFC09Cqdiu7kWhzDcLN?=
 =?us-ascii?Q?qVv4UxkQwjFFuLCdSGO29JuLGu3aXksyXoTJOGP8ysln/uiLpl55gbLhxjtJ?=
 =?us-ascii?Q?0Oj2qeTKoEICfaEPxZoa6UGqTU5lL/IxvFwKlQBAqZqwyfOW/ZAK13cn+edA?=
 =?us-ascii?Q?OkdcHuHGCo5k7NSgVDDSbU/ao+IoB9PYrLJ3YXQrnDA8Is7bY+BKSBdoJPm6?=
 =?us-ascii?Q?P+v/9wQOziy5RjMGTTd/54WD+HAL15WJsLUhlmTbv+VLfoRN4DTY0bMzAKLp?=
 =?us-ascii?Q?7OAFcBTc1JvTFZLLzlWXo6Vd+2PDqSlvQEnDpfcZYWO3Uc8imhmty8OzdWae?=
 =?us-ascii?Q?QWY1YBMrOmJZOwpDc3+4npE81o0V141Y5bAuMzfEAQy0EWFtW6SmzmokA7ns?=
 =?us-ascii?Q?2M+AfWdytTwNnst9+IFZm0jGV1tU80xHjTTpWkFqT76CdJUG6G7/MQw90lXZ?=
 =?us-ascii?Q?fY7wwDfvYiqcjLTQ+7kqbK0zHQmBCSK+SuMcnZFEnEhKXWcOCmZKGdqElAEm?=
 =?us-ascii?Q?7C9dRJPUwqhHdlUihgPnYzx+s9vlZQeilOyqvQz/OAGTsu8R4FZnpHH3PFuN?=
 =?us-ascii?Q?tKEhB6M1IbRkYF8oBvjaXvNjblL/3AoCOqCXCXJOJHrcGjFLlD0x7SnnRDD6?=
 =?us-ascii?Q?wurRQ6Dvn2Z/xg0ZET/c0XqZMfdfopA6XMmMEmzkSQ2ShsxIp1vo2UO+2jvu?=
 =?us-ascii?Q?fy/rXGfroyN7mw0pQfhRwbJXSJALjHROhn+m5JRB8wPvFNaGZSlx19891eo6?=
 =?us-ascii?Q?emaqEBGDDkbqfot8e03ca40017lIhllxnzSzSSjvWw1qtrfLfE1rSDkTU8I/?=
 =?us-ascii?Q?BdXJ2ZjQzTiTkF2diir9Nange+fiTTJ/TuDtQD2k19AvTv1hMIFjLgxsSzmM?=
 =?us-ascii?Q?wR4UAxFlm+9qFywGc442RrhwxjL6bk2V047nvvdOMc+jd2p39Jttuk9l+XHa?=
 =?us-ascii?Q?Xess5qE2/QTPhrSjSfquuC9q4HTlL3FHuLth6P6mdSPvWnCYkw=3D=3D?=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR3PR83MB0441.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?us-ascii?Q?RRepiUUhHJdB1bx84/fO69cSadCUGutXTHcqSWiKxmbDYziKS28mhqzEozFY?=
 =?us-ascii?Q?NEeEFRLW0lOy8XdwtHPOk7ayc4FV/v437uK2QMCqn1lfz17JvOeJiDTjHEGQ?=
 =?us-ascii?Q?opH0NXzT15683Y73zZYLndbfjTmvsgFoGyUEjBc3IXAkhTvjzBI6KcZf56PJ?=
 =?us-ascii?Q?+tTDdQvTOOhq5u5rk+DHpRXH5nb7od8nM6DBJGebmnYTST5H7kofurim9Jot?=
 =?us-ascii?Q?PStiDhGBe6RKRtS5VIKBwNsWbWCFua8kfHNLQ6rZ5mDdakDRV+j0FYC7XDNN?=
 =?us-ascii?Q?nnE28ripBPNaiKZFsFHDF3KS0kc7Hsl7u/zXbT31DCSItdERsddtmzO3A89P?=
 =?us-ascii?Q?Q5nmDkltguFpZZLcAcgm29zifZOybHK5oPWT3By5FQizUKdndZ02ytk+KSsP?=
 =?us-ascii?Q?izHmS4Fuj63hbK2sa5zPBg+VWdGp/pYvrSOGuUtU6QBwXsMQyTpmKDBESFkj?=
 =?us-ascii?Q?ZkuZJiyj3RvXB0kKYwpqBfmzrT1tCrELvFyOPndqNFJKW750pJy1iMHj24tQ?=
 =?us-ascii?Q?O1qXHDawOwHppCUEE5lkFSFnZIZBAB6fe82RUqZ1MtveMsSIHX/6rZlsgDHm?=
 =?us-ascii?Q?eb1BPSUQ76i/K7vFnCa4pU9Mlf0c28D4DyHMqEnUVzrRD/Pxe5KWpJZ1XiWX?=
 =?us-ascii?Q?HPnwmY3GvYbEhPpb9ncmHxKYs1ju99jLqApJMAUG10vJxWt8hen91aigD9L+?=
 =?us-ascii?Q?9Im5UbnZQ6K1OnwzXhfdekyjqPecpWnHOZF4sCbEMcqZUvNsw814d5sGcJep?=
 =?us-ascii?Q?DAOOQ/TR7gz+FNs/PkpzX5xRyQy1laa24+EbaY/cW3DAmqIaE96V5O0jGPEm?=
 =?us-ascii?Q?4/WkXD6Sj9L5cVoXnjudbB9nzKwGvWIVOmla47Z21BQC1WhxyspmL9BHBdnn?=
 =?us-ascii?Q?JqJRlWRGavoLBfdxUqhUtIpmxkI1wV+YzhJHOKK+BxXTbZQ4FgzdPpaDO8/I?=
 =?us-ascii?Q?Lz1rP21q1pGuuYEZT6piD+6TjOZsuFuQLcLGr1ngewOCmCKnSftG7SQn/s2j?=
 =?us-ascii?Q?ykRe5f5Rxc1p5bfBVhP7CI11YFk5UuU+LYX8vaKHYH+sZbVKS01CoTZ8os2E?=
 =?us-ascii?Q?exYxvjO6Duxv0j331vUt7cyd4sIxWu5C44uFr+2R120CjdqqTxKbn5+4aIRV?=
 =?us-ascii?Q?iSjivGF1tIIV6xllaSrI8TKHj3TRJFlsvZH30FCe4dDgx9Rq4WfEkUGZKvdV?=
 =?us-ascii?Q?PusVgbqcL+FrIIVq8UgeRK5YNQ3VkFO+G7ebbZ701M2/moZrqa0/bRZwzXc5?=
 =?us-ascii?Q?ZZOXFL41qpRNtRy2LVITuaD5kCcK3pPA9yj5lp7NUvs0A1T16e0LgtGoGfSM?=
 =?us-ascii?Q?C9JlACecb2ew5YZphgBFio1mkYIgHL/7PtG8N2j9ce0+TbwYh6ni1metf/nc?=
 =?us-ascii?Q?r/QHYOXvfEitwL26TCBxHbJO99VMU+UyhWHqAzaoRv04fUM3u+uiEZcdEudl?=
 =?us-ascii?Q?WUvhZCnbw8C9CqLJJzzvhqAe9mPXEhLFNPZtHAwjlfqm1+hTpwMLsGIKJdL/?=
 =?us-ascii?Q?x8P9SZ+LSaN2Y6WBY/y2Sp9PqiXTSoS2l47F?=
Content-Type: multipart/alternative;
	boundary="_000_PR3PR83MB0441A9ACBEC993AC0239398991802PR3PR83MB0441EURP_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PR3PR83MB0441.EURPRD83.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 83511cfb-e9e6-4bdf-085d-08dcbd3ec74f
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2024 15:27:30.9069
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 vkGFiPdD/0MBw8IJAb32DmjI1RAZaLee9XU0v6Lg60up3y8YOdG9dFeF/aHavSU7Mly1ROItwPRg270cnm4tfEYXP2W4FygnpGm+9AsTAnU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI2PR83MB0718
Message-ID-Hash: V2DFA2KRGKYDJE3S6PRZPO2SFDGQ632Y
X-Message-ID-Hash: V2DFA2KRGKYDJE3S6PRZPO2SFDGQ632Y
X-MailFrom: pieter.kasselman@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: =?utf-8?q?=5BWimse=5D_Next_Steps=3A_Best_Current_Practice_for_OAuth_2=2E0_Cl?=
 =?utf-8?q?ient_Authentication_in_Workload_Environments?=
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/wimse/BBOs0Td4iwZ0seD3LDLi1hc8ptE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

--_000_PR3PR83MB0441A9ACBEC993AC0239398991802PR3PR83MB0441EURP_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Following the WIMSE meeting at IETF 120 in Vancouver, the chairs put out a =
"Request for Input" [1] regarding the working group document "Best Current =
Practice for OAuth 2.0 Client Authentication in Workload Environments" (dra=
ft-ietf-wimse-workload-identity-bcp-01) [2].

Based on the feedback received, we believe rough consensus has been achieve=
d and the document should:


  1.  Document existing practices without specific recommendations on how t=
o obtain, protect and use OAuth Access Tokens.
  2.  Include security considerations for these current practices.
  3.  Be considered informational, and not a best current practices documen=
t.

Thanks to everyone who provided input and shared their perspective on this =
issue. We look foraward to your ongoing contributions.

- Pieter and Justin

[1] https://mailarchive.ietf.org/arch/msg/wimse/zrEzmYvRRcSwSrhj9d7ncybqAwg=
/
[2] https://datatracker.ietf.org/doc/draft-ietf-wimse-workload-identity-bcp=
/


--_000_PR3PR83MB0441A9ACBEC993AC0239398991802PR3PR83MB0441EURP_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:m=3D"http://sc=
hemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-=
html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-ligatures:standardcontextual;
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:11.0pt;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
/* List Definitions */
@list l0
	{mso-list-id:1686439982;
	mso-list-template-ids:-262607570;}
ol
	{margin-bottom:0cm;}
ul
	{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-IE" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Following the WIMSE meeting at IETF 120 in Vancouver=
, the chairs put out a &quot;Request for Input&quot; [1] regarding the work=
ing group document &quot;Best Current Practice for OAuth 2.0 Client Authent=
ication in Workload Environments&quot; (draft-ietf-wimse-workload-identity-=
bcp-01)
 [2].<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;<o:p></o:p></p>
<p class=3D"MsoNormal">Based on the feedback received, we believe rough con=
sensus has been achieved and the document should:<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;<o:p></o:p></p>
<ol style=3D"margin-top:0cm" start=3D"1" type=3D"1">
<li class=3D"MsoNormal" style=3D"mso-list:l0 level1 lfo1">Document existing=
 practices without specific recommendations on how to obtain, protect and u=
se OAuth Access Tokens.<o:p></o:p></li><li class=3D"MsoNormal" style=3D"mso=
-list:l0 level1 lfo1">Include security considerations for these current pra=
ctices.<o:p></o:p></li><li class=3D"MsoNormal" style=3D"mso-list:l0 level1 =
lfo1">Be considered informational, and not a best current practices documen=
t.<o:p></o:p></li></ol>
<p class=3D"MsoNormal">&nbsp;<o:p></o:p></p>
<p class=3D"MsoNormal">Thanks to everyone who provided input and shared the=
ir perspective on this issue. We look foraward to your ongoing contribution=
s.<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;<o:p></o:p></p>
<p class=3D"MsoNormal">&#8212; Pieter and Justin&nbsp;<o:p></o:p></p>
<p class=3D"MsoNormal">&nbsp;<o:p></o:p></p>
<p class=3D"MsoNormal">[1] <a href=3D"https://mailarchive.ietf.org/arch/msg=
/wimse/zrEzmYvRRcSwSrhj9d7ncybqAwg/">
https://mailarchive.ietf.org/arch/msg/wimse/zrEzmYvRRcSwSrhj9d7ncybqAwg/</a=
><o:p></o:p></p>
<p class=3D"MsoNormal">[2] <a href=3D"https://datatracker.ietf.org/doc/draf=
t-ietf-wimse-workload-identity-bcp/">
https://datatracker.ietf.org/doc/draft-ietf-wimse-workload-identity-bcp/</a=
> <o:p>
</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_PR3PR83MB0441A9ACBEC993AC0239398991802PR3PR83MB0441EURP_--