Brian Campbell updated the OAuth Assertions specifications to add Privacy Considerations sections, responding to area director feedback. Thanks, Brian!
The specifications are available at:
HTML formatted versions are also available at:
I’ve updated the JSON Web Key (JWK) Thumbprint specification to incorporate the JOSE working group feedback on the -00 draft from IETF 90. The two changes were:
If a canonical JSON representation standard is ever adopted, this specification could be revised to use it, resulting in unambiguous definitions for those values (which are unlikely to ever occur in JWKs) as well. (Defining a complete canonical JSON representation is very much out of scope for this work!)
The specification is available at:
An HTML formatted version is also available at:
In preparation for IETF 90 in Toronto, I’ve updated the JWT Proof-of-Possession specification. The changes are mostly editorial in nature, plus a few changes that hadn’t received adequate review prior to inclusion in the -01 draft were reverted.
This specification is available at:
An HTML formatted version is also available at:
In preparation for IETF 90 in Toronto, I’ve updated the OAuth Token Exchange draft to allow JWTs to be unsigned in cases where the trust model permits it. This draft also incorporates some of the review feedback received on the -00 draft. (Because I believe it deserves more working group discussion to determine the right resolutions, John Bradley’s terminology feedback was not yet addressed. This would be a good topic to discuss in Toronto.)
This specification is available at:
An HTML formatted version is also available at:
In preparation for IETF 90 in Toronto, I’ve published yet another round of small deltas to the JOSE and JWT specifications motivated by additional comments from our area director, Kathleen Moriarty. These drafts add some references to Security Considerations sections, adds a Privacy Considerations section to JWT, and clarifies wording in a few places. Once again, no normative changes were made.
The specifications are available at:
HTML formatted versions are available at:
An updated OAuth Dynamic Client Registration spec has been published that clarifies the usage of the Initial Access Token and Software Statement constructs and addresses other review feedback received since the last version. See the History section for more details on the changes made.
The OAuth Dynamic Client Registration Management has also been updated in the manner discussed at IETF 89 in London to be clear that not every server implementing Dynamic Client Registration will also implement this set of related management functions.
The updated specifications are available at:
HTML formatted versions are also available at:
JOSE -30 and JWT -24 drafts have been posted incorporating improvements resulting from Kathleen Moriarty’s JWE review. At this point, actions requested in her reviews of the JWS, JWE, JWK, JWA, and JWT specifications have all been incorporated. All changes in this release were strictly editorial in nature.
The specifications are available at:
HTML formatted versions are available at:
Powered by WordPress & Theme by Anders Norén