The “COSE and JOSE Registrations for WebAuthn Algorithms†specification has been updated to add explanatory comments on design decisions made that were discussed on the mailing list that Jim Schaad requested be added to the draft.
The specification is available at:
An HTML-formatted version is also available at:
No Comments » Posted under CBOR & Cryptography & FIDO & IETF & JSON & Specifications & W3C
The OAuth 2.0 Token Exchange specification is now RFC 8693. The abstract of the specification is:
This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.
This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. Thanks to all of you who helped make a standard for this important functionality!
No Comments » Posted under IETF & OAuth & Specifications