OAuth 2.0 Protected Resource Metadata draft addressing reviews since IETF Last Call

OAuth logo Aaron Parecki and I published a new version the “OAuth 2.0 Protected Resource Metadata” specification that addresses the review comments received since the IETF Last Call. Per the history entries, the changes were:

Added metadata values declaring support for DPoP and mutual-TLS client certificate-bound access tokens.
Added missing word caught during IANA review.
Addressed ART, SecDir, and OpsDir review comments by Arnt Gulbrandsen, David Mandelberg, and Bo Wu, resulting in the following changes:
Added step numbers to sequence diagram.
Defined meaning of omitting bearer_methods_supported metadata parameter.
Added internationalization of human-readable metadata values using the mechanism from [RFC7591].
Added resource_name metadata parameter, paralleling client_name in [RFC7591].
Added Security Considerations section on metadata caching.
Used and referenced Resource Identifier definition.
Added motivating example of an email client to intro.

The specification is available at:

https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-09.html

Musings on Digital Identity

OAuth 2.0 Protected Resource Metadata draft addressing reviews since IETF Last Call

Leave a Reply

OAuth 2.0 Protected Resource Metadata draft addressing reviews since IETF Last Call

Fully-Specified Algorithms Specification Addressing Feedback from IETF 120

Leave a Reply