Releases: oauth-wg/oauth-identity-chaining
Releases · oauth-wg/oauth-identity-chaining
draft-ietf-oauth-identity-chaining-04
-04
Clarified diagrams and description of authorization server acting as a client.
Remove references to sd-jwt.
Added text to recommend use of explicit typing.
Added security consideration on preventing lateral moves.
Editorial updates to be consistent about the trust domain for a client, authorization server or resource server.
Added sender constraining of tokens to security considerations
draft-ietf-oauth-identity-chaining-03
-03
- Added two more use cases
- Editorial updates
draft-ietf-oauth-identity-chaining-02
-02
- remove recommendation to not use RFC8693's requested_token_type
- Corrected discrepancy between alphabetic numbering of the diagram and text in the resource acting as client example
draft-ietf-oauth-identity-chaining-01
-01
- limit the authorization grant format to RFC7523 JWT
- minor example fixes
- editorial fixes
- added Aaron Parecki to acknowledgements
- renamed section headers to be more explicit
- use more specific term "JWT authorization grant"
- changed name to "OAuth Identity and Authorization Chaining Across Domains"
- move use cases to appendix and add continuous integration use case