I'm happy to report that a substantially revised OAuth 2.0 Token Exchange draft 
has been published that enables a broad range of use cases, while still 
remaining as simple as possible.  This draft unifies the approaches taken in 
the previous working group draft and draft-campbell-oauth-sts, incorporating 
working group input from the in-person discussions in Prague and mailing list 
discussions.  Thanks to all for your interest in and contributions to OAuth 
Token Exchange!  Brian Campbell deserves special recognition for doing much of 
the editing heavy lifting for this draft.

The core functionality remains token type independent.  That said, new claims 
are also defined to enable representation of delegation actors in JSON Web 
Tokens (JWTs).  Equivalent claims could be defined for other token types by 
other specifications.

See the Document History section for a summary of the changes made.  Please 
check it out!

The specification is available at:

*       http://tools.ietf.org/html/draft-ietf-oauth-token-exchange-03

An HTML-formatted version is also available at:

*       http://self-issued.info/docs/draft-ietf-oauth-token-exchange-03.html

                                                          -- Mike

P.S.  This note was also posted at http://self-issued.info/?p=1509 and as 
@selfissued<https://twitter.com/selfissued>.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to