Hi all, The editors have published a new draft of OAuth 2.1.
https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html Huge thanks to Vittorio Bertocci and Justin Richer for their previous reviews of the draft, a large portion of the changes in this version are based on their feedback. Here is a high level summary of the changes from the previous draft: * The major change is a refactoring to collect all the grant types under the same top-level header in section 4: https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html#name-grant-types * Better split normative and security consideration text into the appropriate places, both moving text that was really security considerations out of the main part of the document, as well as pulling normative requirements from the security considerations sections into the appropriate part of the main document * Incorporated many of the published errata on RFC6749 * Updated references to various RFCs * Quite a lot of editorial clarifications throughout the document We will continue to make progress on incorporating the suggestions from previous reviews, but in the mean time, this was a significant structural change that warranted publishing a new draft ahead of the upcoming interim meetings. As always, feedback is greatly appreciated! Thanks! --- Aaron Parecki https://aaronparecki.com https://oauth2simplified.com On Wed, Sep 8, 2021 at 2:06 PM <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : The OAuth 2.1 Authorization Framework > Authors : Dick Hardt > Aaron Parecki > Torsten Lodderstedt > Filename : draft-ietf-oauth-v2-1-03.txt > Pages : 86 > Date : 2021-09-08 > > Abstract: > The OAuth 2.1 authorization framework enables a third-party > application to obtain limited access to an HTTP service, either on > behalf of a resource owner by orchestrating an approval interaction > between the resource owner and an authorization service, or by > allowing the third-party application to obtain access on its own > behalf. This specification replaces and obsoletes the OAuth 2.0 > Authorization Framework described in RFC 6749. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-1-03 > > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
