[OAUTH-WG] RFC 9470 on OAuth 2.0 Step Up Authentication Challenge Protocol

Fri, 08 Sep 2023 09:44:40 -0700 

A new Request for Comments is now available in online RFC libraries.

        
        RFC 9470

        Title:      OAuth 2.0 Step Up Authentication 
                    Challenge Protocol 
        Author:     V. Bertocci,
                    B. Campbell
        Status:     Standards Track
        Stream:     IETF
        Date:       September 2023
        Mailbox:    vitto...@auth0.com,
                    bcampb...@pingidentity.com
        Pages:      14
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-oauth-step-up-authn-challenge-17.txt

        URL:        https://www.rfc-editor.org/info/rfc9470

        DOI:        10.17487/RFC9470

It is not uncommon for resource servers to require different
authentication strengths or recentness according to the
characteristics of a request. This document introduces a mechanism
that resource servers can use to signal to a client that the
authentication event associated with the access token of the current
request does not meet its authentication requirements and, further,
how to meet them. This document also codifies a mechanism for a
client to request that an authorization server achieve a specific
authentication strength or recentness when processing an
authorization request.

This document is a product of the Web Authorization Protocol Working Group of 
the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the 
standardization state and status of this protocol.  Distribution of this 
memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to