Aaron Parecki<https://twitter.com/aaronpk> and I have updated the "OAuth 2.0 Protected Resource Metadata" specification in preparation for presentation and discussions at IETF 118 in Prague<https://www.ietf.org/how/meetings/118/>. The updates address comments received during the discussions at IETF 117 and afterwards. As described in the History entry, the changes were:
* Renamed scopes_provided to scopes_supported * Added security consideration for scopes_supported * Use BCP 195 for TLS recommendations * Clarified that resource metadata can be used by clients and authorization servers * Added security consideration recommending audience-restricted access tokens * Mention FAPI Message Signing as a use case for publishing signing keys * Updated references The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-01.html -- Mike P.S. This note was also posted at https://self-issued.info/?p=2437 and referenced from https://twitter.com/selfissued/status/1715799220056400214.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
