Ciao Rifaat and everybody, In Italy, I've come across two national guidelines[1][2] that utilize OAuth 2.0 for protecting resources. These were implemented two years ago when the draft was still an individual draft and not as mature as it is today. Reflecting on the Italian implementation experience, the most significant insights can be distilled into two main points:
1. The core components outlined in the Italian guidelines remain consistent with those in the current OAuth specification, demonstrating that this specification was already consistent, durable and relevant. 2. Despite its status as an I-D at the time, the specification met our needs perfectly. It provided the necessary framework that, in its absence, would have likely led to the development of a similar solution. For these reasons, I am convinced that OAuth 2.0 for protected resources should be standardized. My gratitude goes out to the authors for their foundational work and to everyone involved for their valuable revisions. Regards, Giuseppe De Marco [1] https://italia.github.io/spid-cie-oidc-docs/en/metadata_aa.html [2] https://www.agid.gov.it/sites/default/files/repository_files/llgg_attribute_authorities_0.pdf Il giorno mer 27 mar 2024 alle ore 13:54 Rifaat Shekh-Yusef < rifaat.s.i...@gmail.com> ha scritto: > All, > > This is a *WG Last Call* for the *OAuth 2.0 Protected Resource Metadata* > document. > https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-03.html > > Please, review this document and reply on the mailing list if you have any > comments or concerns, by *April 12*. > > Regards, > Rifaat & Hannes > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
