Hey Justin Appreciate the insight here, and glad to bring the message back to implementation.
Thank you Matt From: Justin Richer <jric...@mit.edu> Date: Thursday, October 10, 2024 at 8:49 AM To: Lee, Matt D <Matt.Lee@kbslp.cloud> Cc: oauth@ietf.org <oauth@ietf.org> Subject: Re: [OAUTH-WG] RFC 9068 Sent by an external sender ________________________________ Hi Matt, RFC6086 is published and final — there is not ongoing work on that document, because it is complete. I’m sure there is also other work happening all around about profiling JWTs for specific purposes and circumstances. The wording of "Proposed Standard" can be confusing. It does not mean that the document is still in process. Instead, it speaks to the nature of organizations like the IETF: we can only really propose and describe standards, it’s the implementations that make those standards concrete in the real world. With that in mind, the best way to continue the work of RFC9068 is to implement it and advocate for others to implement it as well. — Justin On Oct 8, 2024, at 4:41 PM, Lee, Matt D <Matt.Lee=40kbslp.cl...@dmarc.ietf.org> wrote: First, my sincerest condolences regarding the loss of Vittorio Bertocci, someone who had an astonishing impact on the industry and community at large. I was reminded of this loss today as I was having a conversation with some peers about the optional nature of the sub claim in JWTs used in OAuth grants. After we searched for guidance we found this proposed standard from Vittorio that would move sub from optional to required, and wondered if anyone was picking this up now that he has passed. Thank you Matt Lee | KGS Enterprise Architect _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
