New draft published for OAuth Transaction Tokens. You can view the
differences between draft 03 and 04 here:

https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-oauth-transaction-tokens-03&doc_2=draft-ietf-oauth-transaction-tokens-04

Updates to the draft include:

   - cleaning up text around the transaction context claim
   - updates to transaction token service responsibility
   - IANA text cleanup
   - clarifications for the subject_token_type
   - updated guidance regarding mutual authentication
   - updates to the Txn-Token response
   - updated security considerations and privacy considerations

Includes the following merged PRs:
#116 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/116>, #122
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/122>, #123
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/123>, #125
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/125>, #126
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/126>, #136
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/136>, #138
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/138>, #139
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/139>, #140
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/140>, #141
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/141>, #142
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/142>, #143
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/143>, #144
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/144>, #146
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/146>, #147
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/147>, #148
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/148>, #150
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/150>

---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Mon, Dec 30, 2024 at 10:28 AM
Subject: [External Sender] New Version Notification for
draft-ietf-oauth-transaction-tokens-04.txt
To: Atul Tulshibagwale <a...@sgnl.ai>, George Fletcher <
george.fletc...@capitalone.com>, Pieter Kasselman <pie...@spirl.com>


A new version of Internet-Draft draft-ietf-oauth-transaction-tokens-04.txt
has
been successfully submitted by Atul Tulshibagwale and posted to the
IETF repository.

Name:     draft-ietf-oauth-transaction-tokens
Revision: 04
Title:    Transaction Tokens
Date:     2024-12-30
Group:    oauth
Pages:    31
URL:
https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-04.txt__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_g9W0HC3w$
Status:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_gFjB6DTA$
HTML:
https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-04.html__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_iL8eG13g$
HTMLized:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-ietf-oauth-transaction-tokens__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_isQ43Vnw$
Diff:
https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-transaction-tokens-04__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_hdFiWp7A$

Abstract:

   Transaction Tokens (Txn-Tokens) enable workloads in a trusted domain
   to ensure that user identity and authorization context of an external
   programmatic request, such as an API invocation, are preserved and
   available to all workloads that are invoked as part of processing
   such a request.  Txn-Tokens also enable workloads within the trusted
   domain to optionally immutably assert to downstream workloads that
   they were invoked in the call chain of the request.



The IETF Secretariat

______________________________________________________________________



The information contained in this e-mail may be confidential and/or proprietary 
to Capital One and/or its affiliates and may only be used solely in performance 
of work or services for Capital One. The information transmitted herewith is 
intended only for use by the individual or entity to which it is addressed. If 
the reader of this message is not the intended recipient, you are hereby 
notified that any review, retransmission, dissemination, distribution, copying 
or other use of, or taking of any action in reliance upon this information is 
strictly prohibited. If you have received this communication in error, please 
contact the sender and delete the material from your computer.



_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to