New draft published for OAuth Transaction Tokens. You can view the differences between draft 03 and 04 here:
https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-oauth-transaction-tokens-03&doc_2=draft-ietf-oauth-transaction-tokens-04 Updates to the draft include: - cleaning up text around the transaction context claim - updates to transaction token service responsibility - IANA text cleanup - clarifications for the subject_token_type - updated guidance regarding mutual authentication - updates to the Txn-Token response - updated security considerations and privacy considerations Includes the following merged PRs: #116 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/116>, #122 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/122>, #123 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/123>, #125 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/125>, #126 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/126>, #136 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/136>, #138 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/138>, #139 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/139>, #140 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/140>, #141 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/141>, #142 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/142>, #143 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/143>, #144 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/144>, #146 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/146>, #147 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/147>, #148 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/148>, #150 <https://github.com/oauth-wg/oauth-transaction-tokens/pull/150> ---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Mon, Dec 30, 2024 at 10:28 AM Subject: [External Sender] New Version Notification for draft-ietf-oauth-transaction-tokens-04.txt To: Atul Tulshibagwale <a...@sgnl.ai>, George Fletcher < george.fletc...@capitalone.com>, Pieter Kasselman <pie...@spirl.com> A new version of Internet-Draft draft-ietf-oauth-transaction-tokens-04.txt has been successfully submitted by Atul Tulshibagwale and posted to the IETF repository. Name: draft-ietf-oauth-transaction-tokens Revision: 04 Title: Transaction Tokens Date: 2024-12-30 Group: oauth Pages: 31 URL: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-04.txt__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_g9W0HC3w$ Status: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_gFjB6DTA$ HTML: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-04.html__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_iL8eG13g$ HTMLized: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-ietf-oauth-transaction-tokens__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_isQ43Vnw$ Diff: https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-transaction-tokens-04__;!!FrPt2g6CO4Wadw!I6M3qJy0vcazw3rApmREj3dw-2O236vAmMMDVN_LWrX_Y0Hno9szf4vhF9VBPOhRjOXGhR15G1Zn3PtDgoXXGJa_y_hdFiWp7A$ Abstract: Transaction Tokens (Txn-Tokens) enable workloads in a trusted domain to ensure that user identity and authorization context of an external programmatic request, such as an API invocation, are preserved and available to all workloads that are invoked as part of processing such a request. Txn-Tokens also enable workloads within the trusted domain to optionally immutably assert to downstream workloads that they were invoked in the call chain of the request. The IETF Secretariat ______________________________________________________________________ The information contained in this e-mail may be confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org