That is also my understanding, Transaction Tokens anre explicitly not for cross-domain uses.
On Mon, Aug 11, 2025 at 3:08 PM Brian Campbell <bcampbell= 40pingidentity....@dmarc.ietf.org> wrote: > Note that I hope/plan to do an actual review again (it's been awhile) for > this WGCL but did want to jump in on one point below. > > On Mon, Aug 11, 2025 at 3:01 PM Watson Ladd <watsonbl...@gmail.com> wrote: > >> I have some concerns: >> >> - Requiring the requesting service to be in the Trust Domain of the >> token seems backwards to me. Surely we want these tokens to cross >> trust domains. >> > > No, I believe transaction tokens are, and have been since their inception, > appropriately scoped to be an "internal" construct for use within a single > trust domain. > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
