Internet-Draft draft-ietf-oauth-spiffe-client-auth-01.txt is now available. It
is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: OAuth SPIFFE Client Authentication
Authors: Arndt Schwenkschuster
Pieter Kasselmann
Scott Rose
Stian Thorgersen
Name: draft-ietf-oauth-spiffe-client-auth-01.txt
Pages: 24
Dates: 2026-03-02
Abstract:
This specification profiles the Assertion Framework for OAuth 2.0
Client Authentication and Authorization Grants [RFC7521], the JWT
Profile for OAuth 2.0 Client Authentication and Authorization Grants
[RFC7523], and OAuth 2.0 Attestation-Based Client Authentication
[I-D.draft-ietf-oauth-attestation-based-client-auth] to enable the
use of SPIFFE Verifiable Identity Documents (SVIDs) as client
credentials in OAuth 2.0. It defines how OAuth clients with SPIFFE
credentials can authenticate to OAuth authorization servers using
their JWT-SVIDs, WIT-SVIDs, or X.509-SVIDs without the need for
client secrets. This approach enhances security by enabling seamless
integration between SPIFFE-enabled workloads and OAuth authorization
servers while eliminating the need to distribute and manage shared
secrets such as static client secrets.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-spiffe-client-auth-01.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-spiffe-client-auth-01
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
