[OAUTH-WG] Protocol Action: 'JWT Response for OAuth Token Introspection' to Proposed Standard (draft-ietf-oauth-jwt-introspection-response-12.txt)

2021-09-06 Thread The IESG
The IESG has approved the following document: - 'JWT Response for OAuth Token Introspection' (draft-ietf-oauth-jwt-introspection-response-12.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Benjamin Kaduk and Ro

[OAUTH-WG] No OAuth WG Virtual Office Hours today

2021-09-06 Thread Hannes Tschofenig
Hi all, Due to the holiday in the US and in Canada we are skipping the call today. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not di

Re: [OAUTH-WG] RAR 05 - Token response with sensitive data in draft-ietf-oauth-rar-05

2021-09-06 Thread Jacob Ideskog
Thank you Torsten, that's a good addition, it helps to have that clarified. BR Jacob Den mån 6 sep. 2021 kl 16:05 skrev Torsten Lodderstedt < tors...@lodderstedt.net>: > Hi Jacob, > > and here is the PR https://github.com/oauthstuff/draft-oauth-rar/pull/79 for > review. > > Thanks for the propos

Re: [OAUTH-WG] RAR 05 - Token response with sensitive data in draft-ietf-oauth-rar-05

2021-09-06 Thread Torsten Lodderstedt
Hi Jacob, and here is the PR https://github.com/oauthstuff/draft-oauth-rar/pull/79 for review. Thanks for the proposed text. I modified it a bit because I think the AS should only omit data (not mask) and data can be provided even if con

Re: [OAUTH-WG] Doc Shepherd Review - OAuth 2.0 Authorization Server Issuer Identification

2021-09-06 Thread Karsten Meyer zu Selhausen
Hi Rifaat, thank you for the shepherd's review. Those are valid comments. We will have a second look on this paragraph. Best regards, Karsten On 04.09.2021 16:20, Rifaat Shekh-Yusef wrote: Hi Karsten, Daniel, As the document shepherd, I have reviewed the document and I have the following co

Re: [OAUTH-WG] RAR 05 - Token response with sensitive data in draft-ietf-oauth-rar-05

2021-09-06 Thread Jacob Ideskog
Yes, privacy considerations could be more explicit about this. It should probably explicitly mention the token response and the Client. I also suggest clarifying in 7 or 7.1 that the token response MAY be less explicit or even different than the authorization details issued in the tokens. This is