Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
draft-ietf-oauth-assertions-18

Revision differences

Document history

Date Rev. By Action
2018-12-20
18 (System)
Received changes through RFC Editor sync (changed abstract to 'This specification provides a framework for the use of assertions with OAuth 2.0 in the form ...
2015-10-14
18 (System) Notify list changed from oauth-chairs@ietf.org, draft-ietf-oauth-assertions@ietf.org to (None)
2015-05-19
18 (System) RFC published
2015-05-12
18 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2015-04-20
18 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2015-03-25
18 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2015-01-14
18 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2015-01-13
18 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2015-01-12
18 (System) IANA Action state changed to Waiting on Authors
2015-01-12
18 Amy Vezza IESG state changed to RFC Ed Queue from Approved-announcement sent
2015-01-12
18 (System) RFC Editor state changed to EDIT
2015-01-12
18 (System) Announcement was received by RFC Editor
2015-01-12
18 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2015-01-12
18 Amy Vezza IESG has approved the document
2015-01-12
18 Amy Vezza Closed "Approve" ballot
2015-01-12
18 Amy Vezza Ballot approval text was generated
2015-01-12
18 Amy Vezza Ballot writeup was changed
2015-01-12
18 Amy Vezza IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2014-11-28
18 Jean Mahoney Closed request for Last Call review by GENART with state 'No Response'
2014-11-11
18 Richard Barnes [Ballot Position Update] Position for Richard Barnes has been changed to No Objection from Discuss
2014-10-21
18 Stephen Farrell
[Ballot comment]

Thanks for adding the MTI algorithms to the saml and jwt docs
to clear the discuss I put on this one.

I didn't ...
2014-10-21
18 Stephen Farrell [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss
2014-10-21
18 (System) Sub state has been changed to AD Followup from Revised ID Needed
2014-10-21
18 Brian Campbell IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2014-10-21
18 Brian Campbell New version available: draft-ietf-oauth-assertions-18.txt
2014-10-16
17 Gunter Van de Velde Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Mehmet Ersue.
2014-10-16
17 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2014-10-16
17 Ted Lemon [Ballot comment]
Brian Campbell has explained what's going on sufficiently that I think my DISCUSS no longer applies.  Thanks, Brian!
2014-10-16
17 Ted Lemon [Ballot Position Update] Position for Ted Lemon has been changed to No Objection from Discuss
2014-10-16
17 Ted Lemon
[Ballot discuss]
This has probably already been considered and addressed by the working group, but coming into this as a neophyte it seems like a ...
2014-10-16
17 Ted Lemon [Ballot Position Update] New position, Discuss, has been recorded for Ted Lemon
2014-10-16
17 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2014-10-16
17 Stephen Farrell
[Ballot discuss]

Putting one discuss here rather than one on each of the other
docs. We can fix that as appropriate after we chat.  Where ...
2014-10-16
17 Stephen Farrell
[Ballot comment]

- general: What prevents/detects conflicts between the oauth
scope parameter and the saml or jwt equivalent?  Are there
other bits of replicated data ...
2014-10-16
17 Stephen Farrell [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell
2014-10-15
17 Richard Barnes
[Ballot discuss]
"The assertion MUST contain an Audience that identifies the Authorization Server as the intended audience.  Assertions that do not identify the Authorization Server ...
2014-10-15
17 Richard Barnes
[Ballot comment]
"keyed message digest" -> "Message Authentication Code"

That's the proper terminology [RFC4949], especially since there are MACs that are not based on digests. ...
2014-10-15
17 Richard Barnes [Ballot Position Update] New position, Discuss, has been recorded for Richard Barnes
2014-10-15
17 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2014-10-15
17 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2014-10-14
17 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2014-10-14
17 Barry Leiba
[Ballot comment]
Pete did a nice job on the 2119 key words, so I have nothing to add there.

-- Section 6.1 --

  The ...
2014-10-14
17 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2014-10-14
17 Pete Resnick
[Ballot comment]
3 -

  Assertions used in the protocol exchanges defined by this
  specification MUST always be protected against tampering using a
  ...
2014-10-14
17 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2014-10-13
17 Kathleen Moriarty Notification list changed to : oauth-chairs@tools.ietf.org, draft-ietf-oauth-assertions@tools.ietf.org, oauth@ietf.org
2014-10-13
17 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2014-10-13
17 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2014-10-13
17 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2014-10-09
17 Kathleen Moriarty Ballot has been issued
2014-10-09
17 Kathleen Moriarty Ballot writeup was changed
2014-10-09
17 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2014-10-06
17 Amy Vezza Created "Approve" ballot
2014-10-06
17 Amy Vezza Closed "Approve" ballot
2014-10-02
17 Kathleen Moriarty IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead
2014-10-02
17 Kathleen Moriarty Changed consensus to Yes from Unknown
2014-10-02
17 Kathleen Moriarty Telechat date has been changed to 2014-10-16 from 2013-02-07
2014-10-01
17 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Mehmet Ersue
2014-10-01
17 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Mehmet Ersue
2014-10-01
17 Gunter Van de Velde Assignment of request for Last Call review by OPSDIR to Stefan Winter was rejected
2014-09-29
17 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2014-09-24
17 Pearl Liang
IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-oauth-assertions-17.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon ...
2014-09-24
17 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2014-09-19
17 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Stefan Winter
2014-09-19
17 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Stefan Winter
2014-09-18
17 Jean Mahoney Request for Last Call review by GENART is assigned to Vijay Gurbani
2014-09-18
17 Jean Mahoney Request for Last Call review by GENART is assigned to Vijay Gurbani
2014-09-15
17 Amy Vezza IANA Review state changed to IANA - Review Needed
2014-09-15
17 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: <oauth@ietf.org>
Reply-To: ietf@ietf.org
Sender: <iesg-secretary@ietf.org>
Subject: Last Call: <draft-ietf-oauth-assertions-17.txt> ...
2014-09-15
17 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2014-09-15
17 Amy Vezza Last call announcement was changed
2014-09-12
17 Kathleen Moriarty Last call was requested
2014-09-12
17 Kathleen Moriarty IESG state changed to Last Call Requested from AD Evaluation
2014-09-12
17 Kathleen Moriarty Last call announcement was generated
2014-07-23
17 Brian Campbell New version available: draft-ietf-oauth-assertions-17.txt
2014-07-15
16 Kathleen Moriarty Ballot writeup was changed
2014-07-15
16 Kathleen Moriarty Last call announcement was generated
2014-07-15
16 Kathleen Moriarty IESG state changed to AD Evaluation from Publication Requested
2014-05-08
16 Hannes Tschofenig
Writeup for "Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants" <draft-ietf-oauth-assertions-16>

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet ...
2014-05-08
16 Hannes Tschofenig IETF WG state changed to Submitted to IESG for Publication from WG Document
2014-05-08
16 Hannes Tschofenig IESG state changed to Publication Requested from AD is watching
2014-05-08
16 Hannes Tschofenig
Writeup for "Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants" <draft-ietf-oauth-assertions-16>

(1) What type of RFC is being requested (BCP, Proposed Standard, Internet ...
2014-04-28
16 Brian Campbell New version available: draft-ietf-oauth-assertions-16.txt
2014-03-19
15 Michael Jones New version available: draft-ietf-oauth-assertions-15.txt
2014-03-05
14 Cindy Morgan Shepherding AD changed to Kathleen Moriarty
2014-01-31
14 Brian Campbell New version available: draft-ietf-oauth-assertions-14.txt
2013-12-09
13 Brian Campbell New version available: draft-ietf-oauth-assertions-13.txt
2013-07-14
12 Michael Jones New version available: draft-ietf-oauth-assertions-12.txt
2013-03-29
11 Brian Campbell New version available: draft-ietf-oauth-assertions-11.txt
2013-02-17
10 Stephen Farrell State changed to IESG Evaluation from Revised ID Needed
2013-02-07
10 Tero Kivinen Request for Telechat review by SECDIR Completed: Ready. Reviewer: Shawn Emery.
2013-02-07
10 Amy Vezza State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation
2013-02-07
10 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded for Ralph Droms
2013-02-07
10 Sean Turner
[Ballot discuss]
1) RFC6749 includes an incomplete list of components that are partially or fully undefined in its "Interoperability" section.  A similar section should be ...
2013-02-07
10 Sean Turner
[Ballot comment]
1) Completely agree with Barry's point #1.

2) s1: I think it'd help to define what an assertion is or just point to ...
2013-02-07
10 Sean Turner [Ballot Position Update] New position, Discuss, has been recorded for Sean Turner
2013-02-06
10 Wesley Eddy [Ballot Position Update] New position, No Objection, has been recorded for Wesley Eddy
2013-02-06
10 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2013-02-06
10 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo
2013-02-06
10 Pete Resnick
[Ballot comment]
4.2:

      When present, the "client_id" MUST
      identify the client to the authorization server.

I don't understand what ...
2013-02-06
10 Pete Resnick [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick
2013-02-05
10 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded for Robert Sparks
2013-02-04
10 Brian Haberman [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman
2013-02-04
10 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley
2013-02-04
10 Martin Stiemerling [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling
2013-02-04
10 Stephen Farrell Ballot writeup was changed
2013-02-03
10 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded for Ronald Bonica
2013-02-02
10 Barry Leiba
[Ballot discuss]
I very much approve of the assertions set going ahead.  I have a number of things I'd like to DISCUSS on this first: ...
2013-02-02
10 Barry Leiba
[Ballot comment]
And here are a bunch of non-blocking comments that I think will be useful.  Feel free to chat with me about these, as ...
2013-02-02
10 Barry Leiba [Ballot Position Update] New position, Discuss, has been recorded for Barry Leiba
2013-02-01
10 Vijay Gurbani Request for Telechat review by GENART Completed: Ready. Reviewer: Vijay Gurbani.
2013-01-31
10 Jean Mahoney Request for Telechat review by GENART is assigned to Vijay Gurbani
2013-01-31
10 Jean Mahoney Request for Telechat review by GENART is assigned to Vijay Gurbani
2013-01-29
10 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant
2013-01-25
10 Vijay Gurbani Request for Telechat review by GENART Completed: Ready. Reviewer: Vijay Gurbani.
2013-01-25
10 Tero Kivinen Request for Telechat review by SECDIR is assigned to Shawn Emery
2013-01-25
10 Tero Kivinen Request for Telechat review by SECDIR is assigned to Shawn Emery
2013-01-25
10 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel
2013-01-24
10 Stephen Farrell Removed telechat returning item indication
2013-01-19
10 Michael Jones New version available: draft-ietf-oauth-assertions-10.txt
2013-01-19
09 Stephen Farrell Telechat date has been changed to 2013-02-07 from 2013-01-24
2013-01-18
09 Stephen Farrell Ballot writeup was changed
2013-01-17
09 Jean Mahoney Request for Telechat review by GENART is assigned to Vijay Gurbani
2013-01-17
09 Jean Mahoney Request for Telechat review by GENART is assigned to Vijay Gurbani
2013-01-08
09 Stephen Farrell State changed to IESG Evaluation from Waiting for AD Go-Ahead
2013-01-08
09 Stephen Farrell Placed on agenda for telechat - 2013-01-24
2013-01-08
09 Stephen Farrell Ballot has been issued
2013-01-08
09 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2013-01-08
09 Stephen Farrell Created "Approve" ballot
2013-01-08
09 Stephen Farrell Ballot writeup was changed
2013-01-03
09 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Shawn Emery.
2012-12-28
09 Michael Jones New version available: draft-ietf-oauth-assertions-09.txt
2012-12-24
08 (System) State changed to Waiting for AD Go-Ahead from In Last Call
2012-12-20
08 Pearl Liang
IANA has reviewed draft-ietf-oauth-assertions-08 and has the following
comments:

IANA understands that, upon approval of this document, there is a single action which IANA must ...
2012-12-18
08 Vijay Gurbani Request for Last Call review by GENART Completed: Ready. Reviewer: Vijay Gurbani.
2012-12-13
08 Jean Mahoney Request for Last Call review by GENART is assigned to Vijay Gurbani
2012-12-13
08 Jean Mahoney Request for Last Call review by GENART is assigned to Vijay Gurbani
2012-12-13
08 Jean Mahoney Closed request for Last Call review by GENART with state 'Withdrawn'
2012-12-13
08 Jean Mahoney Request for Last Call review by GENART is assigned to Peter Yee
2012-12-13
08 Jean Mahoney Request for Last Call review by GENART is assigned to Peter Yee
2012-12-13
08 Tero Kivinen Request for Last Call review by SECDIR is assigned to Shawn Emery
2012-12-13
08 Tero Kivinen Request for Last Call review by SECDIR is assigned to Shawn Emery
2012-12-10
08 Cindy Morgan
The following Last Call announcement was sent out:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: <oauth@ietf.org>
Reply-To: ietf@ietf.org
Subject: Last Call: <draft-ietf-oauth-assertions-08.txt> (Assertion Framework ...
2012-12-10
08 Cindy Morgan State changed to In Last Call from Last Call Requested
2012-12-10
08 Stephen Farrell Last call was requested
2012-12-10
08 Stephen Farrell Ballot approval text was generated
2012-12-10
08 Stephen Farrell Ballot writeup was generated
2012-12-10
08 Stephen Farrell State changed to Last Call Requested from AD Evaluation
2012-12-10
08 Stephen Farrell Last call announcement was generated
2012-12-10
08 Stephen Farrell Last call announcement was generated
2012-12-10
08 Stephen Farrell State changed to AD Evaluation from Publication Requested
2012-12-03
08 Cindy Morgan
(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)? Why is
this the proper type of RFC? ...
2012-12-03
08 Cindy Morgan Note added 'Hannes Tschofenig (Hannes.Tschofenig@gmx.net) is the document shepherd.'
2012-12-03
08 Cindy Morgan Intended Status changed to Proposed Standard
2012-12-03
08 Cindy Morgan IESG process started in state Publication Requested
2012-11-26
08 Brian Campbell New version available: draft-ietf-oauth-assertions-08.txt
2012-11-07
07 Brian Campbell New version available: draft-ietf-oauth-assertions-07.txt
2012-09-14
06 Brian Campbell New version available: draft-ietf-oauth-assertions-06.txt
2012-09-10
05 Michael Jones New version available: draft-ietf-oauth-assertions-05.txt
2012-07-02
04 Brian Campbell New version available: draft-ietf-oauth-assertions-04.txt
2012-05-02
03 Brian Campbell New version available: draft-ietf-oauth-assertions-03.txt
2012-04-26
02 Brian Campbell New version available: draft-ietf-oauth-assertions-02.txt
2011-10-31
01 (System) New version available: draft-ietf-oauth-assertions-01.txt
2011-07-04
00 (System) New version available: draft-ietf-oauth-assertions-00.txt