OAuth 2.0 Token Exchange
draft-ietf-oauth-token-exchange-19

Revision differences

Document history

Date Rev. By Action
2019-09-11
19 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2019-07-25
19 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2019-07-25
19 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2019-07-24
19 (System) IANA Action state changed to Waiting on Authors from In Progress
2019-07-24
19 (System) IANA Action state changed to In Progress from Waiting on Authors
2019-07-24
19 (System) IANA Action state changed to Waiting on Authors
2019-07-22
19 (System) RFC Editor state changed to EDIT
2019-07-22
19 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2019-07-22
19 (System) Announcement was received by RFC Editor
2019-07-21
19 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2019-07-21
19 Cindy Morgan IESG has approved the document
2019-07-21
19 Cindy Morgan Closed "Approve" ballot
2019-07-21
19 Cindy Morgan Ballot writeup was changed
2019-07-21
19 Cindy Morgan Ballot approval text was generated
2019-07-21
19 Roman Danyliw IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2019-07-21
19 Brian Campbell New version available: draft-ietf-oauth-token-exchange-19.txt
2019-07-21
19 (System) New version approved
2019-07-21
19 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2019-07-21
19 Brian Campbell Uploaded new revision
2019-07-18
18 Roman Danyliw
[Ballot comment]
A few nits:

** Section 2 and 4.  Reference the figure numbers in the text  when introducing an example.

** Figure 6.  Invalid ...
2019-07-18
18 Roman Danyliw [Ballot Position Update] Position for Roman Danyliw has been changed to Yes from No Record
2019-07-18
18 Barry Leiba
[Ballot comment]
I have comments below, a couple of which might have been DISCUSS except that there have been enough eyes on this and enough ...
2019-07-18
18 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2019-07-17
18 Roman Danyliw
[Ballot comment]
(Incomplete Ballot)

A few nits:

** Section 2 and 4.  Reference the figure numbers in the text  when introducing an example.

** Figure ...
2019-07-17
18 Roman Danyliw Ballot comment text updated for Roman Danyliw
2019-07-08
18 Alissa Cooper [Ballot comment]
Thanks for addressing my DISCUSS and COMMENT. Apologies for the delay on my part.
2019-07-08
18 Alissa Cooper [Ballot Position Update] Position for Alissa Cooper has been changed to No Objection from Discuss
2019-07-06
18 Brian Campbell New version available: draft-ietf-oauth-token-exchange-18.txt
2019-07-06
18 (System) New version approved
2019-07-06
18 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2019-07-06
18 Brian Campbell Uploaded new revision
2019-07-05
17 Benjamin Kaduk
[Ballot comment]
I'm balloting Yes; this document is solid and well-written.  I do have a
few additional (largely editorial) suggestions and a question or two, ...
2019-07-05
17 Benjamin Kaduk [Ballot Position Update] Position for Benjamin Kaduk has been changed to Yes from Discuss
2019-07-05
17 Adam Roach [Ballot comment]
Thanks for addressing my discuss and comment points.
2019-07-05
17 Adam Roach [Ballot Position Update] Position for Adam Roach has been changed to No Objection from Discuss
2019-07-05
17 (System) Sub state has been changed to AD Followup from Revised ID Needed
2019-07-05
17 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2019-07-05
17 Brian Campbell New version available: draft-ietf-oauth-token-exchange-17.txt
2019-07-05
17 (System) New version approved
2019-07-05
17 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2019-07-05
17 Brian Campbell Uploaded new revision
2019-06-24
16 Benjamin Kaduk
[Ballot discuss]
[early allocations have been approved]

why do we allow both client authentication (i.e., using an
actor token) and a distinct actor_token request parameter?  ...
2019-06-24
16 Benjamin Kaduk Ballot discuss text updated for Benjamin Kaduk
2019-03-27
16 Cindy Morgan Shepherding AD changed to Roman Danyliw
2018-12-24
16 Eric Rescorla Awaiting new draft.
2018-11-30
16 Sabrina Tanamal IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2018-11-24
16 Cindy Morgan Changed consensus to Yes from Unknown
2018-11-21
16 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2018-11-21
16 Benjamin Kaduk
[Ballot discuss]
It looks like allocations in the OAuth URIs registry are merely
"Specification Required", so we should not have the expectation of WG
exclusivity ...
2018-11-21
16 Benjamin Kaduk
[Ballot comment]
The document could perhaps benefit from greater clarity as to whether
"security token"s refer to inputs, outputs, or both, of the token
endpoint ...
2018-11-21
16 Benjamin Kaduk [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk
2018-11-21
16 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2018-11-20
16 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2018-11-20
16 Adam Roach
[Ballot discuss]
Thanks to everyone who worked on this document. I have a blocking issue that
should be easy to resolve, and a handful of ...
2018-11-20
16 Adam Roach
[Ballot comment]
Abstract:

>  This specification defines a protocol for an HTTP- and JSON- based

Nit: "...JSON-based..."

---------------------------------------------------------------------------

§1.1:

>  impersonates principal B, then in ...
2018-11-20
16 Adam Roach [Ballot Position Update] New position, Discuss, has been recorded for Adam Roach
2018-11-20
16 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2018-11-20
16 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2018-11-20
16 Alissa Cooper [Ballot discuss]
Section 6: The requirements around confidentiality here are weaker than in both RFC 7519 Sec. 12 and RFC 6749 Sec. 10.8. Why?
2018-11-20
16 Alissa Cooper
[Ballot comment]
Section 3:

If I understand this correctly:

"The distinction between an access token and a JWT is subtle."

I think it would be ...
2018-11-20
16 Alissa Cooper [Ballot Position Update] New position, Discuss, has been recorded for Alissa Cooper
2018-11-20
16 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2018-11-19
16 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2018-11-19
16 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2018-11-19
16 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov
2018-11-08
16 (System) IANA Review state changed to IANA - Not OK from Version Changed - Review Needed
2018-11-04
16 Eric Rescorla IESG state changed to IESG Evaluation from Waiting for Writeup
2018-11-04
16 Eric Rescorla Ballot has been issued
2018-11-04
16 Eric Rescorla [Ballot Position Update] New position, Yes, has been recorded for Eric Rescorla
2018-11-04
16 Eric Rescorla Created "Approve" ballot
2018-11-04
16 Eric Rescorla Ballot writeup was changed
2018-11-04
16 Cindy Morgan Placed on agenda for telechat - 2018-11-21
2018-10-19
16 Brian Campbell New version available: draft-ietf-oauth-token-exchange-16.txt
2018-10-19
16 (System) New version approved
2018-10-19
16 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2018-10-19
16 Brian Campbell Uploaded new revision
2018-09-10
15 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2018-09-10
15 Brian Campbell New version available: draft-ietf-oauth-token-exchange-15.txt
2018-09-10
15 (System) New version approved
2018-09-10
15 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2018-09-10
15 Brian Campbell Uploaded new revision
2018-08-09
14 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Hilarie Orman.
2018-08-06
14 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2018-08-06
14 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-oauth-token-exchange-14. If any part of this review is inaccurate, please let us ...
2018-08-06
14 (System) IESG state changed to Waiting for Writeup from In Last Call
2018-08-03
14 Jari Arkko Request for Last Call review by GENART Completed: Ready. Reviewer: Jari Arkko. Sent review to list.
2018-08-02
14 Tero Kivinen Request for Last Call review by SECDIR is assigned to Hilarie Orman
2018-08-02
14 Tero Kivinen Request for Last Call review by SECDIR is assigned to Hilarie Orman
2018-07-31
14 Zitao Wang Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Zitao Wang. Sent review to list.
2018-07-31
14 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Zitao Wang
2018-07-31
14 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Zitao Wang
2018-07-26
14 Jean Mahoney Request for Last Call review by GENART is assigned to Jari Arkko
2018-07-26
14 Jean Mahoney Request for Last Call review by GENART is assigned to Jari Arkko
2018-07-23
14 Amy Vezza IANA Review state changed to IANA - Review Needed
2018-07-23
14 Amy Vezza
The following Last Call announcement was sent out (ends 2018-08-06):

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: ekr@rtfm.com, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, draft-ietf-oauth-token-exchange@ietf.org, rifaat.ietf@gmail.com, oauth@ietf.org, ...
2018-07-23
14 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2018-07-23
14 Amy Vezza Last call announcement was changed
2018-07-22
14 Eric Rescorla Last call was requested
2018-07-22
14 Eric Rescorla Last call announcement was generated
2018-07-22
14 Eric Rescorla Ballot approval text was generated
2018-07-22
14 Eric Rescorla Ballot writeup was generated
2018-07-22
14 Eric Rescorla IESG state changed to Last Call Requested from AD Evaluation::Point Raised - writeup needed
2018-06-04
14 Brian Campbell New version available: draft-ietf-oauth-token-exchange-14.txt
2018-06-04
14 (System) New version approved
2018-06-04
14 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2018-06-04
14 Brian Campbell Uploaded new revision
2018-05-29
13 Eric Rescorla Emailed list with comments.
2018-04-23
13 Brian Campbell New version available: draft-ietf-oauth-token-exchange-13.txt
2018-04-23
13 (System) New version approved
2018-04-23
13 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2018-04-23
13 Brian Campbell Uploaded new revision
2018-04-13
12 Eric Rescorla IESG state changed to AD Evaluation::Point Raised - writeup needed from AD Evaluation::AD Followup
2018-04-13
12 Eric Rescorla Comments to WG on 2018-04-13
2018-01-30
12 Brian Campbell New version available: draft-ietf-oauth-token-exchange-12.txt
2018-01-30
12 (System) New version approved
2018-01-30
12 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2018-01-30
12 Brian Campbell Uploaded new revision
2018-01-19
11 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-01-19
11 Brian Campbell New version available: draft-ietf-oauth-token-exchange-11.txt
2018-01-19
11 (System) New version approved
2018-01-19
11 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2018-01-19
11 Brian Campbell Uploaded new revision
2017-12-29
10 Eric Rescorla IESG state changed to AD Evaluation::Revised I-D Needed from Publication Requested
2017-12-14
10 Rifaat Shekh-Yusef
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard,
Informational, Experimental, or Historic)? Why is this the proper type of RFC? ...
2017-12-14
10 Rifaat Shekh-Yusef Responsible AD changed to Eric Rescorla
2017-12-14
10 Rifaat Shekh-Yusef IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2017-12-14
10 Rifaat Shekh-Yusef IESG state changed to Publication Requested
2017-12-14
10 Rifaat Shekh-Yusef IESG process started in state Publication Requested
2017-12-14
10 Rifaat Shekh-Yusef Changed document writeup
2017-11-30
10 Michael Jones New version available: draft-ietf-oauth-token-exchange-10.txt
2017-11-30
10 (System) New version approved
2017-11-30
10 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, John Bradley <ve7jtb@ve7jtb.com>, Michael Jones <mbj@microsoft.com>
2017-11-30
10 Michael Jones Uploaded new revision
2017-10-20
09 Rifaat Shekh-Yusef IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2017-07-03
09 Brian Campbell New version available: draft-ietf-oauth-token-exchange-09.txt
2017-07-03
09 (System) New version approved
2017-07-03
09 (System) Request for posting confirmation emailed to previous authors: Brian Campbell <brian.d.campbell@gmail.com>, Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, Michael Jones <mbj@microsoft.com>, John Bradley <ve7jtb@ve7jtb.com>
2017-07-03
09 Brian Campbell Uploaded new revision
2017-06-05
08 Rifaat Shekh-Yusef IETF WG state changed to In WG Last Call from WG Document
2017-06-02
08 Brian Campbell New version available: draft-ietf-oauth-token-exchange-08.txt
2017-06-02
08 (System) New version approved
2017-06-02
08 (System) Request for posting confirmation emailed to previous authors: Anthony Nadalin <tonynad@microsoft.com>, Chuck Mortimore <cmortimore@salesforce.com>, Michael Jones <mbj@microsoft.com>, John Bradley <ve7jtb@ve7jtb.com>, Brian Campbell <brian.d.campbell@gmail.com>, oauth-chairs@ietf.org
2017-06-02
08 Brian Campbell Uploaded new revision
2017-04-10
07 Hannes Tschofenig Notification list changed to "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> from "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
2017-04-10
07 Hannes Tschofenig Document shepherd changed to Rifaat Shekh-Yusef
2017-01-11
07 Brian Campbell New version available: draft-ietf-oauth-token-exchange-07.txt
2017-01-11
07 (System) New version approved
2017-01-11
07 (System) Request for posting confirmation emailed to previous authors: "Brian Campbell" <brian.d.campbell@gmail.com>, "Anthony Nadalin" <tonynad@microsoft.com>, "Chuck Mortimore" <cmortimore@salesforce.com>, "John Bradley" <ve7jtb@ve7jtb.com>, "Michael Jones" <mbj@microsoft.com>, oauth-chairs@ietf.org
2017-01-11
07 Brian Campbell Uploaded new revision
2016-11-22
06 Hannes Tschofenig Added to session: IETF-97: oauth  Mon-0930
2016-10-28
06 Brian Campbell New version available: draft-ietf-oauth-token-exchange-06.txt
2016-10-28
06 (System) New version approved
2016-10-28
05 (System) Request for posting confirmation emailed to previous authors: "Brian Campbell" <brian.d.campbell@gmail.com>, "Anthony Nadalin" <tonynad@microsoft.com>, "Chuck Mortimore" <cmortimore@salesforce.com>, "John Bradley" <ve7jtb@ve7jtb.com>, "Michael Jones" <mbj@microsoft.com>, oauth-chairs@ietf.org
2016-10-28
05 Brian Campbell Uploaded new revision
2016-07-08
05 Brian Campbell New version available: draft-ietf-oauth-token-exchange-05.txt
2016-03-04
04 Brian Campbell New version available: draft-ietf-oauth-token-exchange-04.txt
2015-12-15
03 Hannes Tschofenig This document now replaces draft-jones-oauth-token-exchange, draft-campbell-oauth-sts instead of draft-jones-oauth-token-exchange
2015-12-13
03 Michael Jones New version available: draft-ietf-oauth-token-exchange-03.txt
2015-11-02
02 Hannes Tschofenig Intended Status changed to Proposed Standard from None
2015-11-02
02 Hannes Tschofenig Notification list changed to "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
2015-11-02
02 Hannes Tschofenig Document shepherd changed to Hannes Tschofenig
2015-07-06
02 Michael Jones New version available: draft-ietf-oauth-token-exchange-02.txt
2015-02-23
01 Michael Jones New version available: draft-ietf-oauth-token-exchange-01.txt
2014-08-25
00 Hannes Tschofenig Decision was made in July/August
2014-08-25
00 Hannes Tschofenig This document now replaces draft-jones-oauth-token-exchange instead of None
2014-08-21
00 Michael Jones New version available: draft-ietf-oauth-token-exchange-00.txt