Resource Indicators for OAuth 2.0
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: email@example.com, The IESG <firstname.lastname@example.org>, Rifaat Shekh-Yusef <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Resource Indicators for OAuth 2.0' to Proposed Standard (draft-ietf-oauth-resource-indicators-07.txt) The IESG has approved the following document: - 'Resource Indicators for OAuth 2.0' (draft-ietf-oauth-resource-indicators-07.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/
Technical Summary An extension to the OAuth 2.0 Authorization Framework defining request parameters that enable a client to explicitly signal to an authorization server about the identity of the protected resource(s) to which it is requesting access. Working Group Summary The document adds new parameter for requests sent by a Client to an Authorization Server. The document received many reviews and feedback from multiple WG members on the mailing list and during the WG meetings. The document was updated to reflect a late review to make sure that the document makes it clear that the parameter might carry a location or an abstract identifier. Document Quality The document has been implemented by the following: * Ping has an implementation but with a different parameter name ("aud"): https://documentation.pingidentity.com/pingfederate/pf92/index.shtml#adminGuide/tokenEndpoint.html * Microsoft https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code * Auth0 has an implementation but with a different parameter name ("audience"): https://auth0.com/docs/api/authentication#authorize-application * Node.JS Open Source oidc-provider implements the draft in full https://github.com/panva/node-oidc-provider/blob/master/docs/configuration.md#featuresresourceindicators * ARM has an implementation as part of the Pelion Secure Device Access (SDA) product: https://cloud.mbed.com/docs/v1.2/device-management/secure-device-access.html Personnel The document shepherd is Rifaat Shekh-Yusef. The responsible Area Director is Roman Danyliw.