OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
draft-ietf-oauth-pop-architecture-08

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: oauth@ietf.org, Kathleen.Moriarty.ietf@gmail.com, kepeng.lkp@alibaba-inc.com, "The IESG" <iesg@ietf.org>, draft-ietf-oauth-pop-architecture@ietf.org, oauth-chairs@ietf.org, rfc-editor@rfc-editor.org
Subject: Document Action: 'OAuth 2.0 Proof-of-Possession (PoP) Security Architecture' to Informational RFC (draft-ietf-oauth-pop-architecture-07.txt)

The IESG has approved the following document:
- 'OAuth 2.0 Proof-of-Possession (PoP) Security Architecture'
  (draft-ietf-oauth-pop-architecture-07.txt) as Informational RFC

This document is the product of the Web Authorization Protocol Working
Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/

Ballot Text

Technical Summary

   This document describes an architecture extending OAuth 2.0 security,
which is today based on the use of bearer tokens (defined in RFC 6750).
Some scenarios demand additional security protection whereby a client
needs to demonstrate possession of cryptographic keying material when
accessing a protected resource.  This document motivates the development
of the OAuth 2.0 proof-of-possession security mechanism.

This specification is an Informational RFC describing the architecture
and requirements.

Working Group Summary

The document was initially developed by a design team and then accepted
by the working group. There is strong consensus behind this work.

Document Quality

Implementations are planned for the follow up documents.
This is an architecture draft.

Personnel

The document shepherd is Kepeng Li. 
The responsible Area Director is Kathleen Moriarty.

RFC Editor Note