Resource Indicators for OAuth 2.0
draft-ietf-oauth-resource-indicators-08
Approval announcement
Draft of message to be sent after approval:
Announcement
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: rdd@cert.org, The IESG <iesg@ietf.org>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>, rifaat.ietf@gmail.com, oauth@ietf.org, draft-ietf-oauth-resource-indicators@ietf.org, oauth-chairs@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Resource Indicators for OAuth 2.0' to Proposed Standard (draft-ietf-oauth-resource-indicators-07.txt)
The IESG has approved the following document:
- 'Resource Indicators for OAuth 2.0'
(draft-ietf-oauth-resource-indicators-07.txt) as Proposed Standard
This document is the product of the Web Authorization Protocol Working Group.
The IESG contact persons are Benjamin Kaduk and Roman Danyliw.
A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/
Ballot Text
Technical Summary
An extension to the OAuth 2.0 Authorization Framework defining
request parameters that enable a client to explicitly signal to an
authorization server about the identity of the protected resource(s)
to which it is requesting access.
Working Group Summary
The document adds new parameter for requests sent by a Client to an
Authorization Server.
The document received many reviews and feedback from multiple WG members on the
mailing list and during the WG meetings.
The document was updated to reflect a late review to make sure that the document
makes it clear that the parameter might carry a location or an abstract identifier.
Document Quality
The document has been implemented by the following:
* Ping has an implementation but with a different parameter name ("aud"):
https://documentation.pingidentity.com/pingfederate/pf92/index.shtml#adminGuide/tokenEndpoint.html
* Microsoft
https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
* Auth0 has an implementation but with a different parameter name ("audience"):
https://auth0.com/docs/api/authentication#authorize-application
* Node.JS Open Source oidc-provider implements the draft in full
https://github.com/panva/node-oidc-provider/blob/master/docs/configuration.md#featuresresourceindicators
* ARM has an implementation as part of the Pelion Secure Device Access (SDA) product:
https://cloud.mbed.com/docs/v1.2/device-management/secure-device-access.html
Personnel
The document shepherd is Rifaat Shekh-Yusef.
The responsible Area Director is Roman Danyliw.
RFC Editor Note