Hi all,
Here is the updated Transaction Tokens draft, which is on the agenda for
Prague. In the new draft, we have incorporated the feedback received in
IETF 117, as well as removed the "Nested Transaction Tokens" part. Salient
points are:
1. Transaction Tokens now have separate claims for:
- Requester context, with defined optional fields within it.
- Purpose
- Authorization details
2. There is now an audience claim, whose value is the trust domain of
the Transaction Token
3. Removed nesting and as a result the draft no longer depends on the
jWT Embedded Tokens draft.
https://datatracker.ietf.org/doc/draft-tulshibagwale-oauth-transaction-tokens/05/
Looking forward to discussing this in Prague,
Atul
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
