Unsurprisingly, as an author, I believe that the specification has addressed
the issues raised and is ready for publication.
Thanks,
-- Mike
-----Original Message-----
From: Rifaat Shekh-Yusef via Datatracker <[email protected]>
Sent: Monday, November 17, 2025 12:07 PM
To: [email protected]; [email protected]; [email protected]
Subject: WG Last Call: draft-ietf-oauth-rfc7523bis-03 (Ends 2025-12-01)
Subject: WG Last Call: draft-ietf-oauth-rfc7523bis-03 (Ends 2025-12-01)
This message starts a 2-week WG Last Call for this document.
Abstract:
This specification updates the requirements for audience values in
OAuth 2.0 Client Assertion Authentication and Assertion-based
Authorization Grants to address a security vulnerability identified
in the previous requirements for those audience values in multiple
OAuth 2.0 specifications.
File can be retrieved from:
https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc7523bis/
Please review and indicate your support or objection to proceed with the
publication of this document by replying to this email keeping [email protected]
in copy. Objections should be motivated and suggestions to resolve them are
highly appreciated.
Authors, and WG participants in general, are reminded again of the Intellectual
Property Rights (IPR) disclosure obligations described in BCP 79 [1].
Appropriate IPR disclosures required for full conformance with the provisions
of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. Sanctions
available for application to violators of IETF IPR Policy can be found at [3].
Thank you.
[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
