Hi, I've not participated much if at all in this WG, so let me introduce myself. I've authored or co-authored a number of RFCs, numerous I-Ds, and contributed to many WGs, but mainly I've focused on Kerberos. I happen to be a maintainer of an implementation of ASN.1, PKIX, and Kerberos.
I just submitted draft-williams-http-bearer-extension-00.txt (see forwarded message below). I'm not entirely familiar with all the works in progress in this WG, and I hope that my work is not duplicative of any of them, but I did research the state of the world somewhat before posting this I-D. Although the text is entirely my writing, and the ideas embodied are mine, I did use an LLM as a research assistant, FYI. Thus if I've missed anything and this is duplicative, it is my fault for being lazy and relying on an LLM to help me with that research. I also expect soon to submit I-Ds for various claims so the I-Ds can serve as specification for IANA registrations, though I might want to see those through to publication as RFCs even though that wouldn't be necessary for registration purposes. Nico -- ----- Forwarded message from [email protected] ----- Date: Wed, 03 Dec 2025 11:18:11 -0800 From: [email protected] To: Nico Williams <[email protected]> Subject: New Version Notification for draft-williams-http-bearer-extension-00.txt A new version of Internet-Draft draft-williams-http-bearer-extension-00.txt has been successfully submitted by Nico Williams and posted to the IETF repository. Name: draft-williams-http-bearer-extension Revision: 00 Title: HTTP Bearer Auth Method Extensions Date: 2025-12-03 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/archive/id/draft-williams-http-bearer-extension-00.txt Status: https://datatracker.ietf.org/doc/draft-williams-http-bearer-extension/ HTMLized: https://datatracker.ietf.org/doc/html/draft-williams-http-bearer-extension Abstract: This document specifies an improved HTTP 401 and 407 flow for Bearer authentication where user-agents (or client applications) can automatically fetch requested tokens from a Security Token Service (STS). A fallback to an OpenID Connect (OIDC) redirect flow is included. This improved 401/407 Bearer flow, when used, elides the need for Proof Key for Code Exchange (PKCE) and does not impose on application Universal Resource Identifier (URI) query parameter design. As well this extension allows for user-agent caching of tokens. The IETF Secretariat ----- End forwarded message ----- _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
