+1 to adding a note. Much like RAR allows, I like my specs verbose and explicit.
On Mon, 8 Dec 2025 at 11:13, Frederik Krogsdal Jacobsen < [email protected]> wrote: > +1 to the overall proposal and Brian's suggestion. > I think it's always beneficial to explicitly call out such things, if > nothing else just to note that there are no particular complications when > combining the specs. > > Cheers, > Frederik > > On Sun, 7 Dec 2025 at 22:59, Lombardo, Jeff <jeffsec= > [email protected]> wrote: > >> +1 on the proposal >> >> >> >> *Jean-François “Jeff” Lombardo* | Amazon Web Services >> >> >> >> Architecte Principal de Solutions, Spécialiste de Sécurité >> Principal Solution Architect, Security Specialist >> Montréal, Canada >> >> *Commentaires à propos de notre échange? **Exprimez-vous **ici* >> <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> >> *.* >> >> >> >> *Thoughts on our interaction? Provide feedback **here* >> <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$> >> *.* >> >> >> >> *From:* Karl McGuinness <[email protected]> >> *Sent:* December 5, 2025 12:12 PM >> *To:* Brian Campbell <[email protected]> >> *Cc:* Aaron Parecki <[email protected]>; Judith Kahrer >> <[email protected]>; oauth <[email protected]> >> *Subject:* [EXT] [OAUTH-WG] Re: Identity Assertion JWT Authorization >> Grant - RAR >> >> >> >> *CAUTION*: This email originated from outside of the organization. Do >> not click links or open attachments unless you can confirm the sender and >> know the content is safe. >> >> >> >> *AVERTISSEMENT*: Ce courrier électronique provient d’un expéditeur >> externe. Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe si vous >> ne pouvez pas confirmer l’identité de l’expéditeur et si vous n’êtes pas >> certain que le contenu ne présente aucun risque. >> >> >> >> +1 >> >> >> >> I think it helps connect the dots for folks that don't have all the specs >> paged into context. I was going to add a non-normative example in a future >> update as I already have been asked this a few times. I can open a Github >> issue to track. >> >> >> >> -Karl >> >> >> >> On Fri, Dec 5, 2025 at 8:52 AM Brian Campbell <bcampbell= >> [email protected]> wrote: >> >> Agree with Aaron's perspective here. But it might be useful to have a >> small note saying as much. I wonder if we should also consider >> describe/define using the authorization_details claim in the ID-JAG similar >> to scope? >> >> >> >> On Fri, Dec 5, 2025 at 9:24 AM Aaron Parecki <aaron= >> [email protected]> wrote: >> >> Yes, RAR can definitely be layered onto this flow. Section 3 of RAR says >> "The authorization_details authorization request parameter can be used to >> specify authorization requirements in all places where the scope parameter >> is used for the same purpose" >> https://datatracker.ietf.org/doc/html/rfc9396#section-3 >> >> >> >> It's not strictly necessary to list authorization_details as a supported >> parameter in the Token Exchange request and in the ID-JAG claims in order >> to use it in those places, as they are already extensible. However if you >> think it would be helpful to have an explicit pointer to RAR I can >> definitely add it. >> >> >> >> Aaron >> >> >> >> >> >> On Fri, Dec 5, 2025 at 12:26 AM Judith Kahrer <judith.kahrer= >> [email protected]> wrote: >> >> Hi, >> >> >> >> I have another thought about processing the ID-JAG... The ID-JAG is a >> grant. As such, shouldn't it support RAR (RFC 9396 >> <https://datatracker.ietf.org/doc/html/rfc9396#name-authorization-request> >> )? >> For example, add authorization_details as an optional claim in the list >> of claims in section 3 and as a parameter to the relevant request and >> responses. >> >> Best regards, >> Judith >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> >> *CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly prohibited. >> If you have received this communication in error, please notify the sender >> immediately by e-mail and delete the message and any file attachments from >> your computer. Thank you.*_______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
