[OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : JSON Web Token (JWT) Author(s) : Michael B. Jones John Bradley

[OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-bearer-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : JSON Web Token (JWT) Bearer Token Profiles for OAuth 2.0 Author(s) : Michael B. Jones

[OAUTH-WG] JOSE and JWT specs updated for IETF 85 working group meetings

I’ve made a small set of updates to the JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT) specs in preparation for the JOSE and OAuth working group meetings at IETF 85. These updates incorporate resolutions to issues that have been discussed by the working groups since publ

[OAUTH-WG] I-D Action: draft-ietf-oauth-assertions-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : Assertion Framework for OAuth 2.0 Author(s) : Brian Campbell C

[OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-15.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 Author(s) : Brian Campbell

Re: [OAUTH-WG] Please review draft-ietf-oauth-json-web-token

Hannes - here a couple of comments on the 05 draft - (i) Section 4 - [quote] Note however, that the set of claims that a JWT must contain to be considered valid is context-dependent and is outside the scope of this specification. When used in a security-related context, implementations MUST und

Re: [OAUTH-WG] Review of Assertions drafts

Fixed that one in -15 of the SAML draft. Thanks for the review. FWIW, the requirement about only one client authentication mechanism being used actually comes from core OAuth at http://tools.ietf.org/html/rfc6749#section-2.3 and is worded pretty strongly there where it says, "The client MUST NOT u

Re: [OAUTH-WG] JOSE and JWT specs updated for IETF 85 working group meetings

On the heels of this, I've just published new versions of the "Assertion Framework for OAuth 2.0" and "SAML 2.0 Bearer Assertion Profiles for OAuth 2.0" that update references to the new RFCs and fix some typos recently identified by folks in the WG. The updated documents are available at: http://