[OAUTH-WG] RPC Security Standards Requirements Notes

2022-07-26 Thread Atul Tulshibagwale
Hi all, I spoke to a few people after the OAuth WG meeting on Monday, Jul 25, 2022. I took some notes, which I would like to share here in order to facilitate the discussion in the side meeting - My presentation from the IETF 114 OAuth WG Meeting is here

Re: [OAUTH-WG] [EXT] Re: MITRE Updated Token Chaining Profile for Multi ICAM Ecosystems

2022-07-26 Thread Warren Parad
I think it wouldn't be complicated, and the complicated part is the choreography that you have between the individual AS that isn't OAuth standard anyway. But we are in a world now where we have lots of implementations of distributed consensus solutions. Potentially taking inspiration from one of t

Re: [OAUTH-WG] [EXT] Re: MITRE Updated Token Chaining Profile for Multi ICAM Ecosystems

2022-07-26 Thread Dr. Kelley W Burgin
Warren, My initial thought was that this would be too complicated, but now I’m thinking that we could get what we want from profiling OAuth 2.0 Token Exchange for our use cases while adding in new requirements from OAuth 2.1. For those of you who have seen my “Token and Identity Chaining Betwee