Following up from the discussion in Montreal, we’ve created the non-working-group mailing list TXAuth to start discussion of transactional authorization work. Please join the list here:
https://www.ietf.org/mailman/listinfo/txauth We’ve also proposed a BoF for Singapore. The details of the agenda are still being discussed, and the description follows: The OAuth protocol and its extensions have provided a powerful set of security capabilities for the internet over the last decade. A transactional model for collecting user consent, describing authorization requests, and delegating authority to another party could provide additional flexibility and power in ways that extending the existing OAuth 2.0 framework does not allow. Additionally, OAuth 2’s many extensions provide point solutions to similar problems that could be better addressed by a unified underlying design. The goal of this BoF is to discuss the additional needs in delegated authorization protocols, gauge the current thinking on how to address them, and to examine how some current and proposed efforts approach such problems. The goal of this BoF is not to discuss how to extend the OAuth 2 protocol itself. We’ll be talking about use cases that are driving extensions and OAuth-adjacent work, and how this transactional model differs from the OAuth model we’ve all gotten used to. I’ll be presenting the current state of XYZ, but this isn’t just a meeting to adopt XYZ as a solution, and I invite others to present their related work. From this meeting we should have a good sense of where we want to go with this kind of work in the future, including whether this is new work in the OAuth WG or if we should be starting a new WG. I hope to see you all on the new list and in the room for the BoF! — Justin
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
