[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-announce
Subject: Protocol Action: 'OAuth 2.0 Rich Authorization Requests' to Proposed Standard (draft-ietf-oauth-rar-
From: The IESG <iesg-secretary () ietf ! org>
Date: 2022-12-29 15:59:39
Message-ID: 167232997449.28771.5561039361935950835 () ietfa ! amsl ! com
[Download RAW message or body]
The IESG has approved the following document:
- 'OAuth 2.0 Rich Authorization Requests'
(draft-ietf-oauth-rar-22.txt) as Proposed Standard
This document is the product of the Web Authorization Protocol Working Group.
The IESG contact persons are Paul Wouters and Roman Danyliw.
A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-rar/
Technical Summary
The OAuth 2.0 authorization framework [RFC6749] defines the parameter
scope that allows OAuth clients to specify the requested scope, i.e.,
the permission, of an access token. This mechanism is sufficient to
implement static scenarios and coarse-grained authorization requests,
such as "give me read access to the resource owner's profile" but it
is not sufficient to specify fine-grained authorization requirements,
such as "please let me transfer an amount of 45 Euros to Merchant A"
or "please give me read access to folder A and write access to file
X".
This specification introduces a new parameter authorization_details
that allows clients to specify their fine-grained authorization
requirements using the expressiveness of JSON data structures.
Working Group Summary
There were no controversial discussions related to this document. A few key changes \
were made based on GENART review.
Document Quality
There are several implementations and deployments of this specification
available, such as - the Yes banking ecosystem (with ~1200 IDPs) uses RAR for
authorising payment initiation and qualified electronic signatures. - ConnectID
product implementation, see
https://connect2id.com/products/server/docs/datasheet#rar - Authlete supports
RAR since version 2.2 and it is confirmed that at least one of their customers
is operating a commercial service that utilizes RAR with CIBA as of April, 2022.
Additionally, other organizations use this specification as a foundation for
their work. For example: - The Cloud Signature Consortium included RAR as means
to authorise electronic signature to the v 2.0 of its API for remote signature
creation (https://cloudsignatureconsortium.org/resources/
<https://cloudsignatureconsortium.org/resources/>). - OpenID Foundation's FAPI
working group added RAR support to the FAPI 2 baseline profile
(https://openid.net/specs/fapi-2_0-baseline-01.html
<https://openid.net/specs/fapi-2_0-baseline-01.html>).
Personnel
Document Shepherd = Hannes Tschofenig
Responsible AD = Roman Danyliw
_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic