| < draft-ietf-oauth-resource-indicators-04.txt | draft-ietf-oauth-resource-indicators-05.txt > | |||
|---|---|---|---|---|
| OAuth Working Group B. Campbell | OAuth Working Group B. Campbell | |||
| Internet-Draft Ping Identity | Internet-Draft Ping Identity | |||
| Intended status: Standards Track J. Bradley | Intended status: Standards Track J. Bradley | |||
| Expires: January 22, 2020 Yubico | Expires: January 24, 2020 Yubico | |||
| H. Tschofenig | H. Tschofenig | |||
| Arm Limited | Arm Limited | |||
| July 21, 2019 | July 23, 2019 | |||
| Resource Indicators for OAuth 2.0 | Resource Indicators for OAuth 2.0 | |||
| draft-ietf-oauth-resource-indicators-04 | draft-ietf-oauth-resource-indicators-05 | |||
| Abstract | Abstract | |||
| An extension to the OAuth 2.0 Authorization Framework defining | An extension to the OAuth 2.0 Authorization Framework defining | |||
| request parameters that enable a client to explicitly signal to an | request parameters that enable a client to explicitly signal to an | |||
| authorization server about the identity of the protected resource(s) | authorization server about the identity of the protected resource(s) | |||
| to which it is requesting access. | to which it is requesting access. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 22, 2020. | This Internet-Draft will expire on January 24, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 5, line 48 ¶ | skipping to change at page 5, line 48 ¶ | |||
| resources the client is going to access on her behalf, to meet policy | resources the client is going to access on her behalf, to meet policy | |||
| decision (e.g. refuse the request due to unknown resources), and | decision (e.g. refuse the request due to unknown resources), and | |||
| determine the set of resources that can be used in subsequent access | determine the set of resources that can be used in subsequent access | |||
| token requests. | token requests. | |||
| If the authorization server fails to parse the provided value(s) or | If the authorization server fails to parse the provided value(s) or | |||
| does not consider the resource(s) acceptable, it should reject the | does not consider the resource(s) acceptable, it should reject the | |||
| request with an error response using the error code "invalid_target" | request with an error response using the error code "invalid_target" | |||
| as the value of the "error" parameter and can provide additional | as the value of the "error" parameter and can provide additional | |||
| information regarding the reasons for the error using the | information regarding the reasons for the error using the | |||
| "error_description" and/or "error_uri" parameters. | "error_description". | |||
| An example of an authorization request where the client tells the | An example of an authorization request where the client tells the | |||
| authorization server that it wants an access token for use at | authorization server that it wants an access token for use at | |||
| "https://api.example.com/app/" is shown in Figure 1 below (extra line | "https://api.example.com/app/" is shown in Figure 1 below (extra line | |||
| breaks and indentation are for display purposes only). | breaks and indentation are for display purposes only). | |||
| GET /as/authorization.oauth2?response_type=token | GET /as/authorization.oauth2?response_type=token | |||
| &client_id=example-client | &client_id=example-client | |||
| &state=XzZaJlcwYew1u0QBrRv_Gw | &state=XzZaJlcwYew1u0QBrRv_Gw | |||
| &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Eorg%2Fcb | &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Eorg%2Fcb | |||
| skipping to change at page 12, line 11 ¶ | skipping to change at page 12, line 11 ¶ | |||
| Vittorio Bertocci, Sergey Beryozkin, Roman Danyliw, William Denniss, | Vittorio Bertocci, Sergey Beryozkin, Roman Danyliw, William Denniss, | |||
| Vladimir Dzhuvinov, George Fletcher, Dick Hardt, Phil Hunt, Michael | Vladimir Dzhuvinov, George Fletcher, Dick Hardt, Phil Hunt, Michael | |||
| Jones, Torsten Lodderstedt, Anthony Nadalin, Justin Richer, Nat | Jones, Torsten Lodderstedt, Anthony Nadalin, Justin Richer, Nat | |||
| Sakimura, Rifaat Shekh-Yusef, Filip Skokan, and Hans Zandbelt. | Sakimura, Rifaat Shekh-Yusef, Filip Skokan, and Hans Zandbelt. | |||
| Appendix B. Document History | Appendix B. Document History | |||
| [[ to be removed by the RFC Editor before publication as an RFC ]] | [[ to be removed by the RFC Editor before publication as an RFC ]] | |||
| draft-ietf-oauth-resource-indicators-05 | ||||
| o Remove specific mention of error_uri, which is rarely (if ever) | ||||
| used and seems to only confuse things for readers of extensions | ||||
| like this one. | ||||
| draft-ietf-oauth-resource-indicators-04 | draft-ietf-oauth-resource-indicators-04 | |||
| o Editorial updates from AD review that were overlooked in -03. | o Editorial updates from AD review that were overlooked in -03. | |||
| draft-ietf-oauth-resource-indicators-03 | draft-ietf-oauth-resource-indicators-03 | |||
| o Editorial updates from AD review. | o Editorial updates from AD review. | |||
| o Update draft-ietf-oauth-jwsreq ref to -19. | o Update draft-ietf-oauth-jwsreq ref to -19. | |||
| o Update the IANA requests to say they update the registries. | o Update the IANA requests to say they update the registries. | |||
| skipping to change at page 12, line 44 ¶ | skipping to change at page 13, line 4 ¶ | |||
| functionality. | functionality. | |||
| o Allow the "resource" parameter value to have a query component | o Allow the "resource" parameter value to have a query component | |||
| (aligning with draft-ietf-oauth-token-exchange). | (aligning with draft-ietf-oauth-token-exchange). | |||
| o Moved the Security Considerations section to before the IANA | o Moved the Security Considerations section to before the IANA | |||
| Considerations. | Considerations. | |||
| o Other editorial updates. | o Other editorial updates. | |||
| o Rework the Acknowledgements section. | o Rework the Acknowledgements section. | |||
| o Use RFC 8174 boilerplate. | o Use RFC 8174 boilerplate. | |||
| draft-ietf-oauth-resource-indicators-00 | draft-ietf-oauth-resource-indicators-00 | |||
| o First version of the working group document. A replica of draft- | o First version of the working group document. A replica of draft- | |||
| campbell-oauth-resource-indicators-02. | campbell-oauth-resource-indicators-02. | |||
| draft-campbell-oauth-resource-indicators-02 | draft-campbell-oauth-resource-indicators-02 | |||
| o No changes. | o No changes. | |||
| draft-campbell-oauth-resource-indicators-01 | ||||
| o Move Hannes Tschofenig, who wrote https://tools.ietf.org/html/ | o Move Hannes Tschofenig, who wrote https://tools.ietf.org/html/ | |||
| draft-tschofenig-oauth-audience in '13, from Acknowledgements to | draft-tschofenig-oauth-audience in '13, from Acknowledgements to | |||
| Authors. | Authors. | |||
| o Added IANA Considerations to register the "resource" parameter and | o Added IANA Considerations to register the "resource" parameter and | |||
| "invalid_resource" error code. | "invalid_resource" error code. | |||
| draft-campbell-oauth-resource-indicators-00 | draft-campbell-oauth-resource-indicators-00 | |||
| o Initial draft to define a resource parameter for OAuth 2.0. | o Initial draft to define a resource parameter for OAuth 2.0. | |||
| End of changes. 8 change blocks. | ||||
| 6 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||