Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants (RFC7521)
Original Publication Date: 2015-May-01
Included in the Prior Art Database: 2015-May-20
Internet Society Requests For Comment (RFCs)
B. Campbell: AUTHOR [+4]
An assertion is a package of information that facilitates the sharing of identity and security information across security domains. Section 3 provides a more detailed description of the concept of an assertion for the purpose of this specification.
Internet Engineering Task Force (IETF) B. Campbell Request for Comments: 7521 Ping Identity Category: Standards Track C. Mortimore ISSN: 2070-1721 Salesforce M. Jones Y. Goland Microsoft May 2015
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
This specification provides a framework for the use of assertions with OAuth 2.0 in the form of a new client authentication mechanism and a new authorization grant type. Mechanisms are specified for transporting assertions during interactions with a token endpoint; general processing rules are also specified.
The intent of this specification is to provide a common framework for OAuth 2.0 to interwork with other identity systems using assertions and to provide alternative client authentication mechanisms.
Note that this specification only defines abstract message flows and processing rules. In order to be implementable, companion specifications are necessary to provide the corresponding concrete instantiations.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7521.
Campbell, et al. Standards Track [Page 1]
RFC 7521 OAuth Assertion Framework May 2015
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http:...