<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:12.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:12.0pt;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">All,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">MITRE, in support of the U.S. Government, has developed tailored OAuth 2.0 Token Exchange profiles for use in an enterprise environment. These documents build on the
<a href="https://www.mitre.org/publications/technical-papers/enterprise-mission-tailored-oauth-20-and-openid-connect-profiles">
OAuth 2.0 profile</a> MITRE released whose requirements have been incorporated into OAuth 2.1. The documents enable “identity chaining” by ensuring that the identities of the user, client, and protected resources are propagated in the issued access tokens to
 make appropriate access decisions. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><a href="https://www.mitre.org/publications/technical-papers/token-and-identity-chaining-between-protected-resources-in-a-single-icam-ecosystem-using-oauth-token-exchange" title="https://www.mitre.org/publications/technical-papers/token-and-identity-chaining-between-protected-resources-in-a-single-icam-ecosystem-using-oauth-token-exchange"><span style="color:#0563C1">Token
 and Identity Chaining between Protected Resources in a Single ICAM Ecosytem using OAuth Token Exchange</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"><a href="https://www.mitre.org/publications/technical-papers/token-and-identity-chaining-between-protected-resources-in-a-multiple-icam-ecosystem-using-oauth-token-exchange" title="https://www.mitre.org/publications/technical-papers/token-and-identity-chaining-between-protected-resources-in-a-multiple-icam-ecosystem-using-oauth-token-exchange"><span style="color:#0563C1">Token
 and Identity Chaining between Protected Resources in a Multiple ICAM Ecosytem using OAuth Token Exchange</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Please note, we will be working with the standards bodies to move these concepts forward. These current profiles and this email should be considered as informational as we seek additional feedback from Subject
 Matter Experts throughout the Community. We welcome your comments and suggestions at OAuthOIDCProfiles@groups.mitre.org .<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Kelley<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">_________________________<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Kelley Burgin, Ph.D.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Cybersecurity Engineer<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The MITRE Corporation<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">(571) 424 - 8642</span><o:p></o:p></p>
</div>
</body>
</html>