[Openid-specs-igov] iGov OAuth 2.0 profile WGLC result and next steps

Aaron Parecki aaron.parecki at okta.com
Sat Feb 8 00:15:20 UTC 2025 

Thanks for the summary Tom!

Just to clarify on the second question, the iGov profile currently defines
its own JWT profile for access tokens. The question is whether to adopt
RFC9068 JWT Profile for Access Tokens, or keep the current definition of
JWT access tokens in the iGov profile which is ever so slightly different
from the access token claims in RFC9068.

Aaron Parecki

Director of Identity Standards

aaron.parecki at okta.com




On Fri, Feb 7, 2025 at 4:09 PM Tom Clancy via Openid-specs-igov <
openid-specs-igov at lists.openid.net> wrote:

> *This message originated outside your organization.*
>
> ------------------------------
>
> Dear WG Members, the editors agree the iGov OAuth 2.0 profile v 05 is not
> yet ready for advancing in the approval process.
>
>
>
> - Aaron’s substantial feedback in listserv archive: [Openid-specs-igov]
> Action required: WGLC - Seeking WG consensus on iGov OAuth 2.0 profile
> readiness to begin Implementers Draft review process
> <https://lists.openid.net/pipermail/openid-specs-igov/Week-of-Mon-20250203/000336.html>
>
>
>
> - Ongoing resolution of Aaron’s comments, where straightforward, is
> ongoing in this branch  openid / igov / Branch WGLC-aaron-1 — Bitbucket
> <https://bitbucket.org/openid/igov/branch/WGLC-aaron-1> Once complete,
> the editors will generate a single PR for those corrections.
>
>
>
> - Two items of feedback appear to the editors to indicate a more
> substantial shift in the profile is required. Although shifting would
> modernize iGov and improve alignment with FAPI, the editors want to be
> sensitive to potential impacts to stakeholders. Each question has an issue
> to gather WG input:
>
>
>
>                 - Should we replace Full Client, Native Client, and Direct
> Access Client types with “public clients” and “confidential clients”?
>
>                 openid / igov / issues / #56 - [iGov-OAuth] Replace
> "Full", "Native", and "Direct Client" types with "Confidential" and "Public
> client" — Bitbucket
> <https://bitbucket.org/openid/igov/issues/56/igov-oauth-replace-full-native-and-direct>
>
>
>
>                 - Should we adopt RFC 9068 JSON Web Token (JWT) Profile
> for OAuth 2.0 Access Tokens and eliminate “bearer tokens” as currently
> defined in the profile?
>
>                 openid / igov / issues / #57 - [iGov-OAuth] Eliminate
> "bearer tokens" in favor of RFC 9068 JSON Web Token (JWT) Profile for OAuth
> 2.0 Access Tokens — Bitbucket
> <https://bitbucket.org/openid/igov/issues/57/igov-oauth-eliminate-bearer-tokens-in>
>
>
>
> - Following resolution of these items and publishing a new editors’ draft
> (06), the editors intend to send another WGLC message.
>
>
>
> Thank you!
>
> Kelley Burgin and Tom Clancy, editors
>
>
> _______________________________________________
> Openid-specs-igov mailing list
> Openid-specs-igov at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-igov
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-igov/attachments/20250207/09aed999/attachment.htm>

More information about the Openid-specs-igov mailing list