<div dir="ltr"><div>Thanks for the summary Tom!</div><div><br></div><div>Just to clarify on the second question, the iGov profile currently defines its own JWT profile for access tokens. The question is whether to adopt RFC9068 JWT Profile for Access Tokens, or keep the current definition of JWT access tokens in the iGov profile which is ever so slightly different from the access token claims in RFC9068.</div><div><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">
<div>
<div></div>
<div dir="ltr" style="color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif">
<div dir="ltr" style="color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif">
<p style="font-size:12pt;margin-top:0px;margin-bottom:0px"></p>
<p style="margin:0px;font-family:Calibri,Arial,Helvetica,sans-serif;font-weight:bold;padding:0px;line-height:14pt">
Aaron Parecki</p>
<p style="margin:0px;font-family:Calibri,Arial,Helvetica,sans-serif;padding:0px;line-height:14pt">Director of Identity Standards</p>
<p style="margin:0px;font-family:Calibri,Arial,Helvetica,sans-serif;padding:0px;line-height:14pt">
<a href="mailto:aaron.parecki@okta.com" target="_blank">aaron.parecki@okta.com</a></p>
<div style="font-family:Times"><span></span><span></span><br></div>
</div>
<div dir="ltr" style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif">
<br>
</div>
</div>
</div>
</div></div></div><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Feb 7, 2025 at 4:09 PM Tom Clancy via Openid-specs-igov <<a href="mailto:openid-specs-igov@lists.openid.net">openid-specs-igov@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1382176761077577158"><div lang="EN-US" style="overflow-wrap: break-word;">
<div>
<p><strong>This message originated outside your organization.</strong></p><br>
<hr><br>
</div><div class="m_-1382176761077577158WordSection1"><p class="MsoNormal">Dear WG Members, the editors agree the iGov OAuth 2.0 profile v 05 is not yet ready for advancing in the approval process. <u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">- Aaron’s substantial feedback in listserv archive: <a href="https://lists.openid.net/pipermail/openid-specs-igov/Week-of-Mon-20250203/000336.html" target="_blank">[Openid-specs-igov] Action required: WGLC - Seeking WG consensus on iGov OAuth 2.0 profile readiness to begin Implementers Draft review process</a><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">- Ongoing resolution of Aaron’s comments, where straightforward, is ongoing in this branch <a href="https://bitbucket.org/openid/igov/branch/WGLC-aaron-1" target="_blank">openid / igov / Branch WGLC-aaron-1 — Bitbucket</a> Once complete, the editors will generate a single PR for those corrections.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">- Two items of feedback appear to the editors to indicate a more substantial shift in the profile is required. Although shifting would modernize iGov and improve alignment with FAPI, the editors want to be sensitive to potential impacts to stakeholders. Each question has an issue to gather WG input:<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"> - Should we replace Full Client, Native Client, and Direct Access Client types with “public clients” and “confidential clients”?<u></u><u></u></p><p class="MsoNormal"> <a href="https://bitbucket.org/openid/igov/issues/56/igov-oauth-replace-full-native-and-direct" target="_blank">openid / igov / issues / #56 - [iGov-OAuth] Replace "Full", "Native", and "Direct Client" types with "Confidential" and "Public client" — Bitbucket</a><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"> - Should we adopt RFC 9068 JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens and eliminate “bearer tokens” as currently defined in the profile?<u></u><u></u></p><p class="MsoNormal"> <a href="https://bitbucket.org/openid/igov/issues/57/igov-oauth-eliminate-bearer-tokens-in" target="_blank">openid / igov / issues / #57 - [iGov-OAuth] Eliminate "bearer tokens" in favor of RFC 9068 JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens — Bitbucket</a><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">- Following resolution of these items and publishing a new editors’ draft (06), the editors intend to send another WGLC message.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Thank you!<u></u><u></u></p><p class="MsoNormal">Kelley Burgin and Tom Clancy, editors<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p></div></div>
_______________________________________________<br>
Openid-specs-igov mailing list<br>
<a href="mailto:Openid-specs-igov@lists.openid.net" target="_blank">Openid-specs-igov@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-igov" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-igov</a><br>
</div></blockquote></div>