draft-ietf-oauth-identity-chaining-04
·
19 commits
to main
since this release
-04
Clarified diagrams and description of authorization server acting as a client.
Remove references to sd-jwt.
Added text to recommend use of explicit typing.
Added security consideration on preventing lateral moves.
Editorial updates to be consistent about the trust domain for a client, authorization server or resource server.
Added sender constraining of tokens to security considerations