Page Comparison

...

If you are interested to contribute to the Work Group's efforts, we are happy to welcome you – see the wiki home page for information on joining as a participant. Note that we have a Legal Subgroup as well.

GitHub issues	use cases/ priorities technical issues/ proposals	#IoT: IoT (constrained entities, offline entities, etc.)	#APIsec: API security (enterprise RO, AS-RS tight)	#fedauthz: federated authorization (enterprise RO, AS-RS loose)	#RSctrl: RS can throttle access beyond AS-imposed limits	#ROctrl: RO can meaningfully throttle access that RS gives	#wideeco: wide ecosystem: RO's AS and RqP's IdP never met before, etc.	#trust: UMA model text for access federations and tools for building agreements and receipts	#security: fix security bugs	#simplify: simplify the protocol and make it work more like OAuth (thus includes feature addition too)	#shoebox: consent and notice and information sharing matters
	priorities	3	5	5	2 (includes legal)	2 (includes legal)	2	2 (includes legal)	1	2	4
153, 154	AAT burden [DONE]	X			X		X			X
153, 238	OAuth token endpoint realignment [DONE]		X				X			X
51	self-contained token validation [DONE]	X
152	permission registration [DONE]
157, 159	discovery document alignment [DONE]		X							X
167 , 205 (closed), 239 (closed)	session fixation attack in claims-gathering protocol and similar [DONE]								X
155	RSR endpoint URL has extraneous parts [DONE]									X
158	"scopes" is confusing in introspection response [DONE]									X
165	client can't specify scopes [DONE]									X
167, 237	simplify "need_info" and claims-gathering endpoint provisioning [DONE]									X
254	Hashed claims discovery [consider]
260	Cascading authorization servers [consider]			X	X	X
24, 224	audit whether RS gave access per permissions / "shoebox" endpoint [consider]				X	X		X			X
20, 154	client-to-AS-first efficiency [keep in backlog]		X	X
95	multiple-AS protection over a single resource set [keep in backlog]		X	X				X

Versions Compared

Old Version 19

New Version Current

Key