First, thank you to the authors for the significant progress on this draft since the last WG Last call <https://mailarchive.ietf.org/arch/msg/oauth/fkmkT2f5o-4iktHR9O5xkHK62W4/>.
Second, on review of the latest, there are still some areas that could be improved. For this last call, I just went direct to github with review items: - Txn-Token vs Txn-Token <https://github.com/oauth-wg/oauth-transaction-tokens/issues/334> - "This claim MUST be omitted if not set." <https://github.com/oauth-wg/oauth-transaction-tokens/issues/333> - Txn-Token Request: OPTIONAL is different than RECOMMENDED <https://github.com/oauth-wg/oauth-transaction-tokens/issues/332> - ... req_wl ... <https://github.com/oauth-wg/oauth-transaction-tokens/issues/331> - tctx/rctx/scope <https://github.com/oauth-wg/oauth-transaction-tokens/issues/330> - iss issue <https://github.com/oauth-wg/oauth-transaction-tokens/issues/329> - Assuming lists were wanted? <https://github.com/oauth-wg/oauth-transaction-tokens/issues/328> - merge Introduction and Overview <https://github.com/oauth-wg/oauth-transaction-tokens/issues/327> and indirectly via slack: rearranged spurious lines in the document history section <https://github.com/oauth-wg/oauth-transaction-tokens/pull/320> Added doc history <https://github.com/oauth-wg/oauth-transaction-tokens/pull/319> On Fri, Mar 27, 2026 at 6:21 AM Rifaat Shekh-Yusef via Datatracker < [email protected]> wrote: > This message starts a WG Last Call for: > draft-ietf-oauth-transaction-tokens-08 > > This Working Group Last Call ends on 2026-04-10 > > Abstract: > Transaction Tokens (Txn-Tokens) are designed to maintain and > propagate user identity, workload identity and authorization context > throughout the Call Chain within a trusted domain during the > processing of external requests (e.g. such as API calls) or requests > initiated internally within the trust domain. Txn-Tokens ensure that > this context is preserved throughout the Call Chain thereby enhancing > security and consistency in complex, multi-service architectures. > > File can be retrieved from: > > Please review and indicate your support or objection to proceed with the > publication of this document by replying to this email keeping > [email protected] > in copy. Objections should be explained and suggestions to resolve them are > highly appreciated. > > Authors, and WG participants in general, are reminded of the Intellectual > Property Rights (IPR) disclosure obligations described in BCP 79 [1]. > Appropriate IPR disclosures required for full conformance with the > provisions > of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. > Sanctions available for application to violators of IETF IPR Policy can be > found at [3]. > > Thank you. > > [1] https://datatracker.ietf.org/doc/bcp78/ > [2] https://datatracker.ietf.org/doc/bcp79/ > [3] https://datatracker.ietf.org/doc/rfc6701/ > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-08.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-transaction-tokens-08 > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
