Curity propose enhancements to OAuth 2.0

Curity have submitted a draft RFC, The OAuth 2.0 Authorization Framework: Claims.

In the RFC, we propose an extension of OAuth 2.0 to include the claims concept from OpenID Connect, which we believe would strengthen the OAuth framework.

This mechanism could be used both during the authorization and refresh request, it also defines a response parameter of the token and introspection endpoints that indicates to the caller which claims were authorized by the resource owner.

You can view the draft RFC here.

Travis Spencer, identity specialist and CEO of Curity, will be at the IEFT 106 meeting in Singapore 16-22 November to present and discuss the RFC.