Skip to content

Commit

Permalink
Merge pull request #147 from ashayraut/main
Browse files Browse the repository at this point in the history
Update Transaction Token Service responsibility for replacement tokens #110
  • Loading branch information
tulshi authored Oct 23, 2024
2 parents e24ef1c + 155974c commit 46a0549
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions draft-ietf-oauth-transaction-tokens.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ contributor:
org: Arm Ltd.
email: [email protected]


normative:
RFC2119: # Keywords
RFC3986: # URI
Expand Down Expand Up @@ -563,7 +562,7 @@ Cache-Control: no-store
{: #figtxtokenresponse title="Example: Txn-Token Response"}

## Creating Replacement Txn-Tokens
A workload within a call chain may request the Transaction Token Server to replace a Txn-Token.
A workload within a call chain may request the Transaction Token Service to replace a Txn-Token.

Workloads MAY request replacement Txn-Tokens in order to change (add to, remove or modify) the asserted values within a Txn-Token.

Expand All @@ -577,6 +576,7 @@ When issuing replacement Txn-Tokens, a Txn-Token Service:
* SHOULD NOT enable modification to asserted values that expand the scope of permitted actions
* MUST NOT modify `sub` and `aud` values of the Txn-Token in the request
* MUST NOT remove any of the existing requesting workload identifiers from the `req_wl` field in the `rctx` claim of the Txn-Token
* MUST NOT issue replacement Txn-token with lifetime exceeding the lifetime of the originally presented token

### Replacement Txn-Token Request
To request a replacement Txn-Token, the requester makes a Txn-Token Request as described in {{txn-token-request}} but includes the Txn-Token to be replaced as the value of the `subject_token` parameter and sets the `subject_token_type` parameter to the value `urn:ietf:params:oauth:token-type:txn_token`. The `scope` value in the replacement request, if different from that in the original Txn-Token, MUST NOT increase the authorization surface beyond that of the original Txn-Token.
Expand Down

0 comments on commit 46a0549

Please sign in to comment.