The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification!
This specification provides a mechanism for an application to use an identity assertion to obtain an access token for a third-party API by coordinating through a common enterprise identity provider
This is the basis of Cross App Access (XAA), providing IT admins better visibility and control of app-to-app connections by configuring the connections in their enterprise IdP.
While it will still be a while before it is an RFC, this is an important step in the standards process, as this is the first time the document is "official"! This signifies that the working group agrees that the problem is worth solving, and agrees on the general direction of the spec.
Thanks to everyone for your contributions and feedback so far!
And thanks to my co-authors Karl McGuinness and Brian Campbell!
