**Session Date/Time:** 09 Nov 2023 08:30 # gnap ## Summary This gnap meeting focused on updates to the core protocol and resource server (RS) drafts. The core draft is currently in ISG review, with no major changes expected. The RS draft has undergone significant revisions, including the addition of security and privacy considerations, and clarification on AS-specific tokens. The editors are targeting working group last call for the RS draft before the Brisbane IETF meeting. ## Key Discussion Points * **Core Draft Status:** The core draft is in ISG review. Initial feedback suggests clarifications are needed but no major normative changes. * **RS Draft Updates:** Significant changes have been made to the RS draft, including: * Addition of security and privacy considerations, focusing on the RS and AS relationship. * Expanded discussion on AS-specific tokens for protecting RS-facing APIs (introspection, resource registration, discovery). * Clarification on how resource set identifiers are used in resource registration and token requests. * **AS-Specific Tokens:** Emphasis on the importance of the AS minting different access tokens for its own APIs versus those used by external RSs to prevent information leakage. * **Resource Set Identifier Flow:** Clarified the process of how the RS informs the AS of resources it wants to protect and the client requests access to these resources using the opaque identifier. * **Implementation Status:** The RS draft lacks an implementation status section, which needs to be addressed. ## Decisions and Action Items * **Action Item:** Request an early review of the RS draft from the security directorate. (Roman agreed to this) * **Decision:** The specification of how to obtain AS-specific tokens will remain out of scope for the RS draft. * **Action Item:** Editors to remove the implementation status section from the RS draft and move it to the working group's GitHub wiki. * **Action Item:** Editors to address open issues in the RS draft's issue tracker. * **Goal:** Editors aim to get the RS draft into working group last call before the Brisbane IETF meeting. ## Next Steps * Continue addressing comments from the ISG review on the core draft. * Address remaining issues in the RS draft based on internal discussion. * Prepare a new version of the RS draft with the changes. * Solicit further review of the updated RS draft, especially the security considerations.