The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification! This specification provides a mechanism for an application to use an identity assertion to obtain an access token for a third-party API by coordinating through a common enterprise identity provider" This is the basis of Cross App Access (XAA), providing IT admins better visibility and control of app-to-app connections by configuring the connections in their enterprise IdP. While it will still be a while before it is an RFC, this is an important step in the standards process, as this is the first ti... aaronparecki.com