Building something that doesn't exist yet.

Every tenant node as a sovereign OIDC Provider. Federation between nodes as a consequence of the architecture — not a feature.

As a Brian May said: So still the cloud it hangs, Over us and we're alone, But someday, one day

• The OAuth 2.1 Authorization Framework | draft-ietf-oauth-v2-1-14
• RFC 7519 — JSON Web Token (JWT)
• RFC 7518 — JSON Web Algorithms (JWA)
• RFC 7515 — JSON Web Signature (JWS)
• RFC 7516 — JSON Web Encryption (JWE)
• RFC 7517 — JSON Web Key (JWK)
• RFC 7638 — JSON Web Key (JWK) Thumbprint
• RFC 8037 — CFRG Elliptic Curves for JOSE (OKP/EdDSA)
• RFC 8725 — JWT Best Current Practices
• OpenID Connect Core 1.0
• RFC 7591 — OAuth 2.0 Dynamic Client Registration
• RFC 7592 — OAuth 2.0 Dynamic Client Registration Management
• OpenID Connect Dynamic Client Registration 1.0
• RFC 7523 — JWT Profile for OAuth 2.0 Client Authentication
• RFC 7636 — Proof Key for Code Exchange (PKCE)
• RFC 9101 — JWT-Secured Authorization Requests (JAR)
• RFC 9126 — Pushed Authorization Requests (PAR)
• RFC 9449 — OAuth 2.0 Demonstrating Proof of Possession (DPoP)
• draft-skokan-oauth-additional-hashes-04
• FAPI 2.0 JARM — JWT Secured Authorization Response Mode
• RFC 8707 - Resource Indicators for OAuth 2.0 - In progress
• RFC 9110 - HTTP Semantics - In progress