Skip to content

Instantly share code, notes, and snippets.

@anubhavg-icpl

anubhavg-icpl/identity-rfc.md

Created December 26, 2025 08:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save anubhavg-icpl/0d29b3a1929d8df146ee2254a7915067 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save anubhavg-icpl/0d29b3a1929d8df146ee2254a7915067 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
identity-rfc.md

1. What “Identity” Means in the Context of IETF RFC Standards

In the IETF standards process, identity-related RFCs can refer to:

  1. Protocols or extensions that define identity formats, representations, or attributes
  2. Protocols that support authentication and identity assurance
  3. Protocols focused on identity management across systems/domains
  4. Identity-related encryption or identifier representation mechanisms

There is no official IETF category labeled “identity” that lists all RFCs by that topic, so any enumeration must be approximate based on inclusion criteria.

2. Examples of Identity-Relevant RFCs (Non-Exhaustive)

Below are representative RFCs that explicitly relate to identity mechanisms:

Identity Representation / Protocols

  • RFC 3182 – Identity representation in RSVP protocols (policy and identity data) ([RFC Editor][1])
  • RFC 4282 / RFC 7542 – Network Access Identifier (NAI) standards (identify users for network access) ([Wikipedia][2])

Authenticated Identity in Protocols

  • RFC 4474 – SIP identity header for authenticated originator identification ([RFC Editor][3])
  • RFC 8224 – Updated SIP Identity mechanism replacing RFC 4474 ([IETF Datatracker][4])

Identity Management Protocols

  • RFC 7643 – SCIM Core Schema (identity management schema) ([IETF Datatracker][5])
  • RFC 7644 – SCIM Protocol (protocol for CRUD of identity resources) ([IETF Datatracker][6])

Encryption / Identity Architecture

  • RFC 5408 – Identity-Based Encryption architecture ([IETF Datatracker][7])

OAuth/OIDC related identity standards (not all RFCs, but identity relevant)

  • OAuth 2.0 base: RFC 6749, RFC 6750
  • Many OAuth extension RFCs (30+ related specs) ([Curity][8])

Additionally, OpenID Connect itself is a major identity specification built atop OAuth 2.0, though OpenID Connect itself is a standard from the OpenID Foundation (not an IETF RFC). ([OpenID Foundation][9])

3. Total Number of Identity-Related RFCs (Approximate)

A. Strict IETF RFCs That Explicitly Address Identity Standards

Using inclusive criteria for RFCs that define identity protocols, formats, or management directly, the count is modest:

Category Approximate Count
Identity representation / identifiers ~5–10 RFCs
Identity authentication mechanisms (e.g., SIP identity) ~2–5 RFCs
Identity management protocols (SCIM) ~2 RFCs
Identity-related encryption/architecture ~1–3 RFCs

Total (strict identity focus): ~10–20 RFCs

This is a rough approximation, not an official count.

B. Expanded Identity Ecosystem RFCs

If you include all protocols used in identity deployments (e.g., OAuth 2.0 core + extensions, JOSE, JWT profiles, token profiles, discovery, device flows, mutual TLS client auth, etc.):

  • OAuth 2.0 core + token profiles: ~10+ RFCs
  • OAuth 2.0 extensions and bearer token specs: ~20–30+ RFCs ([Curity][8])
  • JWT/JOSE family (JSON Web Token, JWS, JWE, etc.): ~10+ RFCs

Expanded total (identity ecosystem): ~50–70+ RFCs

This is a practical engineering view, not a formal IETF classification.

4. Identity “Use Cases” in RFC Standards

Use cases across identity RFCs generally include:

  1. User authentication and identity assertion

    • Verifying that an entity is who it claims to be (e.g., OpenID Connect/OAuth identity flows)

  2. Identity representation and identifiers

    • Standard formats and semantics for identifiers (e.g., NAI, SCIM schemas)

  3. Identity propagation

    • Conveying identity information across protocols (SIP Identity)

  4. Cross-domain identity management

    • CRUD of identity resources across domains (SCIM)

  5. Identity-based encryption and key binding

    • Using identity in cryptographic systems (RFC 5408)

  6. Authorization context conveying identity attributes

    • Tokens carrying claims used for access and identity decisions (OAuth/JWT)

These are the major use case categories reflected in the ensemble of identity-related RFCs.

5. Summary

  • There is no official RFC “identity” category; identity relevance is determined by function.
  • A strict count of RFCs focused primarily on identity standards is approximately 10–20 RFCs.
  • If you include identity ecosystem standards (OAuth, token profiles, etc.), the count exceeds 50 RFCs.
  • Identity use cases span authentication, identifiers, management, propagation, and encryption across protocols.

[1]: https://www.rfc-editor.org/rfc/rfc3182.html "RFC 3182: Identity Representation for RSVP"
[2]: https://en.wikipedia.org/wiki/Network_Access_Identifier "Network Access Identifier"
[3]: https://www.rfc-editor.org/rfc/rfc4474.html "RFC 4474: Enhancements for Authenticated Identity ..."
[4]: https://datatracker.ietf.org/doc/html/rfc8224 "RFC 8224 - Authenticated Identity Management in the ..."
[5]: https://datatracker.ietf.org/doc/html/rfc7643 "RFC 7643 - System for Cross-domain Identity Management"
[6]: https://datatracker.ietf.org/doc/html/rfc7644 "RFC 7644 - System for Cross-domain Identity Management"
[7]: https://datatracker.ietf.org/doc/html/rfc5408 "RFC 5408 - Identity-Based Encryption Architecture and ..."
[8]: https://curity.io/resources/learn/oauth-supported-standards/ "Supported OAuth 2.0 RFCs"
[9]: https://openid.net/specs/openid-connect-core-1_0.html "OpenID Connect Core 1.0 incorporating errata set 2"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment