Hi IDEL WG, Sorry I'll miss the Tuesday morning WG meeting, though I plan to remotely join the FedSec meeting later in the day if possible. In prior IDEL WG meetings I promised a draft spec on OAuth2 certificate delegation in MyProxy. I invite your comments on our v0.1 draft: http://redmine.ogf.org/dmsf_files/13113 - Word version http://goo.gl/VnMKXS - public Google Doc version http://goo.gl/T6VOty - editable Google Doc (contact me for edit access) It uses the OpenID Connect UserInfo endpoint to deliver information about the certificate subject and defines a GetCert endpoint for obtaining the certificate, using the OAuth authorization code flow supporting refresh tokens. It's a work in progress. We haven't released any code that implements it yet. Ideally it can be generalized to not be so MyProxy-focused. I think others are already doing something similar, so I'm curious to learn how it compares to other approaches. Thanks, Jim