<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body style='font-family: Verdana,Geneva,sans-serif'>
<p>Thanks! </p>
<p>Now the ball is in my court to apply the changes and do the draft split ... </p>
<p>Nat</p>
<p> </p>
<div> </div>
<p>On 2016-10-11 11:58, Preibisch, Sascha H via Openid-specs-fapi wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div>+1</div>
<div> </div>
<div style="font-family: Calibri; font-size: 11pt; text-align: left; color: black; border-bottom: medium none; border-left: medium none; padding-bottom: 0in; padding-left: 0in; padding-right: 0in; border-top: #b5c4df 1pt solid; border-right: medium none; padding-top: 3pt;"><span style="font-weight: bold;">From: </span>Openid-specs-fapi <<a href="mailto:openid-specs-fapi-bounces@lists.openid.net">openid-specs-fapi-bounces@lists.openid.net</a>> on behalf of John Bradley via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>><br /><span style="font-weight: bold;">Reply-To: </span>John Bradley <<a href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a>>, Financial API Working Group List <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>><br /><span style="font-weight: bold;">Date: </span>Monday, October 10, 2016 at 1:59 PM<br /><span style="font-weight: bold;">To: </span>OAuth WG <<a href="mailto:oauth@ietf.org">oauth@ietf.org</a>><br /><span style="font-weight: bold;">Cc: </span>Nat Sakimura via Openid-specs-fapi <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>><br /><span style="font-weight: bold;">Subject: </span>[Openid-specs-fapi] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt</div>
<div> </div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">At the request of the OpenID Foundation Financial Services API Working group, Brian Campbell and I have documented
<div>mutual TLS client authentication. This is something that lots of people do in practice though we have never had a spec for it.</div>
<div> </div>
<div>The Banks want to use it for some server to server API use cases being driven by new open banking regulation.</div>
<div> </div>
<div>The largest thing in the draft is the IANA registration of “tls_client_auth” Token Endpoint authentication method for use in Registration and discovery.</div>
<div> </div>
<div>The trust model is intentionally left open so that you could use a “common name” and a restricted list of CA or a direct lookup of the subject public key against a reregistered value, or something in between.</div>
<div> </div>
<div>I hope that this is non controversial and the WG can adopt it quickly.</div>
<div> </div>
<div>Regards</div>
<div>John B.</div>
<div> </div>
<div> </div>
<div><br />
<div><br />
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px">
<div>Begin forwarded message:</div>
<br class="Apple-interchange-newline" />
<div style="margin: 0px;"><span style="font-family: -webkit-system-font,; color: #000000;"><strong>From: </strong></span><span style="font-family: -webkit-system-font,;"><a href="mailto:internet-drafts@ietf.org">internet-drafts@ietf.org</a><br /></span></div>
<div style="margin: 0px;"><span style="font-family: -webkit-system-font,; color: #000000;"><strong>Subject: </strong></span><span style="font-family: -webkit-system-font,;"><strong>New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt</strong><br /></span></div>
<div style="margin: 0px;"><span style="font-family: -webkit-system-font,; color: #000000;"><strong>Date: </strong></span><span style="font-family: -webkit-system-font,;">October 10, 2016 at 5:44:39 PM GMT-3<br /></span></div>
<div style="margin: 0px;"><span style="font-family: -webkit-system-font,; color: #000000;"><strong>To: </strong></span><span style="font-family: -webkit-system-font,;">"Brian Campbell" <<a href="mailto:brian.d.campbell@gmail.com">brian.d.campbell@gmail.com</a>>, "John Bradley" <<a href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a>><br /></span></div>
<br />
<div>
<div><br /> A new version of I-D, draft-campbell-oauth-tls-client-auth-00.txt<br /> has been successfully submitted by John Bradley and posted to the<br /> IETF repository.<br /><br /> Name:<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"></span>draft-campbell-oauth-tls-client-auth<br /> Revision:<span class="Apple-tab-span" style="white-space: pre;"> </span>00<br /> Title:<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"></span>Mutual X.509 Transport Layer Security (TLS) Authentication for OAuth Clients<br /> Document date:<span class="Apple-tab-span" style="white-space: pre;"> </span>2016-10-10<br /> Group:<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"></span>Individual Submission<br /> Pages:<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"></span>5<br /> URL: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00.txt&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=260YDXh2PcZARRiXTxOl8pc5v0ziWSLzLiG9CI0OOlI&e=">https://www.ietf.org/internet-drafts/draft-campbell-oauth-tls-client-auth-00.txt</a><br /> Status: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth_&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=NOkb8avw2ZN74wW-gLDbuZfXskqV9xRqyYvV5Fg18_Y&e=">https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/</a><br /> Htmlized: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=9z770xRpUnNkMOo9UDUj5gYGUZXwQljipKvN0VfMC74&e=">https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00</a><br /><br /><br /> Abstract:<br /> This document describes X.509 certificates as OAuth client<br /> credentials using Transport Layer Security (TLS) mutual<br /> authentication as a mechanism for client authentication to the<br /> authorization server's token endpoint.<br /><br /><br /><br /><br /> Please note that it may take a couple of minutes from the time of submission<br /> until the htmlized version and diff are available at <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__tools.ietf.org&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=kqP8TZStoJyWhk2OJiXgoNTWIsNvNH5qgGX7QBWBHWA&e="> tools.ietf.org</a>.<br /><br /> The IETF Secretariat<br /><br /></div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<!-- html ignored --><br />
<pre>_______________________________________________
Openid-specs-fapi mailing list
<a href="mailto:Openid-specs-fapi@lists.openid.net">Openid-specs-fapi@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a>
</pre>
</blockquote>
</body></html>