[Openid-specs-fapi] [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt

Torsten Lodderstedt torsten at lodderstedt.net
Sun Nov 13 03:33:38 UTC 2016


Hi John and Brian,

thanks for writting this draft.

One question: how does the AS determine the authentication method is TLS 
authentication? I think you assume this is defined by the 
client-specific policy, independent of whether the client is registered 
automatically or manually. Would you mind to explicitely state this in 
the draft?

best regards,
Torsten.

Am 11.10.2016 um 05:59 schrieb John Bradley:
> At the request of the OpenID Foundation Financial Services API Working 
> group, Brian Campbell and I have documented
> mutual TLS client authentication.   This is something that lots of 
> people do in practice though we have never had a spec for it.
>
> The Banks want to use it for some server to server API use cases being 
> driven by new open banking regulation.
>
> The largest thing in the draft is the IANA registration of 
> “tls_client_auth” Token Endpoint authentication method for use in 
> Registration and discovery.
>
> The trust model is intentionally left open so that you could use a 
> “common name” and a restricted list of CA or a direct lookup of the 
> subject public key against a reregistered value,  or something in between.
>
> I hope that this is non controversial and the WG can adopt it quickly.
>
> Regards
> John B.
>
>
>
>
>> Begin forwarded message:
>>
>> *From: *internet-drafts at ietf.org <mailto:internet-drafts at ietf.org>
>> *Subject: **New Version Notification for 
>> draft-campbell-oauth-tls-client-auth-00.txt*
>> *Date: *October 10, 2016 at 5:44:39 PM GMT-3
>> *To: *"Brian Campbell" <brian.d.campbell at gmail.com 
>> <mailto:brian.d.campbell at gmail.com>>, "John Bradley" 
>> <ve7jtb at ve7jtb.com <mailto:ve7jtb at ve7jtb.com>>
>>
>>
>> A new version of I-D, draft-campbell-oauth-tls-client-auth-00.txt
>> has been successfully submitted by John Bradley and posted to the
>> IETF repository.
>>
>> Name:draft-campbell-oauth-tls-client-auth
>> Revision:00
>> Title:Mutual X.509 Transport Layer Security (TLS) Authentication for 
>> OAuth Clients
>> Document date:2016-10-10
>> Group:Individual Submission
>> Pages:5
>> URL: 
>> https://www.ietf.org/internet-drafts/draft-campbell-oauth-tls-client-auth-00.txt
>> Status: 
>> https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/
>> Htmlized: 
>> https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00
>>
>>
>> Abstract:
>>   This document describes X.509 certificates as OAuth client
>>   credentials using Transport Layer Security (TLS) mutual
>>   authentication as a mechanism for client authentication to the
>>   authorization server's token endpoint.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of 
>> submission
>> until the htmlized version and diff are available at tools.ietf.org 
>> <http://tools.ietf.org>.
>>
>> The IETF Secretariat
>>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth at ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20161113/674e46d2/attachment-0001.html>


More information about the Openid-specs-fapi mailing list