[Openid-specs-fapi] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt

Preibisch, Sascha H Sascha.Preibisch at ca.com
Tue Oct 11 02:58:53 UTC 2016


+1

From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net<mailto:openid-specs-fapi-bounces at lists.openid.net>> on behalf of John Bradley via Openid-specs-fapi <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>>
Reply-To: John Bradley <ve7jtb at ve7jtb.com<mailto:ve7jtb at ve7jtb.com>>, Financial API Working Group List <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>>
Date: Monday, October 10, 2016 at 1:59 PM
To: OAuth WG <oauth at ietf.org<mailto:oauth at ietf.org>>
Cc: Nat Sakimura via Openid-specs-fapi <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>>
Subject: [Openid-specs-fapi] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt

At the request of the OpenID Foundation Financial Services API Working group, Brian Campbell and I have documented
mutual TLS client authentication.   This is something that lots of people do in practice though we have never had a spec for it.

The Banks want to use it for some server to server API use cases being driven by new open banking regulation.

The largest thing in the draft is the IANA registration of "tls_client_auth" Token Endpoint authentication method for use in Registration and discovery.

The trust model is intentionally left open so that you could use a "common name" and a restricted list of CA or a direct lookup of the subject public key against a reregistered value,  or something in between.

I hope that this is non controversial and the WG can adopt it quickly.

Regards
John B.




Begin forwarded message:

From: internet-drafts at ietf.org<mailto:internet-drafts at ietf.org>
Subject: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt
Date: October 10, 2016 at 5:44:39 PM GMT-3
To: "Brian Campbell" <brian.d.campbell at gmail.com<mailto:brian.d.campbell at gmail.com>>, "John Bradley" <ve7jtb at ve7jtb.com<mailto:ve7jtb at ve7jtb.com>>


A new version of I-D, draft-campbell-oauth-tls-client-auth-00.txt
has been successfully submitted by John Bradley and posted to the
IETF repository.

Name: draft-campbell-oauth-tls-client-auth
Revision: 00
Title: Mutual X.509 Transport Layer Security (TLS) Authentication for OAuth Clients
Document date: 2016-10-10
Group: Individual Submission
Pages: 5
URL:            https://www.ietf.org/internet-drafts/draft-campbell-oauth-tls-client-auth-00.txt<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00.txt&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=260YDXh2PcZARRiXTxOl8pc5v0ziWSLzLiG9CI0OOlI&e=>
Status:         https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth_&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=NOkb8avw2ZN74wW-gLDbuZfXskqV9xRqyYvV5Fg18_Y&e=>
Htmlized:       https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=9z770xRpUnNkMOo9UDUj5gYGUZXwQljipKvN0VfMC74&e=>


Abstract:
  This document describes X.509 certificates as OAuth client
  credentials using Transport Layer Security (TLS) mutual
  authentication as a mechanism for client authentication to the
  authorization server's token endpoint.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__tools.ietf.org&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=kqP8TZStoJyWhk2OJiXgoNTWIsNvNH5qgGX7QBWBHWA&e=>.

The IETF Secretariat


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20161011/0bc287c1/attachment-0001.html>


More information about the Openid-specs-fapi mailing list