[Openid-specs-fapi] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt

Nat Sakimura nat at sakimura.org
Tue Oct 11 04:19:09 UTC 2016 

 

Thanks! 

Now the ball is in my court to apply the changes and do the draft split
... 

Nat 

On 2016-10-11 11:58, Preibisch, Sascha H via Openid-specs-fapi wrote: 

> +1 
> 
> From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of John Bradley via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
> Reply-To: John Bradley <ve7jtb at ve7jtb.com>, Financial API Working Group List <openid-specs-fapi at lists.openid.net>
> Date: Monday, October 10, 2016 at 1:59 PM
> To: OAuth WG <oauth at ietf.org>
> Cc: Nat Sakimura via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
> Subject: [Openid-specs-fapi] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt 
> 
> At the request of the OpenID Foundation Financial Services API Working group, Brian Campbell and I have documented 
> mutual TLS client authentication. This is something that lots of people do in practice though we have never had a spec for it. 
> 
> The Banks want to use it for some server to server API use cases being driven by new open banking regulation. 
> 
> The largest thing in the draft is the IANA registration of "tls_client_auth" Token Endpoint authentication method for use in Registration and discovery. 
> 
> The trust model is intentionally left open so that you could use a "common name" and a restricted list of CA or a direct lookup of the subject public key against a reregistered value, or something in between. 
> 
> I hope that this is non controversial and the WG can adopt it quickly. 
> 
> Regards 
> John B. 
> 
>> Begin forwarded message: 
>> 
>> FROM: internet-drafts at ietf.org
>> 
>> SUBJECT: NEW VERSION NOTIFICATION FOR DRAFT-CAMPBELL-OAUTH-TLS-CLIENT-AUTH-00.TXT
>> 
>> DATE: October 10, 2016 at 5:44:39 PM GMT-3
>> 
>> TO: "Brian Campbell" <brian.d.campbell at gmail.com>, "John Bradley" <ve7jtb at ve7jtb.com>
>> 
>> A new version of I-D, draft-campbell-oauth-tls-client-auth-00.txt
>> has been successfully submitted by John Bradley and posted to the
>> IETF repository.
>> 
>> Name: draft-campbell-oauth-tls-client-auth
>> Revision: 00
>> Title: Mutual X.509 Transport Layer Security (TLS) Authentication for OAuth Clients
>> Document date: 2016-10-10
>> Group: Individual Submission
>> Pages: 5
>> URL: https://www.ietf.org/internet-drafts/draft-campbell-oauth-tls-client-auth-00.txt [1]
>> Status: https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/ [2]
>> Htmlized: https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00 [3]
>> 
>> Abstract:
>> This document describes X.509 certificates as OAuth client
>> credentials using Transport Layer Security (TLS) mutual
>> authentication as a mechanism for client authentication to the
>> authorization server's token endpoint.
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org [4].
>> 
>> The IETF Secretariat
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi [5]
 

Links:
------
[1]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00.txt&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=260YDXh2PcZARRiXTxOl8pc5v0ziWSLzLiG9CI0OOlI&e=
[2]
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth_&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=NOkb8avw2ZN74wW-gLDbuZfXskqV9xRqyYvV5Fg18_Y&e=
[3]
https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=9z770xRpUnNkMOo9UDUj5gYGUZXwQljipKvN0VfMC74&e=
[4]
https://urldefense.proofpoint.com/v2/url?u=http-3A__tools.ietf.org&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=kqP8TZStoJyWhk2OJiXgoNTWIsNvNH5qgGX7QBWBHWA&e=
[5] http://lists.openid.net/mailman/listinfo/openid-specs-fapi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20161011/980b3c9c/attachment.html>

More information about the Openid-specs-fapi mailing list