A new draft of "Mutual TLS Profile for OAuth 2.0" has been published with the changes listed below based on comments and dissuasion in Prague.
draft-ietf-oauth-mtls-03 <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-03> o Introduced metadata and client registration parameter to publish and request support for mutual TLS sender constrained access tokens o Added description of two methods of binding the cert and client, PKI and Public Key. o Indicated that the "tls_client_auth" authentication method is for the PKI method and introduced "pub_key_tls_client_auth" for the Public Key method o Added implementation considerations, mainly regarding TLS stack configuration and trust chain validation, as well as how to to do binding of access tokens to a TLS client certificate for public clients, and considerations around certificate bound access tokens o Added new section to security considerations on cert spoofing o Add text suggesting that a new cnf member be defined in the future, if hash function(s) other than SHA-256 need to be used for certificate thumbprints ---------- Forwarded message ---------- From: <internet-dra...@ietf.org> Date: Fri, Jul 28, 2017 at 12:25 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-03.txt To: i-d-annou...@ietf.org Cc: oauth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : Mutual TLS Profile for OAuth 2.0 Authors : Brian Campbell John Bradley Nat Sakimura Torsten Lodderstedt Filename : draft-ietf-oauth-mtls-03.txt Pages : 17 Date : 2017-07-28 Abstract: This document describes Transport Layer Security (TLS) mutual authentication using X.509 certificates as a mechanism for OAuth client authentication to the token endpoint as well as for certificate bound sender constrained access tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-mtls-03 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
