I'm happy to announce that a new revision of the OAuth Mutual TLS draft has been published (just a couple weeks later than expected). The changes, which are listed below, are largely aimed at addressing comments/requests from the WG meeting in Singapore.
draft-ietf-oauth-mtls-06 - Add an appendix section describing the relationship of this document to OAuth Token Binding as requested during the the Singapore meeting https://datatracker.ietf.org/doc/minutes-100-oauth/ <https://datatracker.ietf.org/doc/minutes-100-oauth/> - Add an explicit note that the implicit flow is not supported for obtaining certificate bound access tokens as discussed at the Singapore meeting https://datatracker.ietf.org/doc/minutes-100-oauth/ - Add/incorporate text to the Security Considerations on Certificate Spoofing as suggested https://mailarchive.ietf.org/a rch/msg/oauth/V26070X-6OtbVSeUz_7W2k94vCo <https://mailarchive.ietf.org/arch/msg/oauth/V26070X-6OtbVSeUz_7W2k94vCo> - Changed the title to be more descriptive - Move the Security Considerations section to before the IANA Considerations - Elaborated on certificate bound access tokens a bit more in the Abstract - Update draft-ietf-oauth-discovery reference to -08 ---------- Forwarded message ---------- From: <[email protected]> Date: Mon, Jan 15, 2018 at 4:33 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-06.txt To: [email protected] Cc: [email protected] A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens Authors : Brian Campbell John Bradley Nat Sakimura Torsten Lodderstedt Filename : draft-ietf-oauth-mtls-06.txt Pages : 20 Date : 2018-01-15 Abstract: This document describes Transport Layer Security (TLS) mutual authentication using X.509 certificates as a mechanism for OAuth client authentication to the authorization sever as well as for certificate bound sender constrained access tokens as a method for a protected resource to ensure that an access token presented to it by a given client was issued to that client by the authorization server. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-mtls-06 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
