I’ve reviewed the changes and it looks good to me. Thanks, Brian! — Justin
> On May 7, 2018, at 4:16 PM, Brian Campbell <bcampb...@pingidentity.com> wrote: > > has *been* published > > sigh > > On Mon, May 7, 2018 at 2:14 PM, Brian Campbell <bcampb...@pingidentity.com > <mailto:bcampb...@pingidentity.com>> wrote: > A new draft of the OAuth 2.0 Mutual TLS Client Authentication and Certificate > Bound Access Tokens specification has published with changes addressing > review comments from Working Group Last Call. Thanks in particular to Justin > Richer and Neil Madden for the detailed reviews. A summary of the changes > (copied from the document history) is below. > > draft-ietf-oauth-mtls-08 > > o Incorporate clarifications and editorial improvements from Justin > Richer's WGLC review > o Drop the use of the "sender constrained" terminology per WGLC > feedback from Neil Madden (including changing the metadata > parameters from mutual_tls_sender_constrained_access_tokens to > tls_client_certificate_bound_access_tokens) > o Add a new security considerations section on X.509 parsing and > validation per WGLC feedback from Neil Madden and Benjamin Kaduk > o Note that a server can terminate TLS at a load balancer, reverse > proxy, etc. but how the client certificate metadata is securely > communicated to the backend is out of scope per WGLC feedback > o Note that revocation checking is at the discretion of the AS per > WGLC feedback > o Editorial updates and clarifications > o Update draft-ietf-oauth-discovery reference to -10 and draft-ietf- > oauth-token-binding to -06 > o Add folks involved in WGLC feedback to the acknowledgements list > > > > ---------- Forwarded message ---------- > From: <internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>> > Date: Mon, May 7, 2018 at 2:00 PM > Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-08.txt > To: i-d-annou...@ietf..org <mailto:i-d-annou...@ietf.org> > Cc: oauth@ietf.org <mailto:oauth@ietf.org> > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : OAuth 2.0 Mutual TLS Client Authentication and > Certificate Bound Access Tokens > Authors : Brian Campbell > John Bradley > Nat Sakimura > Torsten Lodderstedt > Filename : draft-ietf-oauth-mtls-08.txt > Pages : 21 > Date : 2018-05-07 > > Abstract: > This document describes OAuth client authentication and certificate > bound access tokens using mutual Transport Layer Security (TLS) > authentication with X.509 certificates. OAuth clients are provided a > mechanism for authentication to the authorization sever using mutual > TLS, based on either single certificates or public key infrastructure > (PKI). OAuth authorization servers are provided a mechanism for > binding access tokens to a client's mutual TLS certificate, and OAuth > protected resources are provided a method for ensuring that such an > access token presented to it was issued to the client presenting the > token. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ > <https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/> > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-oauth-mtls-08 > <https://tools.ietf.org/html/draft-ietf-oauth-mtls-08> > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-08 > <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-08> > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-08 > <https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-08> > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org > <http://tools.ietf.org/>. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ <ftp://ftp.ietf.org/internet-drafts/> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited.. If you have > received this communication in error, please notify the sender immediately by > e-mail and delete the message and any file attachments from your computer. > Thank you._______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
