Hello everyone, This is a follow to IETF 104 Thursday, March 28, 2019 OAuth meeting where we discussed the MTLS update.
In the meeting we discussed the mtls_endpoint_aliases discovery property that exposes mutual-TLS enabled endpoints in addition to ones that don't have mutual-TLS enabled. We're doing this so that there are no cert selection popups for end-users when AS supports a mix of mtls and non-mtls interactions at e.g. the token endpoint. Annabelle brought up an issue on this list and in the meeting about the *_endpoint_auth_methods_supported discovery properties - about "this" endpoint which is now potentially in two places. I believe we have reached a compromise in the meeting to also allow these properties in the aliases but I cannot find a message about this neither on the list nor in the meeting notes. An example of such discovery document can be found here <https://op.panva.cz/.well-known/openid-configuration> (aliases at the end of the document), notice that self_signed_tls_client_auth is not present in the root *_endpoint_auth_methods_supported properties but is present in the aliases. There have been no published updates to the MTLS draft since and i'm wondering if this is going to make it in the next revision. I also do not wish this point to get forgotten, hence this message. Best, *Filip*
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
