Really excited for this, I'm especially interested in how this might apply to M2M flows, related to this part here: https://datatracker.ietf.org/doc/html/rfc7521#section-4.2
It seems very targeted towards mobile / desktop apps, would it work for servers / command line tools, etc? OS On Thu, Jul 20, 2023 at 1:57 PM Tobias Looker <tobias.looker= 40mattr.glo...@dmarc.ietf.org> wrote: > Hi All, > > > > Paul and I would like to draw attention to a new draft we have submitted > titled “OAuth 2.0 Attestation-Based Client Authentication” which will be > presented at the up and coming IETF 117 meeting during the Friday meeting > slot. This draft is related to the group of drafts on verifiable > credentials that will be presented during this meeting slot. Specifically > this draft is intended to address but not limited to eIDAS 2.0 usage of > OpenID4VCI which requires wallet applications to be strongly authenticated > via attestations. > > > > The current abstract of the draft is as follows: > > > > “This specification defines a new method of client authentication for > OAuth 2.0 [RFC6749] by extending the approach defined in [RFC7521]. This > new method enables client deployments that are traditionally viewed as > public clients to be able to authenticate with the authorization server > through an attestation based authentication scheme.” > > > > Link to the current editors copy => > https://datatracker.ietf.org/doc/draft-looker-oauth-attestation-based-client-auth/ > > > Link to the specification repository => > https://github.com/vcstuff/draft-looker-oauth-attestation-based-client-auth > > > > Thanks, > > [image: MATTR website] <https://mattr.global/> > > > > *Tobias Looker* > > MATTR > > +64 273 780 461 > tobias.looker@mattr.global <first.last@mattr.global> > > [image: MATTR website] <https://mattr.global/> > > [image: MATTR on LinkedIn] <https://www.linkedin.com/company/mattrglobal> > > [image: MATTR on Twitter] <https://twitter.com/mattrglobal> > > [image: MATTR on Github] <https://github.com/mattrglobal> > > > This communication, including any attachments, is confidential. If you are > not the intended recipient, you should not read it – please contact me > immediately, destroy it, and do not copy or use any part of this > communication or disclose anything about it. Thank you. Please note that > this communication does not designate an information system for the > purposes of the Electronic Transactions Act 2002. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
