Thanks for the feedback. Generally any OAuth client could make use of this authentication method if they so wish, however the types of client this draft has initially been designed for are ones that don’t typically have good direct authentication options available today (e.g public clients).
Thanks, [MATTR website]<https://mattr.global/> Tobias Looker MATTR +64 273 780 461 tobias.looker@mattr.global<mailto:first.last@mattr.global> [MATTR website]<https://mattr.global/> [MATTR on LinkedIn]<https://www.linkedin.com/company/mattrglobal> [MATTR on Twitter]<https://twitter.com/mattrglobal> [MATTR on Github]<https://github.com/mattrglobal> This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it – please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. From: Orie Steele <orie@transmute.industries> Date: Friday, 21 July 2023 at 7:05 AM To: Tobias Looker <tobias.looker@mattr.global> Cc: oauth@ietf.org <oauth@ietf.org> Subject: Re: [OAUTH-WG] OAuth 2.0 Attestation-Based Client Authentication EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Really excited for this, I'm especially interested in how this might apply to M2M flows, related to this part here: https://datatracker.ietf.org/doc/html/rfc7521#section-4.2 It seems very targeted towards mobile / desktop apps, would it work for servers / command line tools, etc? OS On Thu, Jul 20, 2023 at 1:57 PM Tobias Looker <tobias.looker=40mattr.glo...@dmarc.ietf.org<mailto:40mattr.glo...@dmarc.ietf.org>> wrote: Hi All, Paul and I would like to draw attention to a new draft we have submitted titled “OAuth 2.0 Attestation-Based Client Authentication” which will be presented at the up and coming IETF 117 meeting during the Friday meeting slot. This draft is related to the group of drafts on verifiable credentials that will be presented during this meeting slot. Specifically this draft is intended to address but not limited to eIDAS 2.0 usage of OpenID4VCI which requires wallet applications to be strongly authenticated via attestations. The current abstract of the draft is as follows: “This specification defines a new method of client authentication for OAuth 2.0 [RFC6749] by extending the approach defined in [RFC7521]. This new method enables client deployments that are traditionally viewed as public clients to be able to authenticate with the authorization server through an attestation based authentication scheme.” Link to the current editors copy => https://datatracker.ietf.org/doc/draft-looker-oauth-attestation-based-client-auth/ Link to the specification repository => https://github.com/vcstuff/draft-looker-oauth-attestation-based-client-auth Thanks, [MATTR website]<https://mattr.global/> Tobias Looker MATTR +64 273 780 461 tobias.looker@mattr.global<mailto:first.last@mattr.global> [MATTR website]<https://mattr.global/> [MATTR on LinkedIn]<https://www.linkedin.com/company/mattrglobal> [MATTR on Twitter]<https://twitter.com/mattrglobal> [MATTR on Github]<https://github.com/mattrglobal> This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it – please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth -- ORIE STEELE Chief Technology Officer www.transmute.industries [Image removed by sender.]<https://transmute.industries/>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
