> -----Original Message----- > From: regext <regext-boun...@ietf.org> On Behalf Of Hollenbeck, Scott > Sent: Tuesday, February 8, 2022 1:58 PM > To: regext@ietf.org > Subject: [EXTERNAL] Re: [regext] I-D Action: draft-ietf-regext-rdap-openid- > 10.txt > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content > is safe. > > > -----Original Message----- > > From: I-D-Announce <i-d-announce-boun...@ietf.org> On Behalf Of > > internet-dra...@ietf.org > > Sent: Tuesday, February 8, 2022 1:53 PM > > To: i-d-annou...@ietf.org > > Cc: regext@ietf.org > > Subject: [EXTERNAL] I-D Action: draft-ietf-regext-rdap-openid-10.txt > > > > Caution: This email originated from outside the organization. Do not > > click links or open attachments unless you recognize the sender and > > know the content is safe. > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Registration Protocols Extensions WG > > of the IETF. > > > > Title : Federated Authentication for the Registration > > Data Access > > Protocol (RDAP) using OpenID Connect > > Author : Scott Hollenbeck > > Filename : draft-ietf-regext-rdap-openid-10.txt > > Pages : 27 > > Date : 2022-02-08 > > > > Abstract: > > The Registration Data Access Protocol (RDAP) provides "RESTful" web > > services to retrieve registration metadata from domain name and > > regional internet registries. RDAP allows a server to make access > > control decisions based on client identity, and as such it includes > > support for client identification features provided by the Hypertext > > Transfer Protocol (HTTP). Identification methods that require > > clients to obtain and manage credentials from every RDAP server > > operator present management challenges for both clients and servers, > > whereas a federated authentication system would make it easier to > > operate and use RDAP without the need to maintain server-specific > > client credentials. This document describes a federated > > authentication system for RDAP based on OpenID Connect. > > [SAH] Please review this, folks. It's been significantly modified since > version - > 09, replacing the token management queries with simpler login, logout, and > session queries. This puts the draft in a much better position with respect to > RDAP behaving like a web service, and it simplifies client processing, too.
[SAH] One thought for improvement: I just realized that the login query returns the claims that describe the end user, but not the complete set of information from the userinfo_endpoint. I missed that - it probably should. Scott _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
