> -----Original Message----- > From: regext <regext-boun...@ietf.org> On Behalf Of Hollenbeck, Scott > Sent: Wednesday, February 9, 2022 8:35 AM > To: regext@ietf.org > Subject: [EXTERNAL] Re: [regext] I-D Action: draft-ietf-regext-rdap-openid- > 10.txt > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content > is safe. > > > -----Original Message----- > > From: regext <regext-boun...@ietf.org> On Behalf Of Hollenbeck, Scott > > Sent: Tuesday, February 8, 2022 1:58 PM > > To: regext@ietf.org > > Subject: [EXTERNAL] Re: [regext] I-D Action: > > draft-ietf-regext-rdap-openid- 10.txt > > > > Caution: This email originated from outside the organization. Do not > > click links or open attachments unless you recognize the sender and > > know the content is safe. > > > > > -----Original Message----- > > > From: I-D-Announce <i-d-announce-boun...@ietf.org> On Behalf Of > > > internet-dra...@ietf.org > > > Sent: Tuesday, February 8, 2022 1:53 PM > > > To: i-d-annou...@ietf.org > > > Cc: regext@ietf.org > > > Subject: [EXTERNAL] I-D Action: draft-ietf-regext-rdap-openid-10.txt > > > > > > Caution: This email originated from outside the organization. Do not > > > click links or open attachments unless you recognize the sender and > > > know the content is safe. > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > > This draft is a work item of the Registration Protocols Extensions > > > WG of the IETF. > > > > > > Title : Federated Authentication for the Registration > > > Data Access > > > Protocol (RDAP) using OpenID Connect > > > Author : Scott Hollenbeck > > > Filename : draft-ietf-regext-rdap-openid-10.txt > > > Pages : 27 > > > Date : 2022-02-08 > > > > > > Abstract: > > > The Registration Data Access Protocol (RDAP) provides "RESTful" web > > > services to retrieve registration metadata from domain name and > > > regional internet registries. RDAP allows a server to make access > > > control decisions based on client identity, and as such it includes > > > support for client identification features provided by the Hypertext > > > Transfer Protocol (HTTP). Identification methods that require > > > clients to obtain and manage credentials from every RDAP server > > > operator present management challenges for both clients and servers, > > > whereas a federated authentication system would make it easier to > > > operate and use RDAP without the need to maintain server-specific > > > client credentials. This document describes a federated > > > authentication system for RDAP based on OpenID Connect. > > > > [SAH] Please review this, folks. It's been significantly modified > > since version - 09, replacing the token management queries with > > simpler login, logout, and session queries. This puts the draft in a > > much better position with respect to RDAP behaving like a web service, and > it simplifies client processing, too. > > [SAH] One thought for improvement: I just realized that the login query > returns the claims that describe the end user, but not the complete set of > information from the userinfo_endpoint. I missed that - it probably should.
[SAH] Belay that: I just did some testing with two OpenID Providers and can confirm that the user information is included in the set of claims. I think this is covered. Scott _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
