Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-03.txt

2017-08-04 Thread John Bradley
Having the whole certificate to compare may be easier in some environments that trying to directly compare the public keys. I believe most environments make the cert from TLS available to the app comparing that to the one retrieved from the x5c element is relatively strait forward. When compar

Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-03.txt

2017-08-04 Thread Brian Campbell
His argument (best I can articulate anyway) is that there may be difficulties or gotchas in some cases in doing a comparison of the public key from the client cert to the public key from a JWK. Where the comparison or the client cert directly to the cert from x5c in a JWK would be more straightforw

Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-03.txt

2017-08-04 Thread Vladimir Dzhuvinov
What are the potential uses of the x5c parameter? Vladimir On 04/08/17 21:13, Brian Campbell wrote: > Just wanted to note that, in an off-list exchange, John has pushed back on > the idea to potentially drop mention of using x5c. > > On Wed, Aug 2, 2017 at 9:29 AM, Brian Campbell > wrote: > >>

Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-03.txt

2017-08-04 Thread Brian Campbell
Just wanted to note that, in an off-list exchange, John has pushed back on the idea to potentially drop mention of using x5c. On Wed, Aug 2, 2017 at 9:29 AM, Brian Campbell wrote: > Thanks for the review, Vladimir. > > The text about which you have questions was written by Torsten (credit or > b

[OAUTH-WG] Protocol Action: 'OAuth 2.0 for Native Apps' to Best Current Practice (draft-ietf-oauth-native-apps-12.txt)

2017-08-04 Thread The IESG
The IESG has approved the following document: - 'OAuth 2.0 for Native Apps' (draft-ietf-oauth-native-apps-12.txt) as Best Current Practice This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of th

Re: [OAUTH-WG] [token-exchange] exchanging between issuers/domains

2017-08-04 Thread Denis
Phil, My comments are in-line too. inline... Phil Oracle Corporation, Identity Cloud Services Architect & Standards @independentid www.independentid.com phil.h...@oracle.com On Aug 1, 2017, at 12:56 PM, Denis