I don't see how the four-corner model solves the issue that I highlighted. If the client does not have a key for any local AS, then nothing helps. The four-corner model deals with the issue of the client and the RS not trusting the same AS, but the different AS entities trust each other on the back side.
Getting trust in a local AS seems to be a bootstrapping problem. Jim -----Original Message----- From: Carsten Bormann <[email protected]> Sent: Monday, May 4, 2020 10:38 PM To: Jim Schaad <[email protected]> Cc: Benjamin Kaduk <[email protected]>; Olaf Bergmann <[email protected]>; Peter van der Stok <[email protected]>; peter van der Stok <[email protected]>; Ace <[email protected]> Subject: Re: [Ace] draft-ietf-ace-oauth-authz On 2020-05-05, at 06:54, Jim Schaad <[email protected]> wrote: > > I have much the same problem. While a client could find an AS which > would authenticate the client, I don't know how the client would > establish any degree of trust in the AS which is going to give it tokens. Hence the four-corner model [1]. Grüße, Carsten [1]: https://tools.ietf.org/html/draft-ietf-ace-actors _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
