I don't see how the four-corner model solves the issue that I highlighted. If the client does not have a key for any local AS, then nothing helps. The four-corner model deals with the issue of the client and the RS not trusting the same AS, but the different AS entities trust each other on the back side.
Getting trust in a local AS seems to be a bootstrapping problem. Jim -----Original Message----- From: Carsten Bormann <c...@tzi.org> Sent: Monday, May 4, 2020 10:38 PM To: Jim Schaad <i...@augustcellars.com> Cc: Benjamin Kaduk <ka...@mit.edu>; Olaf Bergmann <bergm...@tzi.org>; Peter van der Stok <stokc...@bbhmail.nl>; peter van der Stok <consulta...@vanderstok.org>; Ace <ace@ietf.org> Subject: Re: [Ace] draft-ietf-ace-oauth-authz On 2020-05-05, at 06:54, Jim Schaad <i...@augustcellars.com> wrote: > > I have much the same problem. While a client could find an AS which > would authenticate the client, I don't know how the client would > establish any degree of trust in the AS which is going to give it tokens. Hence the four-corner model [1]. Grüße, Carsten [1]: https://tools.ietf.org/html/draft-ietf-ace-actors _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace