It appears to me what you're trying to achieve is binding an IdP to an ACME client. EAB can bind an ACME account key to *something*, this could well be an IdP.
As the ACME request is then signed with the account key that in turn binds the request to the account in your IdP. ------------------------------ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Mon, 2 Dec 2024 at 10:11, Xialiang(Frank, IP Security Standard) < [email protected]> wrote: > Hi Q, > My point is not a conclusion, is just an observation/fact from current > ACME standards, like you gave me the reference "7.3.4 of RFC8555". If I am > wrong, please tell me. > > If you think EAB can do more, I am very happy to know more details~~ > > B.R. > Frank > > -----邮件原件----- > 发件人: Q Misell <[email protected]> > 发送时间: 2024年12月2日 17:02 > 收件人: Xialiang(Frank, IP Security Standard) <frank.xialiang= > [email protected]> > 抄送: Richard Barnes <[email protected]>; Aaron Gable <[email protected]>; > Mike Ounsworth <[email protected]>; IETF ACME <[email protected]>; > [email protected] > 主题: Re: [Acme] 回复: Re: 回复: [EXTERNAL] Re: Introducting a new draft about > adding a new ACME challenge type: public key challgenge > > I don't see why EAB can't be used to link to an identity - perhaps you > could elaborate? > ------------------------------ > > Any statements contained in this email are personal to the author and are > not necessarily the statements of the company unless specifically stated. > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, > Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company > registered in Wales under № 12417574 < > https://find-and-update.company-information.service.gov.uk/company/12417574 > >, > LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 < > https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU > VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru > maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca > Digital, is a company registered in Estonia under № 16755226. Estonian VAT > №: EE102625532. Glauca Digital and the Glauca logo are registered > trademarks in the UK, under № UK00003718474 and № UK00003718468, > respectively. > > > On Mon, 2 Dec 2024 at 03:12, Xialiang(Frank, IP Security Standard) > <[email protected]> wrote: > > > No, my point is ACME EAB is only about account authenticity, but not > > about identity and certificate. > > > > > > > > *发件人:* Q Misell <[email protected]> > > *发送时间:* 2024年11月29日 23:07 > > *收件人:* Xialiang(Frank, IP Security Standard) > > <[email protected]> > > *抄送:* Richard Barnes <[email protected]>; Aaron Gable > > <[email protected]>; Mike Ounsworth <[email protected]>; > > IETF ACME <[email protected]>; [email protected] > > *主题:* Re: [Acme] 回复: Re: 回复: [EXTERNAL] Re: Introducting a new draft > > about adding a new ACME challenge type: public key challgenge > > > > > > > > ACME EAB actually has no restrictions on its use. It might be used to > > link to a financial account for billing purposes, or could be used to > > link to an identity account as you desire. > > ------------------------------ > > > > Any statements contained in this email are personal to the author and > > are not necessarily the statements of the company unless specifically > stated. > > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan > > Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a > > company registered in Wales under № 12417574 > > <https://find-and-update.company-information.service.gov.uk/company/12 > > 417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 > > <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. > > EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at > > Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, > > trading as Glauca Digital, is a company registered in Estonia under № > > 16755226. Estonian VAT > > №: EE102625532. Glauca Digital and the Glauca logo are registered > > trademarks in the UK, under № UK00003718474 and № UK00003718468, > > respectively. > > > > > > > > > > > > On Thu, 28 Nov 2024 at 03:31, Xialiang(Frank, IP Security Standard) > > <[email protected]> wrote: > > > > Hi Q, > > > > Thanks for your pointing out the reference, I have read this section > > and found that it (external account binding) is another thing about > > account authenticity and performed in the ACME “Account Management” > > phase, different from what our draft proposed about public key > > authenticity and performed in the “Identifier Validation Challenges” > phase >
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
