The cert / token binding is a significant upgrade on the previous version, and I hope it will become an official WG item.
I also see that the comments about which certificate fields to use to identify the client were addressed, this is important for interop. Thanks for the great work, Vladimir On 31/03/17 00:15, Brian Campbell wrote: > This document, which I hope to present and discuss briefly at tomorrow's > meeting, replaces (but keeps the feature) the Mutual TLS Authentication for > OAuth Clients > <https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00> that > was published leading up to the Seoul meeting > <https://www.ietf.org/mail-archive/web/oauth/current/msg16704.html> and > adds mutual TLS sender constrained access to OAuth protected resources. The > concept for the latter was largely derived from one of the options in the > JPOP draft <https://tools.ietf.org/html/draft-sakimura-oauth-jpop-04>. I > apologize for the 11th hour publication but hope some folks will have a > chance to read it. > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: Thu, Mar 30, 2017 at 3:49 PM > Subject: New Version Notification for draft-campbell-oauth-mtls-00.txt > To: Brian Campbell <[email protected]>, Nat Sakimura < > [email protected]>, Torsten Lodderstedt <[email protected]>, John > Bradley <[email protected]> > > > > A new version of I-D, draft-campbell-oauth-mtls-00.txt > has been successfully submitted by Brian Campbell and posted to the > IETF repository. > > Name: draft-campbell-oauth-mtls > Revision: 00 > Title: Mutual TLS Profiles for OAuth Clients > Document date: 2017-03-30 > Group: Individual Submission > Pages: 10 > URL: https://www.ietf.org/internet-drafts/draft-campbell-oauth-mt > ls-00.txt > Status: https://datatracker.ietf.org/doc/draft-campbell-oauth-mtls/ > Htmlized: https://tools.ietf.org/html/draft-campbell-oauth-mtls-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-campbell-oauth- > mtls-00 > > > Abstract: > This document describes Transport Layer Security (TLS) mutual > authentication using X.509 certificates as a mechanism for both OAuth > client authentication to the token endpoint as well as for sender > constrained access to OAuth protected resources. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth -- Vladimir Dzhuvinov :: [email protected]
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
