Superb! Thanks for putting down everything that was discussed. I read
the new version and have zero comments about it.

Will sender-constrained access tokens also work in a token exchange
scenario?

(draft-ietf-oauth-token-exchange-09)

Vladimir


On 13/10/17 01:07, Brian Campbell wrote:
> I'm pleased to announce that a new draft of "Mutual TLS Profile for OAuth
> 2.0" has been published. The changes, based on feedback and discussion on
> this list over the last two months, are listed below.
>
>    draft-ietf-oauth-mtls-04
> <https://tools.ietf.org/html/draft-ietf-oauth-mtls-04>
>
>    o  Change the name of the 'Public Key method' to the more accurate
>       'Self-Signed Certificate method' and also change the associated
>       authentication method metadata value to
>       "self_signed_tls_client_auth".
>    o  Removed the "tls_client_auth_root_dn" client metadata field as
>       discussed in https://mailarchive.ietf.org/arch/msg/oauth/
> <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc>
>       swDV2y0be6o8czGKQi1eJV-g8qc
> <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc>
>    o  Update draft-ietf-oauth-discovery
> <https://tools.ietf.org/html/draft-ietf-oauth-discovery> reference to
> -07
>    o  Clarify that MTLS client authentication isn't exclusive to the
>       token endpoint and can be used with other endpoints, e.g.  RFC
> <https://tools.ietf.org/html/rfc7009>
>       7009 <https://tools.ietf.org/html/rfc7009> revocation and 7662
> introspection, that utilize client
>       authentication as discussed in
>       https://mailarchive.ietf.org/arch/msg/oauth/
> <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI>
>       bZ6mft0G7D3ccebhOxnEYUv4puI
> <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI>
>    o  Reorganize the document somewhat in an attempt to more clearly
>       make a distinction between mTLS client authentication and
>       certificate bound access tokens as well as a more clear
>       delineation between the two (PKI/Public key) methods for client
>       authentication
>    o  Editorial fixes and clarifications
>
>
> ---------- Forwarded message ----------
> From: <[email protected]>
> Date: Thu, Oct 12, 2017 at 3:50 PM
> Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-04.txt
> To: [email protected]
> Cc: [email protected]
>
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Web Authorization Protocol WG of the IETF.
>
>         Title           : Mutual TLS Profile for OAuth 2.0
>         Authors         : Brian Campbell
>                           John Bradley
>                           Nat Sakimura
>                           Torsten Lodderstedt
>         Filename        : draft-ietf-oauth-mtls-04.txt
>         Pages           : 18
>         Date            : 2017-10-12
>
> Abstract:
>    This document describes Transport Layer Security (TLS) mutual
>    authentication using X.509 certificates as a mechanism for OAuth
>    client authentication to the authorization sever as well as for
>    certificate bound sender constrained access tokens.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-oauth-mtls-04
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-04
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-04
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to