Superb! Thanks for putting down everything that was discussed. I read the new version and have zero comments about it.
Will sender-constrained access tokens also work in a token exchange scenario? (draft-ietf-oauth-token-exchange-09) Vladimir On 13/10/17 01:07, Brian Campbell wrote: > I'm pleased to announce that a new draft of "Mutual TLS Profile for OAuth > 2.0" has been published. The changes, based on feedback and discussion on > this list over the last two months, are listed below. > > draft-ietf-oauth-mtls-04 > <https://tools.ietf.org/html/draft-ietf-oauth-mtls-04> > > o Change the name of the 'Public Key method' to the more accurate > 'Self-Signed Certificate method' and also change the associated > authentication method metadata value to > "self_signed_tls_client_auth". > o Removed the "tls_client_auth_root_dn" client metadata field as > discussed in https://mailarchive.ietf.org/arch/msg/oauth/ > <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc> > swDV2y0be6o8czGKQi1eJV-g8qc > <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc> > o Update draft-ietf-oauth-discovery > <https://tools.ietf.org/html/draft-ietf-oauth-discovery> reference to > -07 > o Clarify that MTLS client authentication isn't exclusive to the > token endpoint and can be used with other endpoints, e.g. RFC > <https://tools.ietf.org/html/rfc7009> > 7009 <https://tools.ietf.org/html/rfc7009> revocation and 7662 > introspection, that utilize client > authentication as discussed in > https://mailarchive.ietf.org/arch/msg/oauth/ > <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI> > bZ6mft0G7D3ccebhOxnEYUv4puI > <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI> > o Reorganize the document somewhat in an attempt to more clearly > make a distinction between mTLS client authentication and > certificate bound access tokens as well as a more clear > delineation between the two (PKI/Public key) methods for client > authentication > o Editorial fixes and clarifications > > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: Thu, Oct 12, 2017 at 3:50 PM > Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-04.txt > To: [email protected] > Cc: [email protected] > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol WG of the IETF. > > Title : Mutual TLS Profile for OAuth 2.0 > Authors : Brian Campbell > John Bradley > Nat Sakimura > Torsten Lodderstedt > Filename : draft-ietf-oauth-mtls-04.txt > Pages : 18 > Date : 2017-10-12 > > Abstract: > This document describes Transport Layer Security (TLS) mutual > authentication using X.509 certificates as a mechanism for OAuth > client authentication to the authorization sever as well as for > certificate bound sender constrained access tokens. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-oauth-mtls-04 > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-04 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
