Hi,
I am completely new to oauth and would like to solicit the WG for advice.
We are working on the Home Router outsourcing a service in the homenet WG
and we are wondering how oauth could be used to improve automation.
Our scenario is represented in the figure below:
1. The end user connected to the web interface of the Home Router
2. The Home Router redirects the End User to the service provider where the
end user register for that service ( AS ).
3. The AS providing an authorisation token carried to the RS via the Home
Router to the RS.
The session between the Home router and the RS in our case is not using
HTTP but is using TLS. We are wondering if there is a way to carry an
authorisation token over a non HTTP session and if RFC8705 "OAuth 2.0
Mutual-TLS Client Authentication and Certificate-Bound Access Tokens" heads
in to this direction.
I am happy to hear any feed back or comments!
Yours,
Daniel
HTTPS +-----------+
+------------------>| AS |<--------------+
| | | |
v +-----------+ v
+-------------+ HTTPS +-----------+ TLS +---------+
| User |<------>|Home Router|<--------->| RS |
|(Web Browser)| | | | |
+-------------+ +-----------+ +---------+
--
Daniel Migault
Ericsson
8400 boulevard Decarie
Montreal, QC H4P 2N2
Canada
Phone: +1 514-452-2160
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
