Thanks for the feed back. So in our case the communication between the Home router and the RS is DNS over TLS, so no HTTP, CoAP. We do not have hard constraint over the protocol being used between the Home Router and the AS. Currently there is no such communication.
One possible solution would be to have the Home Router using a mutual TLS authentication to provide its certificate which is then passed to the RS. Yours, Daniel On Wed, Apr 29, 2020 at 12:45 PM Justin Richer <[email protected]> wrote: > It depends on what protocol you’re using on the socket connection between > the client (the home router) and the RS/AS. You’ll need :someplace: to put > the access token. RFC6750 and RFC8705 are explicitly about HTTP so you > can’t use them directly, but other work (like that done in the ACE group > with OSCORE) map the OAuth concepts to different underlying protocols. > > — Justin > > On Apr 28, 2020, at 10:13 PM, Daniel Migault <[email protected]> wrote: > > Hi, > > I am completely new to oauth and would like to solicit the WG for advice. > > We are working on the Home Router outsourcing a service in the homenet WG > and we are wondering how oauth could be used to improve automation. > > Our scenario is represented in the figure below: > > 1. The end user connected to the web interface of the Home Router > 2. The Home Router redirects the End User to the service provider where > the end user register for that service ( AS ). > 3. The AS providing an authorisation token carried to the RS via the Home > Router to the RS. > > The session between the Home router and the RS in our case is not using > HTTP but is using TLS. We are wondering if there is a way to carry an > authorisation token over a non HTTP session and if RFC8705 "OAuth 2.0 > Mutual-TLS Client Authentication and Certificate-Bound Access Tokens" heads > in to this direction. > > I am happy to hear any feed back or comments! > > Yours, > Daniel > > > HTTPS +-----------+ > +------------------>| AS |<--------------+ > | | | | > v +-----------+ v > +-------------+ HTTPS +-----------+ TLS +---------+ > | User |<------>|Home Router|<--------->| RS | > |(Web Browser)| | | | | > +-------------+ +-----------+ +---------+ > > -- > Daniel Migault > Ericsson > 8400 boulevard Decarie > Montreal, QC H4P 2N2 > Canada > > Phone: +1 514-452-2160 > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- Daniel Migault Ericsson
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
