OAuth 2.0 includes the ability to authorize a class of clients known as "confidential clients" in a machine-to-machine manner using the "Client Credentials Grant". The grant is described here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4 A description of confidential and public clients can be found here: https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 Note that this requires some sort of prior arrangement between the client and, in our case, an RDAP server, such that the client can be authenticated by an Authorization Server without explicitly identifying, authenticating, and authorizing the specific human users who might be using the client. For example, the client might have a password that's been assigned by the RDAP server operator. The federated authentication draft doesn't currently include anything to support this type of grant. Should it? Is there an RDAP use case for which this would be useful? Scott _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
