Hi Carsten, OAuth defined something called "Dynamic Client Registration", which gives you an idea what type of information is typically needed. Here is the RFC: https://tools.ietf.org/html/rfc7591
Regarding "initial integration of a device into a network only" isn't this sometimes called "network access authentication"? In any case, I agree with you that we should add some text about what information is assumed to be present. Ciao Hannes -----Original Message----- From: Carsten Bormann [mailto:c...@tzi.org] Sent: 20 February 2018 19:05 To: Hannes Tschofenig Cc: Michael Richardson; Ludwig Seitz; ace@ietf.org Subject: Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark On Feb 20, 2018, at 08:43, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > > IMHO the biggest problem with "onboarding" is that people create new terms > without specifying what they actually mean and thereby fail to see the > relationship with existing work. Right. I have no idea what client registration has to do with “onboarding”, but I use that term for the initial integration of a device into a network only. I continue to believe that we need a clear understanding of what information is exchanged during client registration that is relevant to the ACE OAuth. There definitely will also be other information (“business logic”, and you can call the exchange of that part of the registration info “onboarding” if you like), and that is where the vendor differentiation can set in, but we should have no trouble defining the ACE content of client registration. If we don’t define that ACE content, there is no way to know whether ACE OAuth is secure. Defining the ACE content of the client registration as a set of data structures also helps with achieving actual interoperability, even if additional business logic is required in a specific case. Grüße, Carsten IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
