+1 From: Openid-specs-fapi <openid-specs-fapi-boun...@lists.openid.net<mailto:openid-specs-fapi-boun...@lists.openid.net>> on behalf of John Bradley via Openid-specs-fapi <openid-specs-f...@lists.openid.net<mailto:openid-specs-f...@lists.openid.net>> Reply-To: John Bradley <ve7...@ve7jtb.com<mailto:ve7...@ve7jtb.com>>, Financial API Working Group List <openid-specs-f...@lists.openid.net<mailto:openid-specs-f...@lists.openid.net>> Date: Monday, October 10, 2016 at 1:59 PM To: OAuth WG <oauth@ietf.org<mailto:oauth@ietf.org>> Cc: Nat Sakimura via Openid-specs-fapi <openid-specs-f...@lists.openid.net<mailto:openid-specs-f...@lists.openid.net>> Subject: [Openid-specs-fapi] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt
At the request of the OpenID Foundation Financial Services API Working group, Brian Campbell and I have documented mutual TLS client authentication. This is something that lots of people do in practice though we have never had a spec for it. The Banks want to use it for some server to server API use cases being driven by new open banking regulation. The largest thing in the draft is the IANA registration of "tls_client_auth" Token Endpoint authentication method for use in Registration and discovery. The trust model is intentionally left open so that you could use a "common name" and a restricted list of CA or a direct lookup of the subject public key against a reregistered value, or something in between. I hope that this is non controversial and the WG can adopt it quickly. Regards John B. Begin forwarded message: From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> Subject: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt Date: October 10, 2016 at 5:44:39 PM GMT-3 To: "Brian Campbell" <brian.d.campb...@gmail.com<mailto:brian.d.campb...@gmail.com>>, "John Bradley" <ve7...@ve7jtb.com<mailto:ve7...@ve7jtb.com>> A new version of I-D, draft-campbell-oauth-tls-client-auth-00.txt has been successfully submitted by John Bradley and posted to the IETF repository. Name: draft-campbell-oauth-tls-client-auth Revision: 00 Title: Mutual X.509 Transport Layer Security (TLS) Authentication for OAuth Clients Document date: 2016-10-10 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-campbell-oauth-tls-client-auth-00.txt<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_internet-2Ddrafts_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00.txt&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=260YDXh2PcZARRiXTxOl8pc5v0ziWSLzLiG9CI0OOlI&e=> Status: https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth_&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=NOkb8avw2ZN74wW-gLDbuZfXskqV9xRqyYvV5Fg18_Y&e=> Htmlized: https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dcampbell-2Doauth-2Dtls-2Dclient-2Dauth-2D00&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=9z770xRpUnNkMOo9UDUj5gYGUZXwQljipKvN0VfMC74&e=> Abstract: This document describes X.509 certificates as OAuth client credentials using Transport Layer Security (TLS) mutual authentication as a mechanism for client authentication to the authorization server's token endpoint. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<https://urldefense.proofpoint.com/v2/url?u=http-3A__tools.ietf.org&d=DQMFaQ&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=BjnOFeRZMwPBZLm00SguJm4i4lt0O13oAeF-9EZheL8&m=y0V-Som1RDD_XSON16geiVwizJHHdigmrpofDystITA&s=kqP8TZStoJyWhk2OJiXgoNTWIsNvNH5qgGX7QBWBHWA&e=>. The IETF Secretariat
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
