I'm pleased to announce that a new draft of "Mutual TLS Profile for OAuth 2.0" has been published. The changes, based on feedback and discussion on this list over the last two months, are listed below.
draft-ietf-oauth-mtls-04 <https://tools.ietf.org/html/draft-ietf-oauth-mtls-04> o Change the name of the 'Public Key method' to the more accurate 'Self-Signed Certificate method' and also change the associated authentication method metadata value to "self_signed_tls_client_auth". o Removed the "tls_client_auth_root_dn" client metadata field as discussed in https://mailarchive.ietf.org/arch/msg/oauth/ <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc> swDV2y0be6o8czGKQi1eJV-g8qc <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc> o Update draft-ietf-oauth-discovery <https://tools.ietf.org/html/draft-ietf-oauth-discovery> reference to -07 o Clarify that MTLS client authentication isn't exclusive to the token endpoint and can be used with other endpoints, e.g. RFC <https://tools.ietf.org/html/rfc7009> 7009 <https://tools.ietf.org/html/rfc7009> revocation and 7662 introspection, that utilize client authentication as discussed in https://mailarchive.ietf.org/arch/msg/oauth/ <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI> bZ6mft0G7D3ccebhOxnEYUv4puI <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI> o Reorganize the document somewhat in an attempt to more clearly make a distinction between mTLS client authentication and certificate bound access tokens as well as a more clear delineation between the two (PKI/Public key) methods for client authentication o Editorial fixes and clarifications ---------- Forwarded message ---------- From: <internet-dra...@ietf.org> Date: Thu, Oct 12, 2017 at 3:50 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-04.txt To: i-d-annou...@ietf.org Cc: oauth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : Mutual TLS Profile for OAuth 2.0 Authors : Brian Campbell John Bradley Nat Sakimura Torsten Lodderstedt Filename : draft-ietf-oauth-mtls-04.txt Pages : 18 Date : 2017-10-12 Abstract: This document describes Transport Layer Security (TLS) mutual authentication using X.509 certificates as a mechanism for OAuth client authentication to the authorization sever as well as for certificate bound sender constrained access tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-mtls-04 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth