Re: [OAUTH-WG] carrying oauth authorisation without HTTP

Wed, 29 Apr 2020 09:46:18 -0700 

It depends on what protocol you’re using on the socket connection between the 
client (the home router) and the RS/AS. You’ll need :someplace: to put the 
access token. RFC6750 and RFC8705 are explicitly about HTTP so you can’t use 
them directly, but other work (like that done in the ACE group with OSCORE) map 
the OAuth concepts to different underlying protocols.

 — Justin

> On Apr 28, 2020, at 10:13 PM, Daniel Migault <mglt....@gmail.com> wrote:
> 
> Hi,
> 
> I am completely new to oauth and would like to solicit the WG for advice.
> 
> We are working on the Home Router outsourcing a service in the homenet WG and 
> we are wondering how oauth could be used to improve automation.
> 
> Our scenario is represented in the figure below:
> 
> 1.  The end user connected to the web interface of the Home Router  
> 2. The Home Router redirects the End User to the service provider where the 
> end user register for that service ( AS ).
> 3. The AS providing an authorisation token carried to the RS via the Home 
> Router to the RS.
> 
> The session between the Home router and the RS in our case is not using HTTP 
> but is using TLS. We are wondering if there is a way to carry an 
> authorisation token over a non HTTP session and if RFC8705 "OAuth 2.0 
> Mutual-TLS Client Authentication and Certificate-Bound Access Tokens" heads 
> in to this direction.
> 
> I am happy to hear any feed back or comments!
> 
> Yours,
> Daniel
> 
> 
>       HTTPS            +-----------+
>    +------------------>|    AS     |<--------------+
>    |                   |           |               |
>    v                   +-----------+               v
> +-------------+ HTTPS  +-----------+    TLS    +---------+
> | User        |<------>|Home Router|<--------->|   RS    |
> |(Web Browser)|        |           |           |         |
> +-------------+        +-----------+           +---------+
> 
> -- 
> Daniel Migault
> Ericsson
> 8400 boulevard Decarie
> Montreal, QC   H4P 2N2
> Canada
> 
> Phone: +1 514-452-2160
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to