There is also https://tools.ietf.org/html/rfc7628
> On 29 Apr 2020, at 17:45, Justin Richer <jric...@mit.edu> wrote: > > It depends on what protocol you’re using on the socket connection between > the client (the home router) and the RS/AS. You’ll need :someplace: to put > the access token. RFC6750 and RFC8705 are explicitly about HTTP so you can’t > use them directly, but other work (like that done in the ACE group with > OSCORE) map the OAuth concepts to different underlying protocols. > > — Justin > >> On Apr 28, 2020, at 10:13 PM, Daniel Migault <mglt....@gmail.com> wrote: >> >> Hi, >> >> I am completely new to oauth and would like to solicit the WG for advice. >> >> We are working on the Home Router outsourcing a service in the homenet WG >> and we are wondering how oauth could be used to improve automation. >> >> Our scenario is represented in the figure below: >> >> 1. The end user connected to the web interface of the Home Router >> 2. The Home Router redirects the End User to the service provider where the >> end user register for that service ( AS ). >> 3. The AS providing an authorisation token carried to the RS via the Home >> Router to the RS. >> >> The session between the Home router and the RS in our case is not using HTTP >> but is using TLS. We are wondering if there is a way to carry an >> authorisation token over a non HTTP session and if RFC8705 "OAuth 2.0 >> Mutual-TLS Client Authentication and Certificate-Bound Access Tokens" heads >> in to this direction. >> >> I am happy to hear any feed back or comments! >> >> Yours, >> Daniel >> >> >> HTTPS +-----------+ >> +------------------>| AS |<--------------+ >> | | | | >> v +-----------+ v >> +-------------+ HTTPS +-----------+ TLS +---------+ >> | User |<------>|Home Router|<--------->| RS | >> |(Web Browser)| | | | | >> +-------------+ +-----------+ +---------+ >> >> -- >> Daniel Migault >> Ericsson >> 8400 boulevard Decarie >> Montreal, QC H4P 2N2 >> Canada >> >> Phone: +1 514-452-2160 >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth