Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

I don’t believe this is the spec to define TLS header forwarding standards in. — Justin > On Mar 30, 2018, at 2:03 PM, Vivek Biswas wrote: > > There are additional challenges which we have faced. > > A. Most of the Mutual SSL communication as mentioned below

Re: [OAUTH-WG] What Does Logout Mean?

It sounds like you're asking the OP to provide client-side session management as a service. There may be value in standardizing that, but I think it goes beyond what Backchannel Logout is intended to do. -- Annabelle Richard Backman Amazon – Identity Services On 3/30/18, 10:42 AM, "Bill

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

There are additional challenges which we have faced.   A.  Most of the Mutual SSL communication as mentioned below terminates at the LBR and the LBR needs to have client certificates to trust the client. But lot of times the connection from LBR to Authorization server may be non-SSL.  

Re: [OAUTH-WG] What Does Logout Mean?

On Fri, Mar 30, 2018 at 12:57 PM, Richard Backman, Annabelle wrote: > > FWIW, our OP implementation allows RPs to register their node specific > logout endpoints at boot. This request is authenticated via client > authentication. We also extended code to token request to