This works for me:
> As such, I'd suggest removing the credentialed concept entirely and using
> sec 2.4, as appropriate or needed, to discuss the subtleties of the various
> ways clients establish themselves with an AS and the implications to the
> amount of trust that can be placed therein.
I
I guess it is fair to say that when we are talking about credentialed
clients, we are targeting native apps that after getting installed use a
ceremony (probably using Dynamic client registration) to establish a
credential for that specific instance on AS. Do you foresee other use cases?
Back to
Looking/searching through
https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-04.html and all the
occurrences of "credentialed" outside of sec 2.4 and the text I was
complaining about previously are treating confidential and credentialed the
same. I.e. "If the client is confidential or
It may not be exactly the same issue Warren but it's definitely related.
"whether an AS knows about the client" is related to what Brian pointed out
about the AS identifying the client, which comes back to what I said
originally about how credentialed is currently defined in two parts:
a) Clients
I'm not sure this is exactly the issue, but I also found the naming of
*credentialed
client* to be confusing. It would seem to me we have an enum whose values
do not form an orthonormal basis. In other words, whether or not a client
is credentialed is independent from whether an AS knows about the
Hi Brian,
I'm all for pivoting, as long as the original concerns raised are addressed
or even acknowledged, but since they weren't, here is the original message
again in its entirety.
Cheers,
Ash
===
Referring to the latest draft (
https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-04.html)
> On Oct 11, 2021, at 11:52 AM, Dick Hardt wrote:
>
>
> Thanks for the feedback Brian. We have struggled in how to concisely describe
> credentialed clients.
>
> "identifying a client" can be interpreted a number of ways.
>
> The intent is that the AS knows a credentialed client is the
I understand that struggle and honestly really have no idea how to phrase
it better. Maybe using words more like what you just described as the
intent? And/or discuss this at the interim. Or... that particular bit of
text could maybe just be removed... maybe?
To me "identifying a client" evoked
Thanks for the feedback Brian. We have struggled in how to concisely
describe credentialed clients.
"identifying a client" can be interpreted a number of ways.
The intent is that the AS knows a credentialed client is the same client it
previously interacted with, but that the AS can not assume
Credentialed clients might be worthwhile item for the interim. I think I
sorta get what the credentialed clients distinction is trying to do but the
way it manifests in the draft is somewhat bewildering. One example I've
struggled to make sense of is the following text from
10 matches
Mail list logo