[OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt
John Bradley <ve7jtb@ve7jtb.com> Mon, 10 October 2016 20:59 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DD47129777 for <oauth@ietfa.amsl.com>; Mon, 10 Oct 2016 13:59:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ve7jtb-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9npgzCGxqg5V for <oauth@ietfa.amsl.com>; Mon, 10 Oct 2016 13:59:55 -0700 (PDT)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E94B1129759 for <oauth@ietf.org>; Mon, 10 Oct 2016 13:59:54 -0700 (PDT)
Received: by mail-pa0-x231.google.com with SMTP id vu5so1161545pab.0 for <oauth@ietf.org>; Mon, 10 Oct 2016 13:59:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:references:cc:to; bh=KObyPjdQL8y2aMRBC6Zo9Tfgb1NhRlUx/KQFYCZKHwU=; b=g1zb5lK0llMUpXcdVtYpduFwJOY2zNq2nABElwn6yvG/pnYcr0fyImzP/hnEJrwSzc ry4chgWfezfGoqLTrdM7ciau7YkkoJ9V00IFFnxz6zMKsGfaOzyC1ipgvEFoMab/Tl58 yweAQZMlJm0LwFFd4ajw4qKu5UxY60mYrqI80zgucILT/12r+fJcnCuJTdici/nuEnNv //5ps7vF0nUXeALftEXRgVCBcJBBOkEcmEvnpmcvkNjCQCvk6AgiFPyfInndro9/ZTYi YyJdz/lFtJyvl92qua/tl5jmPM8KEt4bIUTIKb0eO7Wg53zJSzuavvIGfcslKVIzhL7v PbYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :references:cc:to; bh=KObyPjdQL8y2aMRBC6Zo9Tfgb1NhRlUx/KQFYCZKHwU=; b=mQ2B7paQnSLkFKViTwr5jDRBy0Wx8xN9QnVpXYwx9PJbkUUOxbOidAHcOPnUIAesUi BTTpHBkVUFAv9YCbQTsHpcZ+UCAd/FWbwkRLReVqCraftxO5Snw8iNeNYebjSlp8WNug D932w4aU9XArZxmN/yPejR2fBceK4WYywaGRe+WbLkvBqspu3yOdQOl/Eoq+i4WkTcAq N6N+oJHZJ7SuSk2jQCQXbvMBesnt/XCsTICuQ0f13poNcbpW81wIJzFV0DsKu3tYloQP N9HVCaRqDlpIvrCZXZvRufJ/U5DmarlPEHJ97Z2n5NjiRef7U5A0XUDIoIrpI99lAdtZ gCJw==
X-Gm-Message-State: AA6/9RnVBv/aXRUfu7Dkd39SDosSMxCPGRmrbBAWoZhoCkki1VHuqEx+DrVAkD3L2bsDDG5U
X-Received: by 10.67.7.39 with SMTP id cz7mr404718pad.20.1476133194151; Mon, 10 Oct 2016 13:59:54 -0700 (PDT)
Received: from [192.168.1.34] ([191.115.164.79]) by smtp.gmail.com with ESMTPSA id e6sm579560pfb.57.2016.10.10.13.59.51 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 10 Oct 2016 13:59:52 -0700 (PDT)
From: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CAAAADA8-3BF2-4E41-B6C7-15DED7A43769"
Message-Id: <9CDE07EB-E5B4-43B2-B3C1-F12569CAB458@ve7jtb.com>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Date: Mon, 10 Oct 2016 17:59:49 -0300
References: <147613227959.31428.2920748721017165266.idtracker@ietfa.amsl.com>
To: OAuth WG <oauth@ietf.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UuZH4Rgf3eRGvMyuylFO7d186pw>
Cc: Nat Sakimura via Openid-specs-fapi <openid-specs-fapi@lists.openid.net>
Subject: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 20:59:57 -0000
At the request of the OpenID Foundation Financial Services API Working group, Brian Campbell and I have documented mutual TLS client authentication. This is something that lots of people do in practice though we have never had a spec for it. The Banks want to use it for some server to server API use cases being driven by new open banking regulation. The largest thing in the draft is the IANA registration of “tls_client_auth” Token Endpoint authentication method for use in Registration and discovery. The trust model is intentionally left open so that you could use a “common name” and a restricted list of CA or a direct lookup of the subject public key against a reregistered value, or something in between. I hope that this is non controversial and the WG can adopt it quickly. Regards John B. > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-campbell-oauth-tls-client-auth-00.txt > Date: October 10, 2016 at 5:44:39 PM GMT-3 > To: "Brian Campbell" <brian.d.campbell@gmail.com>, "John Bradley" <ve7jtb@ve7jtb.com> > > > A new version of I-D, draft-campbell-oauth-tls-client-auth-00.txt > has been successfully submitted by John Bradley and posted to the > IETF repository. > > Name: draft-campbell-oauth-tls-client-auth > Revision: 00 > Title: Mutual X.509 Transport Layer Security (TLS) Authentication for OAuth Clients > Document date: 2016-10-10 > Group: Individual Submission > Pages: 5 > URL: https://www.ietf.org/internet-drafts/draft-campbell-oauth-tls-client-auth-00.txt > Status: https://datatracker.ietf.org/doc/draft-campbell-oauth-tls-client-auth/ > Htmlized: https://tools.ietf.org/html/draft-campbell-oauth-tls-client-auth-00 > > > Abstract: > This document describes X.509 certificates as OAuth client > credentials using Transport Layer Security (TLS) mutual > authentication as a mechanism for client authentication to the > authorization server's token endpoint. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat >
- [OAUTH-WG] Fwd: New Version Notification for draf… John Bradley
- Re: [OAUTH-WG] [Openid-specs-fapi] Fwd: New Versi… Preibisch, Sascha H
- Re: [OAUTH-WG] Fwd: New Version Notification for … Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: New Version Notification for … Samuel Erdtman
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Samuel Erdtman
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Justin Richer
- Re: [OAUTH-WG] Fwd: New Version Notification for … Jim Manico
- Re: [OAUTH-WG] Fwd: New Version Notification for … Justin Richer
- Re: [OAUTH-WG] Fwd: New Version Notification for … Jim Manico
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer
- Re: [OAUTH-WG] New Version Notification for draft… Jim Manico
- Re: [OAUTH-WG] New Version Notification for draft… Samuel Erdtman
- Re: [OAUTH-WG] New Version Notification for draft… Sergey Beryozkin
- Re: [OAUTH-WG] New Version Notification for draft… Jim Manico
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… John Bradley
- Re: [OAUTH-WG] New Version Notification for draft… Phil Hunt (IDM)
- Re: [OAUTH-WG] New Version Notification for draft… Samuel Erdtman
- Re: [OAUTH-WG] New Version Notification for draft… Phil Hunt (IDM)
- Re: [OAUTH-WG] New Version Notification for draft… Vladimir Dzhuvinov
- Re: [OAUTH-WG] New Version Notification for draft… Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Samuel Erdtman
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Samuel Erdtman
- Re: [OAUTH-WG] Fwd: New Version Notification for … Samuel Erdtman
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Justin Richer
- Re: [OAUTH-WG] Fwd: New Version Notification for … Samuel Erdtman
- Re: [OAUTH-WG] New Version Notification for draft… Samuel Erdtman
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Samuel Erdtman
- Re: [OAUTH-WG] New Version Notification for draft… Jim Manico