[oauth-ext-review] Request to register token_endpoint_auth_method value: client_mtls_certificate
Robache Hervé <herve.robache@stet.eu> Fri, 19 October 2018 14:03 UTC
Return-Path: <herve.robache@stet.eu>
X-Original-To: oauth-ext-review@ietfa.amsl.com
Delivered-To: oauth-ext-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4AF7130F1E for <oauth-ext-review@ietfa.amsl.com>; Fri, 19 Oct 2018 07:03:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.119
X-Spam-Level:
X-Spam-Status: No, score=-1.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5hbNFUbFPJQP for <oauth-ext-review@ietfa.amsl.com>; Fri, 19 Oct 2018 07:03:38 -0700 (PDT)
Received: from mx.stet.eu (mx.stet.eu [85.233.205.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33ED7130F36 for <oauth-ext-review@ietf.org>; Fri, 19 Oct 2018 07:03:37 -0700 (PDT)
Received: from mail.stet.eu ([10.17.2.21]) by mx.stet.eu with ESMTP id w9JE3Znh030928-w9JE3Znj030928 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=CAFAIL) for <oauth-ext-review@ietf.org>; Fri, 19 Oct 2018 16:03:35 +0200
Received: from STEMES002.steteu.corp (10.17.2.22) by STEMES001.steteu.corp (10.17.2.21) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 19 Oct 2018 16:03:34 +0200
Received: from STEMES002.steteu.corp ([fe80::2c90:ae4d:dccf:3201]) by STEMES002.steteu.corp ([fe80::2c90:ae4d:dccf:3201%14]) with mapi id 15.00.1395.000; Fri, 19 Oct 2018 16:03:35 +0200
From: Robache Hervé <herve.robache@stet.eu>
To: "oauth-ext-review@ietf.org" <oauth-ext-review@ietf.org>
Thread-Topic: Request to register token_endpoint_auth_method value: client_mtls_certificate
Thread-Index: AdRns7nmBLFLt9tpTrS4pAWOwp1dzw==
Date: Fri, 19 Oct 2018 14:03:35 +0000
Message-ID: <07ee643cff704b94b17cce5015ba8aa2@STEMES002.steteu.corp>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.17.2.170]
x-tm-as-product-ver: SMEX-12.0.0.1727-8.200.1013-24166.000
x-tm-as-result: No--19.485800-8.000000-31
x-tm-as-matchedid: 140026-140601-151186-151260-706543-709908-302008-121651-1 39704-780058-702154-701497-188899-701220-702248-113220-701884-111604-700362 -705718-700782-706817-702609-703321-188114-700345-851619-701827-700264-7024 97-700450-700732-701012-701306-834508-702638-700758-709859-708075-700019-70 1594-702791-106640-703707-704425-111605-700074-303242-188124-707997-102356- 702358-700079-703782-701741-139705-111610-701450-702057-700752-701143-70951 2-831360-703494-700499-701320-700802-705957-705313-700657-103300-700529-703 454-701246-101349-188093-160102-148035-20024-63
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: multipart/related; boundary="_005_07ee643cff704b94b17cce5015ba8aa2STEMES002steteucorp_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth-ext-review/SjmLlGcPpnDAfAhC26NDPuDf960>
Subject: [oauth-ext-review] Request to register token_endpoint_auth_method value: client_mtls_certificate
X-BeenThere: oauth-ext-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Review of proposed IANA registrations for OAuth." <oauth-ext-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth-ext-review/>
List-Post: <mailto:oauth-ext-review@ietf.org>
List-Help: <mailto:oauth-ext-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 14:03:45 -0000
Hello We provide specification for a API which respond to the European Payment Service Directive version 2 (PSD2). The use of this API is based on - Use of OAUTH2 tokens - Use of X.509 certificates for mutual authentication between the client and the server of the API - The use of MTLS (https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/) to link the two previous features Being interested about using RFC 7591, we asked ourselves which value of “token_endpoint_auth_method” could be used. Our guess is that none of the pre-registered value can be used in a MTLS context. So we would like to suggest the registration of “client_mtls_certificate” as a new value. Best regards Hervé ROBACHE Direction Marketing et Développement LIGNE DIRECTE T. +33(0)1 55 23 55 45 herve.robache@stet.eu<mailto:herve.robache@stet.eu> [cid:image003.png@01D14327.707582F0] STET (SIEGE SOCIAL) 100, Esplanade du Général de Gaulle Cœur Défense – Tour B 92932 La Défense cedex www.stet.eu<http://www.stet.eu/> Ce message et toutes les pièces jointes sont établis à l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, merci de le détruire ainsi que toute copie de votre système et d'en avertir immédiatement l'expéditeur. Toute lecture non autorisée, toute utilisation de ce message qui n'est pas conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer l'intégrité de ce message électronique susceptible d'altération, STET décline toute responsabilité au titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou falsifié. N'imprimez ce message que si nécessaire, pensez à l'environnement. This message and any attachments is intended solely for the intended addressees and is confidential. If you receive this message in error, or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender. Any unauthorized view, use that does not comply with its purpose, dissemination or disclosure, either whole or partial, is prohibited. Since the internet cannot guarantee the integrity of this message which may not be reliable, STET shall not be liable for the message if modified, changed or falsified. Do not print this message unless it is necessary, please consider the environment.
- [oauth-ext-review] Request to register token_endp… Robache Hervé
- Re: [oauth-ext-review] Request to register token_… Nat Sakimura