Re: [oauth-ext-review] Request to register token_endpoint_auth_method value: client_mtls_certificate
Nat Sakimura <nat@sakimura.org> Fri, 19 October 2018 17:10 UTC
Return-Path: <nat@sakimura.org>
X-Original-To: oauth-ext-review@ietfa.amsl.com
Delivered-To: oauth-ext-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8129B131012 for <oauth-ext-review@ietfa.amsl.com>; Fri, 19 Oct 2018 10:10:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WO9Nptjg2sg for <oauth-ext-review@ietfa.amsl.com>; Fri, 19 Oct 2018 10:10:33 -0700 (PDT)
Received: from www.sakimura.org (www.sakimura.org [52.69.28.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5807613100D for <oauth-ext-review@ietf.org>; Fri, 19 Oct 2018 10:10:33 -0700 (PDT)
Received: from [192.168.1.15] ([::ffff:39.111.85.236]) (AUTH: LOGIN nat, SSL: TLSv1/SSLv3,256bits,AES256-SHA) by www.sakimura.org with ESMTPSA; Fri, 19 Oct 2018 17:16:23 +0000 id 00000000000B86C7.000000005BCA1169.00006720
In-Reply-To: <07ee643cff704b94b17cce5015ba8aa2@STEMES002.steteu.corp>
References: <07ee643cff704b94b17cce5015ba8aa2@STEMES002.steteu.corp>
X-Referenced-Uid: 45967
Thread-Topic: Request to register token_endpoint_auth_method value: client_mtls_certificate
User-Agent: Android
X-Is-Generated-Message-Id: true
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----WTU1G5MR3GKL5M1MLL9GZ7LRGZDK8L"
Content-Transfer-Encoding: 7bit
From: Nat Sakimura <nat@sakimura.org>
Date: Sat, 20 Oct 2018 02:10:30 +0900
To: Robache Hervé <herve.robache@stet.eu>
CC: oauth-ext-review@ietf.org
Message-ID: <fb16a602-64c4-454c-a5f2-5bda0c3d9aca@sakimura.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth-ext-review/tzVx1sKUuWXOdpbNd9VR-oF_bjI>
Subject: Re: [oauth-ext-review] Request to register token_endpoint_auth_method value: client_mtls_certificate
X-BeenThere: oauth-ext-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Review of proposed IANA registrations for OAuth." <oauth-ext-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth-ext-review/>
List-Post: <mailto:oauth-ext-review@ietf.org>
List-Help: <mailto:oauth-ext-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 17:10:46 -0000
Hi Hervé, The MTLS draft has this: 6.3. Token Endpoint Authentication Method Registration This specification requests registration of the following value in the IANA "OAuth Token Endpoint Authentication Methods" registry [IANA.OAuth.Parameters] established by [RFC7591]. o Token Endpoint Authentication Method Name: "tls_client_auth" o Change Controller: IESG o Specification Document(s): Section 2.1.1 of [[ this specification ]] It is going to be registered when this draft become an RFC. Did you want something else? Best, Nat Sakimura 2018年10月19日 23:09、23:09、"Robache Hervé" <herve.robache@stet.eu> のメッセージ: >Hello > >We provide specification for a API which respond to the European >Payment Service Directive version 2 (PSD2). > >The use of this API is based on > >- Use of OAUTH2 tokens > >- Use of X.509 certificates for mutual authentication between >the client and the server of the API > >- The use of MTLS >(https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/) to link the >two previous features > >Being interested about using RFC 7591, we asked ourselves which value >of “token_endpoint_auth_method” could be used. Our guess is that none >of the pre-registered value can be used in a MTLS context. > >So we would like to suggest the registration of >“client_mtls_certificate” as a new value. > >Best regards > >Hervé ROBACHE >Direction Marketing et Développement > >LIGNE DIRECTE >T. +33(0)1 55 23 55 45 >herve.robache@stet.eu<mailto:herve.robache@stet.eu> > > > > > > >[cid:image003.png@01D14327.707582F0] > >STET (SIEGE SOCIAL) >100, Esplanade du Général de Gaulle >Cœur Défense – Tour B >92932 La Défense cedex > >www.stet.eu<http://www.stet.eu/> > > > >Ce message et toutes les pièces jointes sont établis à l'intention >exclusive de ses destinataires et sont confidentiels. >Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, >merci de le détruire ainsi que toute copie de votre système et d'en >avertir immédiatement l'expéditeur. >Toute lecture non autorisée, toute utilisation de ce message qui n'est >pas conforme à sa destination, toute diffusion ou toute publication, >totale ou partielle, est interdite. >L'Internet ne permettant pas d'assurer l'intégrité de ce message >électronique susceptible d'altération, STET décline toute >responsabilité au titre de ce message dans l'hypothèse où il aurait été >modifié, déformé ou falsifié. >N'imprimez ce message que si nécessaire, pensez à l'environnement. > >This message and any attachments is intended solely for the intended >addressees and is confidential. >If you receive this message in error, or are not the intended >recipient(s), please delete it and any copies from your systems and >immediately notify the sender. >Any unauthorized view, use that does not comply with its purpose, >dissemination or disclosure, either whole or partial, is prohibited. >Since the internet cannot guarantee the integrity of this message which >may not be reliable, STET shall not be liable for the message if >modified, changed or falsified. >Do not print this message unless it is necessary, please consider the >environment. > > >------------------------------------------------------------------------ > >_______________________________________________ >oauth-ext-review mailing list >oauth-ext-review@ietf.org >https://www.ietf.org/mailman/listinfo/oauth-ext-review
- [oauth-ext-review] Request to register token_endp… Robache Hervé
- Re: [oauth-ext-review] Request to register token_… Nat Sakimura