IETF Logo Mail Archive

Re: [OAUTH-WG] DPoP and client registration metadata

Brian Campbell <bcampbell@pingidentity.com> Tue, 26 October 2021 22:09 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92A73A18D1 for <oauth@ietfa.amsl.com>; Tue, 26 Oct 2021 15:09:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Do0MD0o5mvyF for <oauth@ietfa.amsl.com>; Tue, 26 Oct 2021 15:09:01 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D0B53A18C5 for <oauth@ietf.org>; Tue, 26 Oct 2021 15:09:01 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id u11so1911994lfs.1 for <oauth@ietf.org>; Tue, 26 Oct 2021 15:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6EYc5rPeBShZoON6yKjyh18hWb6MMq4IidjtSCh1XYE=; b=ezLaHXxWWO27ZO0o/fwhhhaHDO8l87zmTvMUeGilo+pL/IRXUIn2+OxP4+J8oCIcNP NvVbFla/LYGreTCCYM/oC0zxWK4vF1zDi3/uwMXw3vDAiXpv5OL52mA0r4L1qshrY73I SkPt/Rwjv7cZ2a6No5aKhdShtJlaT6iBQVAykJepl9zEa++3jc2Mh5819exNTvZ37iG0 gzimZexjJ7pV75C6lgxWoTLRUKLxj3/gGdTEFHWKorcsLo5GDAQ1W0u6s83VWVi3cs9a 9EGsKowsQog6WOIyImjMLuPI1Y4C4Tps93Quj3nEzRtPN6thLiXZUPofTznY6RWwcUgD E3eA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6EYc5rPeBShZoON6yKjyh18hWb6MMq4IidjtSCh1XYE=; b=i75yCqcuRjrxBodnrMpwucEecdLVC+IqBFNpaWuz+/t0u1rydNwEyyN1arQ/g1pCuB igoNBMwRtYEtbiMKn1BwokJyg8AQQ1x7NYqIWeRtE4B1oijIvtMlYlCAgPl+UvL93njc OIjjh8yQK0TRaC2VRavDezHQ/VREAsyKKcIXiY2pJDijREd56wVWAVbJfzB8KBEh1e3p MI8XizohkbD0bzOHet18aIc/7bQSpIJSsUrsicuqfvStfqwHCHRFA5wG7btwVdD735im U7jruVA43KbfsBJs+tXmVTqELzqOfEsnve7rZiAi+ICCpLMrqro9177KYBO1SreVCyqt Ex3w==
X-Gm-Message-State: AOAM531UDgIjDq+RHV87N1IOb+hBPNvHmkcZpapdWsxHNKOSyO/eoF5H VpwrRmleAY82/5VRtTY8f4ezDJOnEV6s+4ZIgXmAu7RUVnpexhlkQbIwbESYXWpsjUx6Lpv5EAg /Fa3sbjjfsV0Ay3hBX4a2Cg==
X-Google-Smtp-Source: ABdhPJzCIIpABJRZHl1Em/QN1K4sdZGqNNMtIN3QtVR821yzuUIOHIXd6YV6i4dmkCNRlfDa8NPthBy5nwspe+h6n0g=
X-Received: by 2002:a05:6512:1591:: with SMTP id bp17mr18342139lfb.362.1635286137516; Tue, 26 Oct 2021 15:08:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAOtx8DkFrDBk==_4Yr8JFiNmPSQkhMnVDk09RGhz_Kb52gMMtA@mail.gmail.com>
In-Reply-To: <CAOtx8DkFrDBk==_4Yr8JFiNmPSQkhMnVDk09RGhz_Kb52gMMtA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 26 Oct 2021 16:08:31 -0600
Message-ID: <CA+k3eCSG0-bjJRsVrgAtVocvRBpwY+7fBxr=WPAYdUBd25g=pQ@mail.gmail.com>
To: Dmitry Telegin <dmitryt=40backbase.com@dmarc.ietf.org>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005555a405cf48b973"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6YI7fYrCNZX-PFeGfgLocOJ3mWI>
Subject: Re: [OAUTH-WG] DPoP and client registration metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 22:09:06 -0000

There are no plans to introduce client registration metadata for DPoP - the
requirement to use DPoP is more of a property of a resource so I don't
think registration metadata for a client fits very well.


On Tue, Oct 26, 2021 at 8:53 AM Dmitry Telegin <dmitryt=
40backbase.com@dmarc.ietf.org> wrote:

> For dynamically registered clients, there is currently no way to indicate
> the intention to use DPoP. Hence, it's completely up to the AS whether to
> enforce DPoP or not on such clients (for example, using client registration
> policies).
>
> Seems like there is no common approach here; for example, RFC 8705 (OAuth
> 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens)
> does define client registration metadata (see section 9.5), whilst RFC 7636
> (PKCE) does not. I guess this is due to PKCE being initially conceived as a
> feature that would become mandatory in OAuth 2.1.
>
> Are there any plans to introduce client registration metadata for DPoP?
>
> Regards,
> Dmitry
> Backbase
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email