[OAUTH-WG] DPoP followup III: client auth

Brian Campbell <bcampbell@pingidentity.com> Wed, 02 December 2020 22:29 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3DD3A159F for <oauth@ietfa.amsl.com>; Wed, 2 Dec 2020 14:29:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.479
X-Spam-Level:
X-Spam-Status: No, score=-0.479 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_02=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBYjtdPh2vnD for <oauth@ietfa.amsl.com>; Wed, 2 Dec 2020 14:29:30 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B1D93A15CE for <oauth@ietf.org>; Wed, 2 Dec 2020 14:29:29 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id z21so7187751lfe.12 for <oauth@ietf.org>; Wed, 02 Dec 2020 14:29:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=a4SsyenOgFCMHv4oL4WnxKwqgVCEzzdRNHOo7NX5Kuk=; b=c5Gpc+KQF0Xv9GcKRSvpVPD/qb1SIR4F3psII+mqyJ9KRF90k1kxvgzEmVrgvK3MCt EcZgFSjVrX7UbCnmINEJF+8JbN220SkeQ0Vrd9NSgQ5D6tHCakD76n2O4KDbeDVFf7xG BaFV0MB4J7fr5EBI9/LOEqIi976tvyDHHRSFP1NPBAPKdmRrScrb82AuEK5dO2Bhe+AB cp+NcvqCJq7p0IRaSpvnSB7mV26ZOfEmIICFI3WNjJXXxk5jBq7oO8UVOFRWRHRn/TEO czPX+tc0fIaTohgYTy1LBwLa7P6FpFODzOR1hAyaXBvyTSVIIcUiwOiUCK6HO+EBMuTD ejMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=a4SsyenOgFCMHv4oL4WnxKwqgVCEzzdRNHOo7NX5Kuk=; b=KyseysEGmhX2otjQrehJsp1tmegpF+9oJbWjGeGUnp6Y760PCeKQsUWAq/q2jBdoM+ Wrnyie5SFfP49KajquvgmWFQM/zVZ4sU8M0mEpHZEYVDHp6uDH1CdnQLOGCTrXyG+CwI xc3tsoD+3M1VeLvLDY4egVyKxiu4eomlI9L6d5buJdpDq/ADx0tRdFD6IGYnLJmAWl8I 0bhL2a8w0PLWDpNSul9PFLaVmQnqEdeifOA05JE8V9nN6b0paHuJd1NRP577NuUPeUXe 9y7NCuT4yljdr6PhO/Ennudj9rRj7yeCNF0tuLNr1IS5iGGQP0HzDmFKFgHpFuCE8U5H fhnA==
X-Gm-Message-State: AOAM532Yk0gZGL4h63C4PE2CoPt2MnMBfk8dTvGRp4BvNT2hyD5rhQuz ueiNF35O5tePiGuoYM5a4fWiANmd3Kjh7qOgxlNtcSvdx8TRW7CaQu78/VMx45PPeFZT20E0iNe Lm4e8E9qHXT5OzTUmLaI=
X-Google-Smtp-Source: ABdhPJxNSNMYVgNYVnd2iaySqh2lB26Zb3snUwK5bGNtpgulwiTnPXWnncLL2nKHocdM6RWPNYOnwYyQRyaW91wmUZ0=
X-Received: by 2002:a19:642:: with SMTP id 63mr102297lfg.181.1606948166891; Wed, 02 Dec 2020 14:29:26 -0800 (PST)
MIME-Version: 1.0
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 02 Dec 2020 15:29:00 -0700
Message-ID: <CA+k3eCQjCjbcHxmTFn_Ce1aQ-gn31mAXNp9PGp7d6mXkfyDWPA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/related; boundary="000000000000a93fa605b582c690"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/BuTJyBl4-yn07gOLSMCdpyzIRY0>
Subject: [OAUTH-WG] DPoP followup III: client auth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 22:29:39 -0000

There were a few items discussed somewhat during the recent interim
<https://datatracker.ietf.org/meeting/interim-2020-oauth-16/session/oauth>
that I committed to bringing back to the list. The slide below (also
available with a few extra spelling errors as slide #19 from the interim
presentation
<https://datatracker.ietf.org/meeting/interim-2020-oauth-16/materials/slides-interim-2020-oauth-16-sessa-dpop-01.pdf>)
is the last of them.

To summarize, I'm wondering if there's WG interest in working to formalize
a client-to-AS authentication mechanism based on DPoP. I think it
potentially would be problematic to put into the current document (for a
number of reasons) so am preemptively ruling out that option. Thus,
basically, I'm asking the WG if there is some/much interest in the idea? In
which case I'll find some time (at some point) to write up an I-D for it
and bring that back to the group for consideration. Or if I should, as the
slide says, "shut up and never speak of this again"?

[image: Slide19.jpeg]

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._