[OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol
"Sahler, Frank" <frank.sahler@datev.de> Tue, 14 May 2019 17:30 UTC
Return-Path: <frank.sahler@datev.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E83712013F for <oauth@ietfa.amsl.com>; Tue, 14 May 2019 10:30:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=datev.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwBmoJgPBgt0 for <oauth@ietfa.amsl.com>; Tue, 14 May 2019 10:30:23 -0700 (PDT)
Received: from idvmailout04.datev.com (idvmailout04.datev.com [IPv6:2a00:e50:f155:7:5b23:6636:dabd:e882]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124CC1200B1 for <oauth@ietf.org>; Tue, 14 May 2019 10:30:22 -0700 (PDT)
Received: from biem02.services.datev.de (idvmailproxy02v1.services.datev.de [10.252.82.156]) by idvmailout04.datev.com (Postfix) with ESMTP id 453PpK0zdyzK8Yk for <oauth@ietf.org>; Tue, 14 May 2019 19:30:16 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datev.de; s=Vxdd; t=1557855016; x=1562855016; bh=zV01zU+IVEZBFoGY6lnHT6aLznatTBBIYj9Zl3kWpuQ=; h=From:To:Subject:Date:Message-ID:Content-Type:from:reply-to: subject:date:to:cc:content-type:message-id; b=AsF2j+WGc2bUVQRA2srX4S9wB8NE5wqdA08F8uHEDADlEulio02Qu1VG7TLhiqKw8 DGwpzQ4u3+b4/RqFowLH6Sw3kmLp5f6eIut+vHp9BzxauXVxF2UyuuEvgqdfV2c6mk yv/tQNwJFr4zFWO6vdSPhsLxH7AH7B7sW+Xvs3e3kWaiZ/YSsscHZ0SeRxVrUXsvcB nXIB73ei00Dn/Ji80wARObe6vK9DWda6h8Wu+mgKlwOiUx19ENduXQyU2GYPZitTzm mRdrGjqmbrQMZy0XRCZFtEngufcl2Lc8Bo+9XHx5n0P2fRbkkgWedENU8jarewVtD1 K5nmDcojuYOwA==
X-Virus-Scanned: amavisd-new-2.11.0 on idvmailproxy02.services.datev.de
Received: from WEXCSB009.bk.datev.de (9.40.130.10.in-addr.arpa [10.130.40.9]) by biem02.services.datev.de (Postfix) with ESMTP id 453PpH51KPz28Gh for <oauth@ietf.org>; Tue, 14 May 2019 19:30:15 +0200 (CEST)
Received: from WEXCSB010.bk.datev.de (10.130.40.10) by WEXCSB009.bk.datev.de (10.130.40.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Tue, 14 May 2019 19:30:15 +0200
Received: from WEXCSB010.bk.datev.de ([10.130.40.10]) by WEXCSB010.bk.datev.de ([10.130.40.10]) with mapi id 15.01.1713.006; Tue, 14 May 2019 19:30:15 +0200
From: "Sahler, Frank" <frank.sahler@datev.de>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol
Thread-Index: AdUKeoGh7sk3MCGsRg6qQGZqNy3Qaw==
Date: Tue, 14 May 2019 17:30:14 +0000
Message-ID: <8fe77fc8247e4eebb835b0f59bd4671e@datev.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
versandeinstellungen: Signieren=True; Verschluesseln=False; Konvertieren=True; EnglischerDisclaimer=False
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="=-_DvNextPart_0006_6F92F0C2.22E2D10A"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/DP8wbWvfzhS-P6URd3WOfrGBjBg>
Subject: [OAUTH-WG] Query on RFC 7591 - dynamic client registration protocol
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 May 2019 17:30:26 -0000
Hello, I read in the dynamic client registration documentation of the company curity (https://developer.curity.io/tutorials/dynamic-client-registration-overview) that they use the scope "dcr" in the authorization request to get an initial access token i.e. a bearer token that only allows access to the registration endpoint. Is this also from your point of view a feasible way to initiate the client registration? Unfortunately the specification says nothing about how to get the token and how its purpose is limited to the registration endpoint. These two points are "out of scope for this specification". Regards Frank Sahler Security Consultant DATEV eG, Nuremberg, Germany ________________________________ Signatur Diese E-Mail wurde mit einem Zertifikat der DATEV eG signiert. Damit k?nnen Sie sicher sein, dass die Nachricht so von uns gesendet wurde. Wenn Sie eine Meldung erhalten, dass die Signatur ung?ltig ist oder nicht gepr?ft werden kann, fehlt das Zertifikat zu dieser Signatur auf Ihrem Rechner. Informationen zu Zertifikaten und zur digitalen Signatur finden Sie unter https://www.datev.de/zertifikate im Internet. ________________________________ DATEV eG 90329 N?rnberg Telefon +49 911 319-0 E-Mail: info@datev.de Internet: https://www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstra?e 6-14 Registergericht N?rnberg, GenReg Nr. 70 Vorstand Dr. Robert Mayr (Vorsitzender) Eckhard Schwarzer (stellv. Vorsitzender) Julia Bangerth Prof. Dr. Peter Krug Diana Windmei?er Vorsitzender des Aufsichtsrates: Nicolas Hofmann
- [OAUTH-WG] Query on RFC 7591 - dynamic client reg… Sahler, Frank
- Re: [OAUTH-WG] Query on RFC 7591 - dynamic client… Justin Richer
- Re: [OAUTH-WG] Query on RFC 7591 - dynamic client… Sahler, Frank
- Re: [OAUTH-WG] Query on RFC 7591 - dynamic client… Phil Hunt