IETF Logo Mail Archive

Re: [OAUTH-WG] Question regarding RFC 7592

Travis Spencer <travis.spencer@curity.io> Fri, 13 September 2019 13:18 UTC

Return-Path: <travis.spencer@curity.io>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A347120801 for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 06:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=curity-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJuDgye03iLu for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 06:18:26 -0700 (PDT)
Received: from mail-yw1-xc43.google.com (mail-yw1-xc43.google.com [IPv6:2607:f8b0:4864:20::c43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C336120052 for <oauth@ietf.org>; Fri, 13 Sep 2019 06:18:26 -0700 (PDT)
Received: by mail-yw1-xc43.google.com with SMTP id u187so10393995ywa.11 for <oauth@ietf.org>; Fri, 13 Sep 2019 06:18:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=curity-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OLgau+GUafaWNhx0lrJNSXNzg0R5paIrutm1moa4OEk=; b=bljf6d9YnMWeOXFWeqqbqUawkzg+3e/DdN3Ye46vRbBac2Ph9CP9nWLtJNdt5i0BXs 8lkVnJgKGmEjLgcqBkc3fdFq5M4u7R8pAeCo+y2h0V7g3zhkskdLRTPP5v8gu5oqKj6N DUjrwCY4X4+ZE+dLl8kLVy2of3nFQWNpLHnn/JytJ/MR4010BoA1qLzBQrRvZsNMj80u uK4d7sQ3BvimLlvDX1BKjnlQAXgnKmMH6jod5wZzlme9YnJN41IgjSZXwydRc67ORvWV UVrAQ2Qj9wrQSFpYgGubcN30O+d/Snv0dqisNYl8mot4nKXKVWbWXtZDJrrK+SY9zIx5 bMzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OLgau+GUafaWNhx0lrJNSXNzg0R5paIrutm1moa4OEk=; b=lW8t72fG8cueVYD8QiLnA/zMg0VmTTR2nR006Q7U6l02szb8vRZtoOnE10DP6L6mu0 Kgo6oBeChfDOKzsw3ijY3oxr5xHepuTxmlc8cng4tQdXfmB4qeXDWYTdpQIbgL+4dyTc VuVlNNymVkGTwuoLi2roF8oXEawhRY3V5YSJAuVOZYlZFDo2AXLLhPQOgr0EN2dbeONH fjG4RC5yyUEpMqlmCc5DVzyW+V4MFFJuciFDLZpJptPbKl6vABfl1H6GIWtV5HQFGIR4 eWYjjXv31dx1vQs6jBgggoSWOC1NRdtiBoUhlzdin4FR1puUmwO5NOmpya6+M+tD5kNW hMkA==
X-Gm-Message-State: APjAAAUJwQdxNILPlVu/BXumAgOrQCDFJUWt7xG321TzPxAyIvjmrb1g nd+Hbfpc9Xo4pzxi2WmBGyo9R91lythw9rbrLEzm3w==
X-Google-Smtp-Source: APXvYqyPnTSe7GCies/jBQW9+UqpErv1QuKmbUVqCwZxLCiC3XNicSdI3op3YAPTxvaIaalofLgqyDBZFY+yZ3lNUhw=
X-Received: by 2002:a81:7811:: with SMTP id t17mr33629641ywc.273.1568380704269; Fri, 13 Sep 2019 06:18:24 -0700 (PDT)
MIME-Version: 1.0
References: <ae35a0f3b9f74618add918d9339be753@STEMES002.steteu.corp> <CAEKOcs3EtjLHRaRmpCa_GrpuXtqVMWHrmH0oPBB-b+2yzhKHaw@mail.gmail.com> <db205bcad6ac495bb558e2b6181ba546@STEMES002.steteu.corp>
In-Reply-To: <db205bcad6ac495bb558e2b6181ba546@STEMES002.steteu.corp>
From: Travis Spencer <travis.spencer@curity.io>
Date: Fri, 13 Sep 2019 15:18:12 +0200
Message-ID: <CAEKOcs1ZmnjJ=DXjG2yvAOwy3jbAnGaXQLEK0TeU0qD7p88Z0A@mail.gmail.com>
To: Robache Hervé <herve.robache@stet.eu>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/related; boundary="000000000000c0734205926f166b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/LInMSn5C9uyPc1vPAoJtD-CVrg8>
Subject: Re: [OAUTH-WG] Question regarding RFC 7592
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 13:18:29 -0000

Ya, this part is confusing. I didn't get it at first either.

The response to registration using RFC 7591 (authenticated with an initial
token or not) typically includes a registration access token; this metadata
isn't defined in RFC 7591 but discussed in section 1.3; that spec leaves
the metadata out of scope. It is, however, profiled in section 3.2 of OIDC
DCR (see registration_access_token in section 3.2 available at
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse).
With this, the client can update its registration according to RFC 7592
(DCRM). When it does so, the AS will typically return a new registration
token with each reply. This update process is described in section 5 of
DCRM.

On Fri, Sep 13, 2019 at 2:23 PM Robache Hervé <herve.robache@stet.eu> wrote:

> Thanks Travis
>
>
>
> I understand that, once the client has retrieved its [client_id] through
> RFC7591 initial registration, it is then able to ask for an access token
> that will be used for accessing the RFC7592 entry-points. Am I right?
>
>
>
> Best regards
>
>
>
> Hervé
>
>
>
> *De :* Travis Spencer [mailto:travis.spencer@curity.io]
> *Envoyé :* ven. 13 13:30
> *À :* Robache Hervé
> *Cc :* oauth@ietf.org
> *Objet :* Re: [OAUTH-WG] Question regarding RFC 7592
>
>
>
> No. The initial access token is issued by the AS when registration is
> protected (appendix 1.2 in RFC 7591). As stated in section 1.2, the method
> and means by which this is obtained can vary. The registration access token
> in RFC 7592 is used to protect the registration management API and allow
> updates to the client after it is registered. You might have one (the
> registration access token) but not the other (initial access token) when
> open registration is allowed (appendix 1.1 in RFC 7591).
>
>
>
> HTH!
>
>
>
> On Fri, Sep 13, 2019 at 7:37 AM Robache Hervé <herve.robache@stet.eu>
> wrote:
>
> Hi
>
>
>
> RFC 7592 introduces a « Registration Access Token ». Are this token and
> the way to get it similar to what is specified as “Initial Access Token” in
> RFC 7591/Appendix A ?
>
>
>
> If so, can the Open Dynamic Client Registration (RFC7591/A.1.1) be
> extrapolated to RFC7592 as the same way?
>
>
>
> Thanks in advance for your clarification.
>
>
>
> Hervé ROBACHE
>
> Direction Marketing et Développement
>
>
>
> LIGNE DIRECTE
>
> T. +33(0)1 55 23 55 45
>
> herve.robache@stet.eu
>
>
>
>
>
>
>
>
> [image: cid:image003.png@01D14327.707582F0]
>
>
>
> STET (SIEGE SOCIAL)
>
> 100, Esplanade du Général de Gaulle
>
> Cœur Défense – Tour B
>
> 92932 La Défense cedex
>
>
>
> www.stet.eu
>
>
>
>
>
> Ce message et toutes les pièces jointes sont établis à l'intention
> exclusive de ses destinataires et sont confidentiels.
> Si vous recevez ce message par erreur ou s'il ne vous est pas destiné,
> merci de le détruire ainsi que toute copie de votre système et d'en avertir
> immédiatement l'expéditeur.
> Toute lecture non autorisée, toute utilisation de ce message qui n'est pas
> conforme à sa destination, toute diffusion ou toute publication, totale ou
> partielle, est interdite.
> L'Internet ne permettant pas d'assurer l'intégrité de ce message
> électronique susceptible d'altération, STET décline toute responsabilité au
> titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou
> falsifié.
> N'imprimez ce message que si nécessaire, pensez à l'environnement.
>
> This message and any attachments is intended solely for the intended
> addressees and is confidential.
> If you receive this message in error, or are not the intended
> recipient(s), please delete it and any copies from your systems and
> immediately notify the sender.
> Any unauthorized view, use that does not comply with its purpose,
> dissemination or disclosure, either whole or partial, is prohibited.
> Since the internet cannot guarantee the integrity of this message which
> may not be reliable, STET shall not be liable for the message if modified,
> changed or falsified.
> Do not print this message unless it is necessary, please consider the
> environment.
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> Ce message et toutes les pièces jointes sont établis à l'intention
> exclusive de ses destinataires et sont confidentiels.
> Si vous recevez ce message par erreur ou s'il ne vous est pas destiné,
> merci de le détruire ainsi que toute copie de votre système et d'en avertir
> immédiatement l'expéditeur.
> Toute lecture non autorisée, toute utilisation de ce message qui n'est pas
> conforme à sa destination, toute diffusion ou toute publication, totale ou
> partielle, est interdite.
> L'Internet ne permettant pas d'assurer l'intégrité de ce message
> électronique susceptible d'altération, STET décline toute responsabilité au
> titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou
> falsifié.
> N'imprimez ce message que si nécessaire, pensez à l'environnement.
>
> This message and any attachments is intended solely for the intended
> addressees and is confidential.
> If you receive this message in error, or are not the intended
> recipient(s), please delete it and any copies from your systems and
> immediately notify the sender.
> Any unauthorized view, use that does not comply with its purpose,
> dissemination or disclosure, either whole or partial, is prohibited.
> Since the internet cannot guarantee the integrity of this message which
> may not be reliable, STET shall not be liable for the message if modified,
> changed or falsified.
> Do not print this message unless it is necessary, please consider the
> environment.
>

v2.23.0 | Report a Bug | By Email