Re: [OAUTH-WG] Question regarding RFC 7592
Travis Spencer <travis.spencer@curity.io> Fri, 13 September 2019 13:18 UTC
Return-Path: <travis.spencer@curity.io>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A347120801 for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 06:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=curity-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJuDgye03iLu for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 06:18:26 -0700 (PDT)
Received: from mail-yw1-xc43.google.com (mail-yw1-xc43.google.com [IPv6:2607:f8b0:4864:20::c43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C336120052 for <oauth@ietf.org>; Fri, 13 Sep 2019 06:18:26 -0700 (PDT)
Received: by mail-yw1-xc43.google.com with SMTP id u187so10393995ywa.11 for <oauth@ietf.org>; Fri, 13 Sep 2019 06:18:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=curity-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OLgau+GUafaWNhx0lrJNSXNzg0R5paIrutm1moa4OEk=; b=bljf6d9YnMWeOXFWeqqbqUawkzg+3e/DdN3Ye46vRbBac2Ph9CP9nWLtJNdt5i0BXs 8lkVnJgKGmEjLgcqBkc3fdFq5M4u7R8pAeCo+y2h0V7g3zhkskdLRTPP5v8gu5oqKj6N DUjrwCY4X4+ZE+dLl8kLVy2of3nFQWNpLHnn/JytJ/MR4010BoA1qLzBQrRvZsNMj80u uK4d7sQ3BvimLlvDX1BKjnlQAXgnKmMH6jod5wZzlme9YnJN41IgjSZXwydRc67ORvWV UVrAQ2Qj9wrQSFpYgGubcN30O+d/Snv0dqisNYl8mot4nKXKVWbWXtZDJrrK+SY9zIx5 bMzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OLgau+GUafaWNhx0lrJNSXNzg0R5paIrutm1moa4OEk=; b=lW8t72fG8cueVYD8QiLnA/zMg0VmTTR2nR006Q7U6l02szb8vRZtoOnE10DP6L6mu0 Kgo6oBeChfDOKzsw3ijY3oxr5xHepuTxmlc8cng4tQdXfmB4qeXDWYTdpQIbgL+4dyTc VuVlNNymVkGTwuoLi2roF8oXEawhRY3V5YSJAuVOZYlZFDo2AXLLhPQOgr0EN2dbeONH fjG4RC5yyUEpMqlmCc5DVzyW+V4MFFJuciFDLZpJptPbKl6vABfl1H6GIWtV5HQFGIR4 eWYjjXv31dx1vQs6jBgggoSWOC1NRdtiBoUhlzdin4FR1puUmwO5NOmpya6+M+tD5kNW hMkA==
X-Gm-Message-State: APjAAAUJwQdxNILPlVu/BXumAgOrQCDFJUWt7xG321TzPxAyIvjmrb1g nd+Hbfpc9Xo4pzxi2WmBGyo9R91lythw9rbrLEzm3w==
X-Google-Smtp-Source: APXvYqyPnTSe7GCies/jBQW9+UqpErv1QuKmbUVqCwZxLCiC3XNicSdI3op3YAPTxvaIaalofLgqyDBZFY+yZ3lNUhw=
X-Received: by 2002:a81:7811:: with SMTP id t17mr33629641ywc.273.1568380704269; Fri, 13 Sep 2019 06:18:24 -0700 (PDT)
MIME-Version: 1.0
References: <ae35a0f3b9f74618add918d9339be753@STEMES002.steteu.corp> <CAEKOcs3EtjLHRaRmpCa_GrpuXtqVMWHrmH0oPBB-b+2yzhKHaw@mail.gmail.com> <db205bcad6ac495bb558e2b6181ba546@STEMES002.steteu.corp>
In-Reply-To: <db205bcad6ac495bb558e2b6181ba546@STEMES002.steteu.corp>
From: Travis Spencer <travis.spencer@curity.io>
Date: Fri, 13 Sep 2019 15:18:12 +0200
Message-ID: <CAEKOcs1ZmnjJ=DXjG2yvAOwy3jbAnGaXQLEK0TeU0qD7p88Z0A@mail.gmail.com>
To: Robache Hervé <herve.robache@stet.eu>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/related; boundary="000000000000c0734205926f166b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/LInMSn5C9uyPc1vPAoJtD-CVrg8>
Subject: Re: [OAUTH-WG] Question regarding RFC 7592
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 13:18:29 -0000
Ya, this part is confusing. I didn't get it at first either. The response to registration using RFC 7591 (authenticated with an initial token or not) typically includes a registration access token; this metadata isn't defined in RFC 7591 but discussed in section 1.3; that spec leaves the metadata out of scope. It is, however, profiled in section 3.2 of OIDC DCR (see registration_access_token in section 3.2 available at https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse). With this, the client can update its registration according to RFC 7592 (DCRM). When it does so, the AS will typically return a new registration token with each reply. This update process is described in section 5 of DCRM. On Fri, Sep 13, 2019 at 2:23 PM Robache Hervé <herve.robache@stet.eu> wrote: > Thanks Travis > > > > I understand that, once the client has retrieved its [client_id] through > RFC7591 initial registration, it is then able to ask for an access token > that will be used for accessing the RFC7592 entry-points. Am I right? > > > > Best regards > > > > Hervé > > > > *De :* Travis Spencer [mailto:travis.spencer@curity.io] > *Envoyé :* ven. 13 13:30 > *À :* Robache Hervé > *Cc :* oauth@ietf.org > *Objet :* Re: [OAUTH-WG] Question regarding RFC 7592 > > > > No. The initial access token is issued by the AS when registration is > protected (appendix 1.2 in RFC 7591). As stated in section 1.2, the method > and means by which this is obtained can vary. The registration access token > in RFC 7592 is used to protect the registration management API and allow > updates to the client after it is registered. You might have one (the > registration access token) but not the other (initial access token) when > open registration is allowed (appendix 1.1 in RFC 7591). > > > > HTH! > > > > On Fri, Sep 13, 2019 at 7:37 AM Robache Hervé <herve.robache@stet.eu> > wrote: > > Hi > > > > RFC 7592 introduces a « Registration Access Token ». Are this token and > the way to get it similar to what is specified as “Initial Access Token” in > RFC 7591/Appendix A ? > > > > If so, can the Open Dynamic Client Registration (RFC7591/A.1.1) be > extrapolated to RFC7592 as the same way? > > > > Thanks in advance for your clarification. > > > > Hervé ROBACHE > > Direction Marketing et Développement > > > > LIGNE DIRECTE > > T. +33(0)1 55 23 55 45 > > herve.robache@stet.eu > > > > > > > > > [image: cid:image003.png@01D14327.707582F0] > > > > STET (SIEGE SOCIAL) > > 100, Esplanade du Général de Gaulle > > Cœur Défense – Tour B > > 92932 La Défense cedex > > > > www.stet.eu > > > > > > Ce message et toutes les pièces jointes sont établis à l'intention > exclusive de ses destinataires et sont confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, > merci de le détruire ainsi que toute copie de votre système et d'en avertir > immédiatement l'expéditeur. > Toute lecture non autorisée, toute utilisation de ce message qui n'est pas > conforme à sa destination, toute diffusion ou toute publication, totale ou > partielle, est interdite. > L'Internet ne permettant pas d'assurer l'intégrité de ce message > électronique susceptible d'altération, STET décline toute responsabilité au > titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou > falsifié. > N'imprimez ce message que si nécessaire, pensez à l'environnement. > > This message and any attachments is intended solely for the intended > addressees and is confidential. > If you receive this message in error, or are not the intended > recipient(s), please delete it and any copies from your systems and > immediately notify the sender. > Any unauthorized view, use that does not comply with its purpose, > dissemination or disclosure, either whole or partial, is prohibited. > Since the internet cannot guarantee the integrity of this message which > may not be reliable, STET shall not be liable for the message if modified, > changed or falsified. > Do not print this message unless it is necessary, please consider the > environment. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > Ce message et toutes les pièces jointes sont établis à l'intention > exclusive de ses destinataires et sont confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, > merci de le détruire ainsi que toute copie de votre système et d'en avertir > immédiatement l'expéditeur. > Toute lecture non autorisée, toute utilisation de ce message qui n'est pas > conforme à sa destination, toute diffusion ou toute publication, totale ou > partielle, est interdite. > L'Internet ne permettant pas d'assurer l'intégrité de ce message > électronique susceptible d'altération, STET décline toute responsabilité au > titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou > falsifié. > N'imprimez ce message que si nécessaire, pensez à l'environnement. > > This message and any attachments is intended solely for the intended > addressees and is confidential. > If you receive this message in error, or are not the intended > recipient(s), please delete it and any copies from your systems and > immediately notify the sender. > Any unauthorized view, use that does not comply with its purpose, > dissemination or disclosure, either whole or partial, is prohibited. > Since the internet cannot guarantee the integrity of this message which > may not be reliable, STET shall not be liable for the message if modified, > changed or falsified. > Do not print this message unless it is necessary, please consider the > environment. >
- [OAUTH-WG] Question regarding RFC 7592 Robache Hervé
- Re: [OAUTH-WG] Question regarding RFC 7592 Travis Spencer
- Re: [OAUTH-WG] Question regarding RFC 7592 Robache Hervé
- Re: [OAUTH-WG] Question regarding RFC 7592 Travis Spencer
- Re: [OAUTH-WG] Question regarding RFC 7592 Justin Richer
- Re: [OAUTH-WG] Question regarding RFC 7592 Dick Hardt
- Re: [OAUTH-WG] Question regarding RFC 7592 Justin Richer
- Re: [OAUTH-WG] Question regarding RFC 7592 Dick Hardt
- Re: [OAUTH-WG] Question regarding RFC 7592 Neil Madden
- Re: [OAUTH-WG] Question regarding RFC 7592 Justin Richer
- Re: [OAUTH-WG] Question regarding RFC 7592 Travis Spencer
- Re: [OAUTH-WG] Question regarding RFC 7592 Dick Hardt
- Re: [OAUTH-WG] Question regarding RFC 7592 Robache Hervé
- Re: [OAUTH-WG] Question regarding RFC 7592 Travis Spencer