[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-04.txt
Brian Campbell <bcampbell@pingidentity.com> Thu, 12 October 2017 22:07 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D2F132992 for <oauth@ietfa.amsl.com>; Thu, 12 Oct 2017 15:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADbJHOKGHuuW for <oauth@ietfa.amsl.com>; Thu, 12 Oct 2017 15:07:44 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18F56132949 for <oauth@ietf.org>; Thu, 12 Oct 2017 15:07:43 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id h70so7034693ioi.4 for <oauth@ietf.org>; Thu, 12 Oct 2017 15:07:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vH6zR1R5VEbKuxJzFD4m4Q+2DrD5FHN/64nAexQ0er8=; b=P5veDXrGlVNrUjglBDd0POyhmolka+3pSuoWdVeDzj0z1yCzpW60PhrSddRqhxR/tG bhxMWnsXQnZfTGLvH54A8ppmXc79DzuwrgsfzkWwuquC67RQVGNR38f8dkwCUaDRaUdH QHFqIf0ZkVCx2x9AQPTM75NDiE1PSMWbP75PA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vH6zR1R5VEbKuxJzFD4m4Q+2DrD5FHN/64nAexQ0er8=; b=kK4oBMuBnWlnnK2sf9mY0Kx0Iw8gdnI64C4gVfToLs1p1Helu0dSLX1yg/ZSjWYGoO FuXcpQZdATuzfKK5AWeYLAD6vNKGZ7v2Evg91lTBSE1kGAYDrsjaKdAFtSifQpcjVJsd MeSsWzZNtUThF/5RSe+r+TYZYZBPud1o/Wk+6mhSK0U4nxfOL8PK0B5alf35uQPbMY3i piwAD+2Un0385O/zPZT9v43Qp4DY5LGxGDavutswALZG/PldBKSjqiRWnTcy3SSeW7vb IHyRazh9+4ZIw5cdhMav1qxiPW4r2L+QkFgqDb93ysz9ycBh/9mst94N7zCVWexYyKom M/fQ==
X-Gm-Message-State: AMCzsaXaOetVwCn2KqFGE/PTAYNHwmDYSB2jK5kiS+Z0TuZqANi4PTDp icpl8DTXwtKVQqt4oGQ4XtlzdfzLVjS/pDvhZFpoki7WKYAKtcNIKOJz4K0ftpQBxAFh5/2Rx6u GgdGOt8lR87rYCw==
X-Google-Smtp-Source: ABhQp+TGO2epZfvtLpOlZOGPhhDB/sgIBooGSabNJ5Ode6TYharGvNZzfqzmaVwUjZbNtjn/OAQuWR5ZdtFWpwzFxEY=
X-Received: by 10.107.147.86 with SMTP id v83mr5501833iod.82.1507846062787; Thu, 12 Oct 2017 15:07:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.106.34 with HTTP; Thu, 12 Oct 2017 15:07:12 -0700 (PDT)
In-Reply-To: <150784500346.16836.10053591552617872796@ietfa.amsl.com>
References: <150784500346.16836.10053591552617872796@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 12 Oct 2017 16:07:12 -0600
Message-ID: <CA+k3eCSD73-djpiUOq3u+arXjsUQ=aZsiA8Xv2tUM6mSecwvdA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05665cf2ec14055b60c4ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UIeh1VrPTlnGtZ2wOh6T9x198xE>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2017 22:07:46 -0000
I'm pleased to announce that a new draft of "Mutual TLS Profile for OAuth 2.0" has been published. The changes, based on feedback and discussion on this list over the last two months, are listed below. draft-ietf-oauth-mtls-04 <https://tools.ietf.org/html/draft-ietf-oauth-mtls-04> o Change the name of the 'Public Key method' to the more accurate 'Self-Signed Certificate method' and also change the associated authentication method metadata value to "self_signed_tls_client_auth". o Removed the "tls_client_auth_root_dn" client metadata field as discussed in https://mailarchive.ietf.org/arch/msg/oauth/ <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc> swDV2y0be6o8czGKQi1eJV-g8qc <https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc> o Update draft-ietf-oauth-discovery <https://tools.ietf.org/html/draft-ietf-oauth-discovery> reference to -07 o Clarify that MTLS client authentication isn't exclusive to the token endpoint and can be used with other endpoints, e.g. RFC <https://tools.ietf.org/html/rfc7009> 7009 <https://tools.ietf.org/html/rfc7009> revocation and 7662 introspection, that utilize client authentication as discussed in https://mailarchive.ietf.org/arch/msg/oauth/ <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI> bZ6mft0G7D3ccebhOxnEYUv4puI <https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI> o Reorganize the document somewhat in an attempt to more clearly make a distinction between mTLS client authentication and certificate bound access tokens as well as a more clear delineation between the two (PKI/Public key) methods for client authentication o Editorial fixes and clarifications ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: Thu, Oct 12, 2017 at 3:50 PM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-04.txt To: i-d-announce@ietf.org Cc: oauth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : Mutual TLS Profile for OAuth 2.0 Authors : Brian Campbell John Bradley Nat Sakimura Torsten Lodderstedt Filename : draft-ietf-oauth-mtls-04.txt Pages : 18 Date : 2017-10-12 Abstract: This document describes Transport Layer Security (TLS) mutual authentication using X.509 certificates as a mechanism for OAuth client authentication to the authorization sever as well as for certificate bound sender constrained access tokens. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-mtls-04 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth -- *CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.*
- [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-04.t… internet-drafts
- [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls… Brian Campbell
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Vladimir Dzhuvinov
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Brian Campbell
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Takahiko Kawasaki
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Brian Campbell
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-… Torsten Lodderstedt