IETF Logo Mail Archive

[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-04.txt

Brian Campbell <bcampbell@pingidentity.com> Thu, 12 October 2017 22:07 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D2F132992 for <oauth@ietfa.amsl.com>; Thu, 12 Oct 2017 15:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADbJHOKGHuuW for <oauth@ietfa.amsl.com>; Thu, 12 Oct 2017 15:07:44 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18F56132949 for <oauth@ietf.org>; Thu, 12 Oct 2017 15:07:43 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id h70so7034693ioi.4 for <oauth@ietf.org>; Thu, 12 Oct 2017 15:07:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vH6zR1R5VEbKuxJzFD4m4Q+2DrD5FHN/64nAexQ0er8=; b=P5veDXrGlVNrUjglBDd0POyhmolka+3pSuoWdVeDzj0z1yCzpW60PhrSddRqhxR/tG bhxMWnsXQnZfTGLvH54A8ppmXc79DzuwrgsfzkWwuquC67RQVGNR38f8dkwCUaDRaUdH QHFqIf0ZkVCx2x9AQPTM75NDiE1PSMWbP75PA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vH6zR1R5VEbKuxJzFD4m4Q+2DrD5FHN/64nAexQ0er8=; b=kK4oBMuBnWlnnK2sf9mY0Kx0Iw8gdnI64C4gVfToLs1p1Helu0dSLX1yg/ZSjWYGoO FuXcpQZdATuzfKK5AWeYLAD6vNKGZ7v2Evg91lTBSE1kGAYDrsjaKdAFtSifQpcjVJsd MeSsWzZNtUThF/5RSe+r+TYZYZBPud1o/Wk+6mhSK0U4nxfOL8PK0B5alf35uQPbMY3i piwAD+2Un0385O/zPZT9v43Qp4DY5LGxGDavutswALZG/PldBKSjqiRWnTcy3SSeW7vb IHyRazh9+4ZIw5cdhMav1qxiPW4r2L+QkFgqDb93ysz9ycBh/9mst94N7zCVWexYyKom M/fQ==
X-Gm-Message-State: AMCzsaXaOetVwCn2KqFGE/PTAYNHwmDYSB2jK5kiS+Z0TuZqANi4PTDp icpl8DTXwtKVQqt4oGQ4XtlzdfzLVjS/pDvhZFpoki7WKYAKtcNIKOJz4K0ftpQBxAFh5/2Rx6u GgdGOt8lR87rYCw==
X-Google-Smtp-Source: ABhQp+TGO2epZfvtLpOlZOGPhhDB/sgIBooGSabNJ5Ode6TYharGvNZzfqzmaVwUjZbNtjn/OAQuWR5ZdtFWpwzFxEY=
X-Received: by 10.107.147.86 with SMTP id v83mr5501833iod.82.1507846062787; Thu, 12 Oct 2017 15:07:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.106.34 with HTTP; Thu, 12 Oct 2017 15:07:12 -0700 (PDT)
In-Reply-To: <150784500346.16836.10053591552617872796@ietfa.amsl.com>
References: <150784500346.16836.10053591552617872796@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 12 Oct 2017 16:07:12 -0600
Message-ID: <CA+k3eCSD73-djpiUOq3u+arXjsUQ=aZsiA8Xv2tUM6mSecwvdA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05665cf2ec14055b60c4ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UIeh1VrPTlnGtZ2wOh6T9x198xE>
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-mtls-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2017 22:07:46 -0000

I'm pleased to announce that a new draft of "Mutual TLS Profile for OAuth
2.0" has been published. The changes, based on feedback and discussion on
this list over the last two months, are listed below.

   draft-ietf-oauth-mtls-04
<https://tools.ietf.org/html/draft-ietf-oauth-mtls-04>

   o  Change the name of the 'Public Key method' to the more accurate
      'Self-Signed Certificate method' and also change the associated
      authentication method metadata value to
      "self_signed_tls_client_auth".
   o  Removed the "tls_client_auth_root_dn" client metadata field as
      discussed in https://mailarchive.ietf.org/arch/msg/oauth/
<https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc>
      swDV2y0be6o8czGKQi1eJV-g8qc
<https://mailarchive.ietf.org/arch/msg/oauth/swDV2y0be6o8czGKQi1eJV-g8qc>
   o  Update draft-ietf-oauth-discovery
<https://tools.ietf.org/html/draft-ietf-oauth-discovery> reference to
-07
   o  Clarify that MTLS client authentication isn't exclusive to the
      token endpoint and can be used with other endpoints, e.g.  RFC
<https://tools.ietf.org/html/rfc7009>
      7009 <https://tools.ietf.org/html/rfc7009> revocation and 7662
introspection, that utilize client
      authentication as discussed in
      https://mailarchive.ietf.org/arch/msg/oauth/
<https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI>
      bZ6mft0G7D3ccebhOxnEYUv4puI
<https://mailarchive.ietf.org/arch/msg/oauth/bZ6mft0G7D3ccebhOxnEYUv4puI>
   o  Reorganize the document somewhat in an attempt to more clearly
      make a distinction between mTLS client authentication and
      certificate bound access tokens as well as a more clear
      delineation between the two (PKI/Public key) methods for client
      authentication
   o  Editorial fixes and clarifications


---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Thu, Oct 12, 2017 at 3:50 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-04.txt
To: i-d-announce@ietf.org
Cc: oauth@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : Mutual TLS Profile for OAuth 2.0
        Authors         : Brian Campbell
                          John Bradley
                          Nat Sakimura
                          Torsten Lodderstedt
        Filename        : draft-ietf-oauth-mtls-04.txt
        Pages           : 18
        Date            : 2017-10-12

Abstract:
   This document describes Transport Layer Security (TLS) mutual
   authentication using X.509 certificates as a mechanism for OAuth
   client authentication to the authorization sever as well as for
   certificate bound sender constrained access tokens.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-mtls-04
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-04

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

-- 
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you.*

v2.23.0 | Report a Bug | By Email