Re: [OAUTH-WG] Question regarding RFC 7592

Robache Hervé <herve.robache@stet.eu> Fri, 13 September 2019 12:23 UTC

Return-Path: <herve.robache@stet.eu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8A5120227 for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 05:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtcJX5onbega for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 05:23:33 -0700 (PDT)
Received: from mx.stet.eu (mx.stet.eu [85.233.205.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 315231201E0 for <oauth@ietf.org>; Fri, 13 Sep 2019 05:23:32 -0700 (PDT)
Received: from mail.stet.eu ([10.17.2.21]) by mx.stet.eu with ESMTP id x8DCNUjQ026149-x8DCNUjS026149 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=CAFAIL); Fri, 13 Sep 2019 14:23:30 +0200
Received: from STEMES002.steteu.corp (10.17.2.22) by STEMES001.steteu.corp (10.17.2.21) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 13 Sep 2019 14:23:30 +0200
Received: from STEMES002.steteu.corp ([::1]) by STEMES002.steteu.corp ([fe80::1c47:3ef0:f04e:a256%14]) with mapi id 15.00.1473.003; Fri, 13 Sep 2019 14:23:30 +0200
From: =?utf-8?B?Um9iYWNoZSBIZXJ2w6k=?= <herve.robache@stet.eu>
To: Travis Spencer <travis.spencer@curity.io>
CC: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Question regarding RFC 7592
Thread-Index: AdVpeCBmbn8uFGEHRDSH6fb8upwECQAnavOAAAX3ktA=
Date: Fri, 13 Sep 2019 12:23:30 +0000
Message-ID: <db205bcad6ac495bb558e2b6181ba546@STEMES002.steteu.corp>
References: <ae35a0f3b9f74618add918d9339be753@STEMES002.steteu.corp> <CAEKOcs3EtjLHRaRmpCa_GrpuXtqVMWHrmH0oPBB-b+2yzhKHaw@mail.gmail.com>
In-Reply-To: <CAEKOcs3EtjLHRaRmpCa_GrpuXtqVMWHrmH0oPBB-b+2yzhKHaw@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.17.2.170]
x-tm-as-product-ver: SMEX-12.5.0.1684-8.5.1010-24908.006
x-tm-as-result: No-18.057000-8.000000-10
x-tmase-matchedrid: 6jmP1Ht9qSueGXFpAoGIoe5i6weAmSDK31asM/gsp2kYDu7Ahk0dDVxf z10OsXj5iZmfBZYgGr+/LUPnfvvbV2H39wOZ1o5GM71h0SMVl8J3G1bsm5zfjLxgMf9QE2eb/0V sNN/sXcWmzeV8Z6u3l1MmJ7W/Vm9GNtF2eLsHxvlZwLSBgxghaPngX/aL8PCNI9L0l0rdbj/3h2 jybQkTkuVLYGUlXRjSV+4hGDe9WkYUpJC1g+xv1yQ7ls378/zHqAn+yHbzwCdq5aiUaVUyIFHXx CnNdK1O+QfFxsleWTfPh+3gPJS8wZcyOP01seuBRTO9mhIXG43DS5Rk8L0emgWybPnS4qkG4wLL vleCnmqkZsniU9dGsGUXmft12LONQR5uKLmqZofuvXp0/rQbmQZyESFXAljfIwfkkTESbiRpjch uPJNZ5OBifUQeQaAn1nhswVyu6E1QBGTXhXVuctqCJFwujpdAAgvM6h73Btr2Nx9aMA5QDiJkpI MWHcbCxOHla5AZ+eCm3B7lRhakqcOOIO9jIpLFcheA8ngAb/upSpNJXHTi8U+86maMM3aS9fGw1 nQ95T+EftyE+H2HLo4mltXV0alofMalxiFMN0ptJYfOb0q5O0NWaKIdBIV4XLYnX4ycMY1wDpvb PoLQyRLpDXY8SPPMucE3Ngmwru6FZ5NatKgouPPYC6FQ+VZVcuFRT+prg4aGe/6YURuOGR7BnNe uthFjWq+w3wy0CCoKbobZSJqYSgQgef9UKVkZipkOZV/lcG+ciUWAJovS34eCLAQuXygwK+I+zs OW7NlgzkVDlD8BHgdCKWAkI/y0hwW3qeYFZHyrm7DrUlmNkIlfAW57f8Kpb7DHElGeXjlzFh5Wt +L9QiVckhPCOd69MtUllpYxkKViba/5DlHIMfRJByhI7YZeftwZ3X11IV0=
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--18.057000-8.000000
x-tmase-version: SMEX-12.5.0.1684-8.5.1010-24908.006
x-tm-snts-smtp: F83B3E27B00F08EE0B278AE48F20344192423A44ACC4892C09060C81049733812000:9
Content-Type: multipart/related; boundary="_005_db205bcad6ac495bb558e2b6181ba546STEMES002steteucorp_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UjRM9698drhQvTH7nah3H2pRy30>
Subject: Re: [OAUTH-WG] Question regarding RFC 7592
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 12:23:36 -0000

Thanks Travis

I understand that, once the client has retrieved its [client_id] through RFC7591 initial registration, it is then able to ask for an access token that will be used for accessing the RFC7592 entry-points. Am I right?

Best regards

Hervé

De : Travis Spencer [mailto:travis.spencer@curity.io]
Envoyé : ven. 13 13:30
À : Robache Hervé
Cc : oauth@ietf.org
Objet : Re: [OAUTH-WG] Question regarding RFC 7592

No. The initial access token is issued by the AS when registration is protected (appendix 1.2 in RFC 7591). As stated in section 1.2, the method and means by which this is obtained can vary. The registration access token in RFC 7592 is used to protect the registration management API and allow updates to the client after it is registered. You might have one (the registration access token) but not the other (initial access token) when open registration is allowed (appendix 1.1 in RFC 7591).

HTH!

On Fri, Sep 13, 2019 at 7:37 AM Robache Hervé <herve.robache@stet.eu<mailto:herve.robache@stet.eu>> wrote:
Hi

RFC 7592 introduces a « Registration Access Token ». Are this token and the way to get it similar to what is specified as “Initial Access Token” in RFC 7591/Appendix A ?

If so, can the Open Dynamic Client Registration (RFC7591/A.1.1) be extrapolated to RFC7592 as the same way?

Thanks in advance for your clarification.

Hervé ROBACHE
Direction Marketing et Développement

LIGNE DIRECTE
T. +33(0)1 55 23 55 45
herve.robache@stet.eu<mailto:herve.robache@stet.eu>








[cid:image003.png@01D14327.707582F0]

STET (SIEGE SOCIAL)
100, Esplanade du Général de Gaulle
Cœur Défense – Tour B
92932 La Défense cedex

www.stet.eu<http://www.stet.eu/>



Ce message et toutes les pièces jointes sont établis à l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, merci de le détruire ainsi que toute copie de votre système et d'en avertir immédiatement l'expéditeur.
Toute lecture non autorisée, toute utilisation de ce message qui n'est pas conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite.
L'Internet ne permettant pas d'assurer l'intégrité de ce message électronique susceptible d'altération, STET décline toute responsabilité au titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou falsifié.
N'imprimez ce message que si nécessaire, pensez à l'environnement.

This message and any attachments is intended solely for the intended addressees and is confidential.
If you receive this message in error, or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender.
Any unauthorized view, use that does not comply with its purpose, dissemination or disclosure, either whole or partial, is prohibited.
Since the internet cannot guarantee the integrity of this message which may not be reliable, STET shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, please consider the environment.
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


Ce message et toutes les pièces jointes sont établis à l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destiné, merci de le détruire ainsi que toute copie de votre système et d'en avertir immédiatement l'expéditeur.
Toute lecture non autorisée, toute utilisation de ce message qui n'est pas conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite.
L'Internet ne permettant pas d'assurer l'intégrité de ce message électronique susceptible d'altération, STET décline toute responsabilité au titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou falsifié.
N'imprimez ce message que si nécessaire, pensez à l'environnement.

This message and any attachments is intended solely for the intended addressees and is confidential.
If you receive this message in error, or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender.
Any unauthorized view, use that does not comply with its purpose, dissemination or disclosure, either whole or partial, is prohibited.
Since the internet cannot guarantee the integrity of this message which may not be reliable, STET shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, please consider the environment.