Re: [OAUTH-WG] Question regarding RFC 7592

Travis Spencer <travis.spencer@curity.io> Fri, 13 September 2019 11:30 UTC

Return-Path: <travis.spencer@curity.io>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F138120077 for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 04:30:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=curity-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42jrkwICgP8G for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2019 04:30:05 -0700 (PDT)
Received: from mail-yw1-xc35.google.com (mail-yw1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86010120046 for <oauth@ietf.org>; Fri, 13 Sep 2019 04:30:05 -0700 (PDT)
Received: by mail-yw1-xc35.google.com with SMTP id d19so8378420ywa.0 for <oauth@ietf.org>; Fri, 13 Sep 2019 04:30:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=curity-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BK+YSm/Qx+dStNYTDuEqvahjkfhA0pUUWKjjsSW9ADM=; b=gcUrcjGo9M24jENAKu3VFiT4jdZmcjWWuIzhBFRvLb/pUL36pknYTtu6QhGmlakens eEkcNGxtNNtYDTFav9/qCWbNoKpOw7WW37xSfiK7QoJlPFl9L0GZE2DacL36NvPfrgAQ K3M7bvpKCwbCsesGOHwHXIkwkLMKr8M+HBp4rB+QJq8FA27mD4d6hzQKmS9X9pZAZa0w neUf1CyXeWDM+dcX10mNzS0EiUTasBcoq7tRvEscNTcw+N+vVNoQPY9MJGQ7mPsJrzT7 dtPy/Ep1aRGdkn1ILh+HPTu5++0P45jKYpz7BaD5RMBlkPU4isTYf92NDoLWCoUy3z1t /qhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BK+YSm/Qx+dStNYTDuEqvahjkfhA0pUUWKjjsSW9ADM=; b=L/LZACgSWxM76Cs3E5Hf5FX5gg4e+tWt5A9y3Pz0GvPNUVDYjRofTiCVOnikX/FGHB I8/V3C645PNWDcQRekI4ZKXDs3DHrclwBq4NSF8CuN+5ETTLJSGcosGQNUaktHwSgtHP fDuTCenWWJ/l09m+qOSigcbd6BG1b6fWMCHRzTpW07mV7C7QSucSfezXBoBPZPijy+dU sL5jZAXMYklqXdFChnuR9G3cUwjk82RCfO1ciBhjqizjTrfGpFpPnFhccd910XoXC6FF Fzdjz2g9PhC/SQigMkKuvWdkTCQAv1hjTkKOng/RmxQ9XZFMJVsCmODEmoxG+hw89U53 GKOQ==
X-Gm-Message-State: APjAAAX7/mq7Cl2dADF79GnGuaZ9QzA7+cEPrNiwnuN8So1y5/8qDmfB akgcbzubJmY/dRu+IkvGagV4q40Tu8epHIAwy68KKw==
X-Google-Smtp-Source: APXvYqyZwGnNXLKq0FQTu1dsGX9h6M5pgngfeldqHxl8FAYa+7qYc+nQ7EqjwjSWv5MXBbLDMDP0msIYubd+YLpiv+c=
X-Received: by 2002:a81:7dc5:: with SMTP id y188mr2380937ywc.69.1568374204368; Fri, 13 Sep 2019 04:30:04 -0700 (PDT)
MIME-Version: 1.0
References: <ae35a0f3b9f74618add918d9339be753@STEMES002.steteu.corp>
In-Reply-To: <ae35a0f3b9f74618add918d9339be753@STEMES002.steteu.corp>
From: Travis Spencer <travis.spencer@curity.io>
Date: Fri, 13 Sep 2019 13:29:53 +0200
Message-ID: <CAEKOcs3EtjLHRaRmpCa_GrpuXtqVMWHrmH0oPBB-b+2yzhKHaw@mail.gmail.com>
To: =?UTF-8?Q?Robache_Herv=C3=A9?= <herve.robache@stet.eu>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/related; boundary="00000000000053bd7705926d93dc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/hN5WzhdyvqflzF65vgnVWeRKHjM>
Subject: Re: [OAUTH-WG] Question regarding RFC 7592
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 11:30:08 -0000

No. The initial access token is issued by the AS when registration is
protected (appendix 1.2 in RFC 7591). As stated in section 1.2, the method
and means by which this is obtained can vary. The registration access token
in RFC 7592 is used to protect the registration management API and allow
updates to the client after it is registered. You might have one (the
registration access token) but not the other (initial access token) when
open registration is allowed (appendix 1.1 in RFC 7591).

HTH!

On Fri, Sep 13, 2019 at 7:37 AM Robache Hervé <herve.robache@stet.eu> wrote:

> Hi
>
>
>
> RFC 7592 introduces a « Registration Access Token ». Are this token and
> the way to get it similar to what is specified as “Initial Access Token” in
> RFC 7591/Appendix A ?
>
>
>
> If so, can the Open Dynamic Client Registration (RFC7591/A.1.1) be
> extrapolated to RFC7592 as the same way?
>
>
>
> Thanks in advance for your clarification.
>
>
>
> Hervé ROBACHE
>
> Direction Marketing et Développement
>
>
>
> LIGNE DIRECTE
>
> T. +33(0)1 55 23 55 45
>
> herve.robache@stet.eu
>
>
>
>
>
>
>
> [image: cid:image003.png@01D14327.707582F0]
>
>
>
> STET (SIEGE SOCIAL)
>
> 100, Esplanade du Général de Gaulle
>
> Cœur Défense – Tour B
>
> 92932 La Défense cedex
>
>
>
> www.stet.eu
>
>
>
>
> Ce message et toutes les pièces jointes sont établis à l'intention
> exclusive de ses destinataires et sont confidentiels.
> Si vous recevez ce message par erreur ou s'il ne vous est pas destiné,
> merci de le détruire ainsi que toute copie de votre système et d'en avertir
> immédiatement l'expéditeur.
> Toute lecture non autorisée, toute utilisation de ce message qui n'est pas
> conforme à sa destination, toute diffusion ou toute publication, totale ou
> partielle, est interdite.
> L'Internet ne permettant pas d'assurer l'intégrité de ce message
> électronique susceptible d'altération, STET décline toute responsabilité au
> titre de ce message dans l'hypothèse où il aurait été modifié, déformé ou
> falsifié.
> N'imprimez ce message que si nécessaire, pensez à l'environnement.
>
> This message and any attachments is intended solely for the intended
> addressees and is confidential.
> If you receive this message in error, or are not the intended
> recipient(s), please delete it and any copies from your systems and
> immediately notify the sender.
> Any unauthorized view, use that does not comply with its purpose,
> dissemination or disclosure, either whole or partial, is prohibited.
> Since the internet cannot guarantee the integrity of this message which
> may not be reliable, STET shall not be liable for the message if modified,
> changed or falsified.
> Do not print this message unless it is necessary, please consider the
> environment.
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>