[OAUTH-WG] draft-ietf-oauth-mtls-14

Brian Campbell <bcampbell@pingidentity.com> Thu, 11 April 2019 20:32 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7089D120435 for <oauth@ietfa.amsl.com>; Thu, 11 Apr 2019 13:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTg3UsoSj1YG for <oauth@ietfa.amsl.com>; Thu, 11 Apr 2019 13:32:24 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4129612041E for <oauth@ietf.org>; Thu, 11 Apr 2019 13:32:24 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id v4so6561768ioj.5 for <oauth@ietf.org>; Thu, 11 Apr 2019 13:32:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ZkniZzsdyZF9v9F0Sxx8HE8LyxF6fShp1apf88rXE+k=; b=khoLuX2tuDRlDNDbyzcDk+Ygz3wlQAG4W6Ex5dQAuUpuJGWgkkRQHMaNvIM2a9Tk6J Ysk3FBdmAS/9eTYrbY2yzDOYL7EXxchQJX7UkqvBhPNTHGzjv2z+Ig1u4iuuChYW2630 FMqkVK5p9PJpL2xVdaIAW3jjnr5AgNvR1O0YQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ZkniZzsdyZF9v9F0Sxx8HE8LyxF6fShp1apf88rXE+k=; b=ev8yIgpz0xEgyYW2XsVdVntw54+Nauq0DDI2kyyt3llOZ898siBxh0I/Ck8M5zbOyD uCIQOXMOdvp5z8WQ8UnAt5iIWA50AB21WMJtNF8cPTZipN0ddVkALcze+3TYkSwCbhGs 1lllyDxUdksoB6KlKacKvQDljSCiwbIcm8igpuSiIY57NHCrsEvmXvJ4mwOQVtm9H/EI lNhLz7hq94fyW7aKNYRQ2xZKjsVY1T30jmqH8D6kDUtkRxxcxaUHgzNyAZO5E1I5xU2S s07H5fUzJiFHNZo28HJVpfCeeWODLHh+NQDXEqm19RjjXAM7o4+bU+5FgC015AmyfmuW N7wg==
X-Gm-Message-State: APjAAAX4QLHTfDI7CGzVBjAslnaVgIcdN+VtUTEHrSwPHGAB6i03ux6Y VAjFFrbl3LiKVZ2PpDchcN/KL6Si3rThyY6qzXDOfpEeHxBwNsrSFhna8DI0sD+YiUKBdQlr33x fdDt5FsJi+udAT0rM7TbAVg==
X-Google-Smtp-Source: APXvYqwWtaPpxmuJe+VCKs/HVj7HyPyvhYaS3eLTNPb0VvdD2X4ZcK6+hbapALhNSOwmE6hWmXnx/yw17S0H+0t7MwM=
X-Received: by 2002:a6b:3b46:: with SMTP id i67mr32238114ioa.67.1555014743027; Thu, 11 Apr 2019 13:32:23 -0700 (PDT)
MIME-Version: 1.0
References: <155501407282.13752.2789851176225236692@ietfa.amsl.com>
In-Reply-To: <155501407282.13752.2789851176225236692@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 11 Apr 2019 14:31:56 -0600
Message-ID: <CA+k3eCQfaGef42yd1Qkf8b7JTB0yemyt+4GS7XQ=wRfGMx0SMg@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000610c4d05864715fd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/l1cS-T32-wxiRGq16wEMrt-NNwQ>
Subject: [OAUTH-WG] draft-ietf-oauth-mtls-14
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 20:32:27 -0000

Draft -14 of "OAuth 2.0 Mutual TLS Client Authentication and
Certificate-Bound Access Tokens" has been published. The changes in -14
(listed below) are editorial only and aim to provide some additional
clarity around some recent small points of confusion and discussion.

draft-ietf-oauth-mtls-14
   o  Editorial clarifications around there being only a single subject
      registered/configured per client for the tls_client_auth method.
   o  Add a brief explanation about how, with tls_client_auth and
      self_signed_tls_client_auth, refresh tokens are certificate-bound
      indirectly via the client authentication.
   o  Add mention of refresh tokens in the abstract.

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Thu, Apr 11, 2019 at 2:21 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-mtls-14.txt
To: <i-d-announce@ietf.org>
Cc: <oauth@ietf.org>



A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

        Title           : OAuth 2.0 Mutual TLS Client Authentication and
Certificate-Bound Access Tokens
        Authors         : Brian Campbell
                          John Bradley
                          Nat Sakimura
                          Torsten Lodderstedt
        Filename        : draft-ietf-oauth-mtls-14.txt
        Pages           : 30
        Date            : 2019-04-11

Abstract:
   This document describes OAuth client authentication and certificate-
   bound access and refresh tokens using mutual Transport Layer Security
   (TLS) authentication with X.509 certificates.  OAuth clients are
   provided a mechanism for authentication to the authorization server
   using mutual TLS, based on either self-signed certificates or public
   key infrastructure (PKI).  OAuth authorization servers are provided a
   mechanism for binding access tokens to a client's mutual TLS
   certificate, and OAuth protected resources are provided a method for
   ensuring that such an access token presented to it was issued to the
   client presenting the token.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-mtls-14
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-mtls-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._