[Txauth] Registered Clients and Dynamic Clients

Denis <denis.ietf@free.fr> Wed, 15 July 2020 17:04 UTC

Return-Path: <denis.ietf@free.fr>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF2F73A0880 for <txauth@ietfa.amsl.com>; Wed, 15 Jul 2020 10:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.171
X-Spam-Level:
X-Spam-Status: No, score=-0.171 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.267, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, SPOOFED_FREEMAIL=1.459] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uz33jcP21o1J for <txauth@ietfa.amsl.com>; Wed, 15 Jul 2020 10:04:44 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp01.smtpout.orange.fr [80.12.242.123]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B873A085F for <txauth@ietf.org>; Wed, 15 Jul 2020 10:04:43 -0700 (PDT)
Received: from [192.168.1.11] ([86.238.65.197]) by mwinf5d53 with ME id 3V4h2300G4FMSmm03V4hz4; Wed, 15 Jul 2020 19:04:42 +0200
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Wed, 15 Jul 2020 19:04:42 +0200
X-ME-IP: 86.238.65.197
To: Dick Hardt <dick.hardt@gmail.com>
Cc: "txauth@ietf.org" <txauth@ietf.org>
From: Denis <denis.ietf@free.fr>
Message-ID: <7c1f0439-42e4-9f7d-4dd2-e741f7cb57f2@free.fr>
Date: Wed, 15 Jul 2020 19:04:39 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------CBA27F4A16CCBAD5F37FFCF0"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/aL96jHgsD8paSFLIevcRKGHfiUc>
Subject: [Txauth] Registered Clients and Dynamic Clients
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2020 17:04:46 -0000

Hello Dick,

I am puzzled with the two following definitions in 
draft-hardt-xauth-protocol-13 :

*Registered Client* - a Client that has registered with the GS and has a 
Client ID to identify itself, and
        can prove it possesses a key that is linked to the Client ID.The 
GS may have different policies for what
        different Registered Clients can request.A Registered Client MAY 
be interacting with a User.

[Denis]  I interpret the last sentence in the following way: A 
Registered Client may be either an Application or a User.
              Is it correct ?

*Dynamic Client* - a Client that has not been previously registered with 
the GS, and each instance will generate
        it’s own asymmetric key pair so it can prove it is the same 
instance of the Client on subsequent requests. The GS
        MAY return a Dynamic Client a Client Handle for the Client to 
identify itself in subsequent requests. A single-page
        application with no active server component is an example of a 
Dynamic Client. A Dynamic Client MUST be interacting
        with a User.

[Denis] The draft does not include any other explanation for the reason 
to support the so-called "Dynamic Clients".
While I can understand the value to use a temporary key pair for a given 
RS, I can't understand the value for a GS
             to support unknown clients. If a GS knows nothing about a 
so-called "Dynamic Client", then it will not be able to deliver
             any user attribute into an access token to such client.

Denis