UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8705

OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 February 2020
Status: active
Page Count: 24
scope:

Abstract

This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual- TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.

Document History

IETF RFC 8705
February 1, 2020
OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
Abstract This document describes OAuth client authentication and certificate-bound access and refresh tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth...

References

This document references:
IETF RFC 4514 - Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
Published by IETF on June 1, 2006
The X.500 Directory uses distinguished names (DNs) as primary keys to entries in the directory. This document defines the string representation used in the Lightweight Directory Access Protocol...
This document references:
IETF RFC 4517 - Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
Published by IETF on June 1, 2006
Each attribute stored in a Lightweight Directory Access Protocol (LDAP) directory, whose values may be transferred in the LDAP protocol, has a defined syntax that constrains the structure and format...
This document references:
IETF RFC 4648 - The Base16, Base32, and Base64 Data Encodings
Published by IETF on October 1, 2006
This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet...
This document is referenced by:
GS NFV-SEC 022 - Network Functions Virtualisation (NFV) Release 4; Security; Access Token Specification for API Access
Published by ETSI on January 1, 2024
The present document defines the access tokens and related metadata for RESTful protocols and data model for ETSI NFV Management and Orchestration (MANO) interfaces. It defines also the process for...
This document is referenced by:
RFC 9126 - OAuth 2.0 Pushed Authorization Requests
Published by IETF on September 1, 2021
Abstract This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct...
This document is referenced by:
RFC 9201 - Additional OAuth Parameters for Authentication and Authorization for Constrained Environments (ACE)
Published by IETF on August 1, 2022
This specification defines new parameters and encodings for the OAuth 2.0 token and introspection endpoints when used with the framework for Authentication and Authorization for Constrained...
This document is referenced by:
GS NFV-SOL 013 - Network Functions Virtualisation (NFV) Release 4; Protocols and Data Models; Specification of common aspects for RESTful NFV MANO APIs
Published by ETSI on March 1, 2023
The present document specifies common aspects of RESTful protocols and data models for ETSI NFV management and orchestration (MANO) interfaces.
This document is referenced by:
RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP)
Published by IETF on September 1, 2023
This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks...
View Less
View All
Advertisement