Diff: rfc9201v2.txt - rfc9201.txt

	rfc9201v2.txt	rfc9201.txt

	skipping to change at line 139 ¶	skipping to change at line 139 ¶
	MUST verify that the client really is in possession of the	MUST verify that the client really is in possession of the
	corresponding key. Profiles of [RFC9200] using this specification	corresponding key. Profiles of [RFC9200] using this specification
	MUST define the PoP method used by the AS if they allow clients to	MUST define the PoP method used by the AS if they allow clients to
	use this request parameter. Values of this parameter follow the	use this request parameter. Values of this parameter follow the
	syntax and semantics of the cnf claim either from Section 3.1 of	syntax and semantics of the cnf claim either from Section 3.1 of
	[RFC8747] for CBOR-based interactions or from Section 3.1 of	[RFC8747] for CBOR-based interactions or from Section 3.1 of
	[RFC7800] for JSON-based interactions.	[RFC7800] for JSON-based interactions.

	Figure 1 shows a request for an access token using the req_cnf	Figure 1 shows a request for an access token using the req_cnf
	parameter to request a specific public key as a PoP key. The content	parameter to request a specific public key as a PoP key. The content

	is displayed in CBOR diagnostic notation without abbreviations and	is displayed in CBOR diagnostic notation with line breaks for better
	with line breaks for better readability.	readability.

	Header: POST (Code=0.02)	Header: POST (Code=0.02)
	Uri-Host: "as.example.com"	Uri-Host: "as.example.com"
	Uri-Path: "token"	Uri-Path: "token"

	Content-Format: "application/ace+cbor"	Content-Format: application/ace+cbor
	Payload:	Payload:
	{	{

	"req_cnf" : {	/ req_cnf / 4 : {
	"COSE_Key" : {	/ COSE_Key / 1 : {
	"kty" : "EC2",	/ kty / 1 : 2 /EC2/,
	"kid" : h'11',	/ kid / 2 : h'11',
	"crv" : "P-256",	/ crv / -1 : 1 /P-256/,
	"x" : h'BAC5B11CAD8F99F9C72B05CF4B9E26D24	/ x / -2 : h'BAC5B11CAD8F99F9C72B05CF4B9E26D24
	4DC189F745228255A219A86D6A09EFF',	4DC189F745228255A219A86D6A09EFF',
	"y" : h'20138BF82DC1B6D562BE0FA54AB7804A3	/ y / -3 : h'20138BF82DC1B6D562BE0FA54AB7804A3
	A64B6D72CCFED6B6FB6ED28BBFC117E'	A64B6D72CCFED6B6FB6ED28BBFC117E'
	}	}
	}	}
	}	}

	Figure 1: Example Request for an Access Token Bound to an	Figure 1: Example Request for an Access Token Bound to an
	Asymmetric Key	Asymmetric Key

	3.2. AS-to-Client Response	3.2. AS-to-Client Response

	This section defines the following additional parameters for an AS	This section defines the following additional parameters for an AS

	skipping to change at line 195 ¶	skipping to change at line 195 ¶
	without additional information. Values of this parameter follow	without additional information. Values of this parameter follow
	the syntax and semantics of the cnf claim either from Section 3.1	the syntax and semantics of the cnf claim either from Section 3.1
	of [RFC8747] for CBOR-based interactions or from Section 3.1 of	of [RFC8747] for CBOR-based interactions or from Section 3.1 of
	[RFC7800] for JSON-based interactions. See Section 5 for	[RFC7800] for JSON-based interactions. See Section 5 for
	additional discussion of the usage of this parameter.	additional discussion of the usage of this parameter.

	Figure 2 shows an AS response containing a token and a cnf parameter	Figure 2 shows an AS response containing a token and a cnf parameter
	with a symmetric PoP key.	with a symmetric PoP key.

	Header: Created (Code=2.01)	Header: Created (Code=2.01)

	Content-Format: "application/ace+cbor"	Content-Format: application/ace+cbor
	Payload:	Payload:
	{	{

	"access_token" : h'4A5015DF686428 ...	/ access_token / 1 : h'4A5015DF686428 ...
	(remainder of CWT omitted for brevity;	(remainder of CWT omitted for brevity;
	CWT contains COSE_Key in the "cnf" claim)',	CWT contains COSE_Key in the "cnf" claim)',

	"cnf" : {	/ cnf / 8 : {
	"COSE_Key" : {	/ COSE_Key / 1 : {
	"kty" : "Symmetric",	/ kty / 1 : 4 / Symmetric /,
	"kid" : h'DFD1AA97',	/ kid / 2 : h'DFD1AA97',
	"k" : h'849B5786457C1491BE3A76DCEA6C427108'	/ k / -1 : h'849B5786457C1491BE3A76DCEA6C427108'
	}	}
	}	}
	}	}

	Figure 2: Example AS Response with an Access Token Bound to a	Figure 2: Example AS Response with an Access Token Bound to a
	Symmetric Key	Symmetric Key

	Figure 3 shows an AS response containing a token bound to a	Figure 3 shows an AS response containing a token bound to a
	previously requested asymmetric PoP key (not shown) and an rs_cnf	previously requested asymmetric PoP key (not shown) and an rs_cnf
	parameter containing the public key of the RS.	parameter containing the public key of the RS.

	Header: Created (Code=2.01)	Header: Created (Code=2.01)

	Content-Format: "application/ace+cbor"	Content-Format: application/ace+cbor
	Payload:	Payload:
	{	{

	"access_token" : h'D08343A1010AA1054D2A45DF6FBC5A5A ...	/ access_token / 1 : h'D08343A1010AA1054D2A45DF6FBC5A5A ...
	(remainder of CWT omitted for brevity)',	(remainder of CWT omitted for brevity)',

	"rs_cnf" : {	/ rs_cnf / 41 : {
	"COSE_Key" : {	/ COSE_Key / 1 : {
	"kty" : "EC2",	/ kty / 1 : 2 /EC2/,
	"kid" : h'12',	/ kid / 2 : h'12',
	"crv" : "P-256",	/ crv / -1 : 1 /P-256/,
	"x" : h'BCEE7EAAC162F91E6F330F5771211E220	/ x / -2 : h'BCEE7EAAC162F91E6F330F5771211E220
	B8B546C96589B0AC4AD0FD24C77E1F1',	B8B546C96589B0AC4AD0FD24C77E1F1',
	"y" : h'C647B38C55EFBBC4E62E651720F002D5D	/ y / -3 : h'C647B38C55EFBBC4E62E651720F002D5D
	75B2E0C02CD1326E662BCA222B90416'	75B2E0C02CD1326E662BCA222B90416'
	}	}
	}	}
	}	}

	Figure 3: Example AS Response Including the RS's Public Key	Figure 3: Example AS Response Including the RS's Public Key

	4. Parameters for the Introspection Endpoint	4. Parameters for the Introspection Endpoint

	This section defines the use of CBOR instead of JSON for the cnf	This section defines the use of CBOR instead of JSON for the cnf
	introspection response parameter specified in Section 9.4 of	introspection response parameter specified in Section 9.4 of

	skipping to change at line 253 ¶	skipping to change at line 253 ¶

	If CBOR is used instead of JSON in an interaction with the	If CBOR is used instead of JSON in an interaction with the
	introspection endpoint, the AS MUST use the parameter mapping	introspection endpoint, the AS MUST use the parameter mapping
	specified in Table 1 and the value must follow the syntax of cnf	specified in Table 1 and the value must follow the syntax of cnf
	claim values from Section 3.1 of [RFC8747].	claim values from Section 3.1 of [RFC8747].

	Figure 4 shows an AS response to an introspection request including	Figure 4 shows an AS response to an introspection request including
	the cnf parameter to indicate the PoP key bound to the token.	the cnf parameter to indicate the PoP key bound to the token.

	Header: Created (Code=2.01)	Header: Created (Code=2.01)

	Content-Format: "application/ace+cbor"	Content-Format: application/ace+cbor
	Payload:	Payload:
	{	{

	"active" : true,	/ active / 10 : true,
	"scope" : "read",	/ scope / 9 : "read",
	"aud" : "tempSensor4711",	/ aud / 3 : "tempSensor4711",
	"cnf" : {	/ cnf / 8 : {
	"COSE_Key" : {	/ COSE_Key / 1 : {
	"kty" : "EC2",	/ kty / 1 : 2 /EC2/,
	"kid" : h'11',	/ kid / 2 : h'11',
	"crv" : "P-256",	/ crv / -1 : 1 /P-256/,
	"x" : h'BAC5B11CAD8F99F9C72B05CF4B9E26D24	/ x / -2 : h'BAC5B11CAD8F99F9C72B05CF4B9E26D24
	4DC189F745228255A219A86D6A09EFF',	4DC189F745228255A219A86D6A09EFF',
	"y" : h'20138BF82DC1B6D562BE0FA54AB7804A3	/ y / -3 : h'20138BF82DC1B6D562BE0FA54AB7804A3
	A64B6D72CCFED6B6FB6ED28BBFC117E'	A64B6D72CCFED6B6FB6ED28BBFC117E'
	}	}
	}	}
	}	}

	Figure 4: Example Introspection Response	Figure 4: Example Introspection Response

	5. Confirmation Method Parameters	5. Confirmation Method Parameters

	The confirmation method parameters are used in [RFC9200] as follows:	The confirmation method parameters are used in [RFC9200] as follows:


End of changes. 11 change blocks.
	43 lines changed or deleted	43 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/

mirror server hosted at Truenetwork, Russian Federation.