[TSG-Access-RD] Useful resource on OAuth2/OpenID Connect

Fri Dec 14 17:13:18 UTC 2018

I know we have yet to agree on a charter but I don't think there's any
harm in starting to explore the solution space.

I've been meaning to get my head around OAuth2 and OpenID Connect for
some time, being aware of the work of Scott and Marc Blanchet of
Viagenie on using OpenID Connect to authenticate RDAP queries.
Suspecting that any protocol we might produce will be based on them, I
spent some time today looking for an "idiot's guide" and found this
video on YouTube which I think is worth an hour of your time:

https://www.youtube.com/watch?v=996OiexHze0

I've tried to conceptualise how the different parts of OAuth2 might map
onto our use case:

* "Resource owner" - for us, this would not be owner of the registration
data, but the person requesting access to non-public registration data.

* "Authorisation server" - this would be operated by ICANN, but could
redirect to other authorisation servers. The might also redirect to a
third-party authentication server.

* "Resource server" - this is an RDAP server. It seems as though a way
for ICANN and RO to agree on a client's access token is needed.

* "Authorisation grants" - one difference to the traditional OAuth2
model is that the specific permissions granted are determined by the
authz server, not the user.

Scott - any thoughts on the above?

G.

-- 
Gavin Brown
Chief Technology Officer
CentralNic Group plc (LSE:CNIC)
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/
+44.7548243029

CentralNic Group plc is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London,
EC2R 6AR.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/tsg-access-rd/attachments/20181214/fc2e1174/signature.asc>