search

ConsumerDataStandardsAustralia / register

ACCC CDR Register GitHub issue register for external collaboration
https://cdr-register.github.io/register/
38 stars 4 forks source link

Mutual TLS during Client Registration #121

Closed perlboy closed 4 years ago

perlboy commented 4 years ago

There is a table in the cdr-register specification which explains what components require MTLS but it does not include Client Registration. From what I can tell there is no explicit statement that Dynamic Client Registration must be secured with MTLS?

Based on the UK spec it states the following:

Client Registration Endpoint If an ASPSP supports automated client registration, the ASPSP MUST operate an [RFC7591] compliant registration endpoint. The client registration endpoint MUST be protected by transport-layer security (TLS 1.2 or better) The transport layer MUST be mutually authenticated using certificates chaining to the OpenBanking certificate authority

https://openbanking.atlassian.net/wiki/spaces/DZ/pages/36667724/OpenBanking+OpenID+Dynamic+Client+Registration+Specification+-+v1.0.0-rc2#OpenBankingOpenIDDynamicClientRegistrationSpecification-v1.0.0-rc2-ClientRegistrationEndpoint

Is this aligned with implementations in Australia?

cdradr commented 4 years ago

In “Registration API Endpoints” section Register standard mentions “TLS-MA” for register endpoint (and others).

https://cdr-register.github.io/register/#registration-errors

perlboy commented 4 years ago

Ah sorry, right you are, clearly missed that, closing.