- edited description
Interoperability: Validation of tls_client_auth_subject_dn using RFC7591
ETSI specification https://www.etsi.org/deliver/etsi_ts/119400_119499/119495/01.03.01_60/ts_119495v010301p.pdf ETSI TS 119 495 V1.3.1 which defines the certificate profile being used as oAuth 2.0 client authentication. When used as part of DCR, the metadata property tls_client_auth_subject_dn needs to be provided by TPPs and then checked by the bank that it matches the corresponding certificate used for mutual tls.
The issue is that it is ambiguous with no discovery mechanism available that describes how both parties will process non standard oids.
This basically means that TPPs have to try a couple of times to register their clients by guessing how a Bank will process their DN string. https://tools.ietf.org/html/rfc4514 describes how this should be performed.
Implementations MAY recognize other DN string representations.
However, as there is no requirement that alternative DN string
representations be recognized (and, if so, how), implementations
SHOULD only generate DN strings in accordance with of this
document.
Comments (6)
-
reporter -
reporter - edited description
-
- changed component to Part 2: Advanced
-
- changed component to FAPI 1 – Part 2: Advanced
-
- changed component to FAPI 1: Advanced
-
- changed component to FAPI2: DCR & DCM
- Log in to comment