tls_ client_ auth_ san_ email
Registry Context
This client metadata field specifies the expected rfc822Name SAN value in the certificate used for mutual-TLS authentication.
Technical Summary
An OAuth Dynamic Client Registration metadata parameter containing a string that identifies an expected rfc822Name subject alternative name entry for the PKI mutual-TLS client authentication method.
When Used
When a client using tls_client_auth identifies its certificate by an rfc822Name SAN entry.
Normative Requirements
A client using the tls_client_auth authentication method
RFC 8705 - Section 2.1.2
use exactly one of the PKI mutual-TLS client registration metadata parameters to indicate the certificate subject value expected by the authorization server.
A client using the tls_client_auth authentication method MUST use exactly one of the below metadata parameters
Validation Guidance
For a client using tls_client_auth, verify that exactly one PKI mutual-TLS subject metadata parameter is specified.
Verify that tls_client_auth_san_email is a string containing the expected rfc822Name SAN entry value.
Reference
Details
- Entry Id
tls_client_ auth_ san_ email - Client Metadata Name
tls_client_ auth_ san_ email - Client Metadata Description
String value specifying the expected rfc822Name SAN entry in the client certificate.- Change Controller
IESG- Reference
RFC8705 - Section 2.1.2