Secure REST-based Request Response Profile

Title: Secure REST-based Request Response Profile

Description: The Secure REST-based Request Response profile supports consistent and compliant use of the uniform interface offered by HTTP for accessing a federated protected resource (REST-based Web Service). The Client makes a protected access request to the Resource Server (authority part referred to within the request URI) presenting the Access Token in the Header of the HTTP request. If the Access Token is successfully validated the Resource Server processes the authorised request and the result is returned to the Client.

Reference document

Org: FMN

Pubnum

Date: 2022-12-02

Version

Title: Proposed FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CANDIDATE

The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC 6750:2012)

Guidance

The Access Token is encoded in the HTTP Authorization entity-header by the Client.

The auth-scheme parameter for the HTTP Authorization entity-header is specified to indicate the type of Access Token

As a minimum for complying with this profile, the auth-scheme parameter value for the HTTP Authorization Header is Bearer.

Note If supporting the OAuth 2.0 DPoP Profile the auth-scheme parameter value is DPoP).

Note If supporting the OAuth 2.0 HTTP Message Signatures Profile the auth-scheme parameter value is PoP).

In the cases where a Client receives a 401 status error code, that Client SHALL request an Access Token from the Authorization Server as specified in PRF-139 OAuth 2.0 Assertion Grant Profile.

Status

URI

History

Flag	Date	RFC	Version
added	2023-01-23	14-32	15

UUID: 8cbe7e13-31e0-42c3-8f7f-2af7fee1bed6

Utilization

This profile is used by the following profiles:

Web Platform Standards Profiles - (profile)