Title
Secure REST-based Request Response Profile
Description
The Secure REST-based Request Response profile supports consistent and compliant use of the uniform interface offered by HTTP for accessing a federated protected resource (REST-based Web Service). The Client makes a protected access request to the Resource Server (authority part referred to within the request URI) presenting the Access Token in the Header of the HTTP request. If the Access Token is successfully validated the Resource Server processes the authorised request and the result is returned to the Client.

Reference document

Org
FMN
Pubnum
Date
2022-12-02
Version
Title
Proposed FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CANDIDATE

Guidance

The Access Token is encoded in the HTTP Authorization entity-header by the Client.

The auth-scheme parameter for the HTTP Authorization entity-header is specified to indicate the type of Access Token

As a minimum for complying with this profile, the auth-scheme parameter value for the HTTP Authorization Header is Bearer.

Note If supporting the OAuth 2.0 DPoP Profile the auth-scheme parameter value is DPoP).

Note If supporting the OAuth 2.0 HTTP Message Signatures Profile the auth-scheme parameter value is PoP).

In the cases where a Client receives a 401 status error code, that Client SHALL request an Access Token from the Authorization Server as specified in PRF-139 OAuth 2.0 Assertion Grant Profile.

Status

URI

History

Flag Date RFC Version
added 2023-01-23 14-32 15
UUID
8cbe7e13-31e0-42c3-8f7f-2af7fee1bed6

Utilization

This profile is used by the following profiles: