Script updating gh-pages from 9fb756f. [ci skip]

oauth-wg · Feb 13, 2025 · 7631bf9 · 7631bf9
1 parent d331fd7
commit 7631bf9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 16 deletions.
diff --git a/PieterKas-patch-1/draft-ietf-oauth-transaction-tokens.html b/PieterKas-patch-1/draft-ietf-oauth-transaction-tokens.html
@@ -2285,7 +2285,8 @@ <h3 id="name-identifying-call-chains">
         <h3 id="name-transaction-token-service-d">
 <a href="#section-9.8" class="section-number selfRef">9.8. </a><a href="#name-transaction-token-service-d" class="section-name selfRef">Transaction Token Service Discovery</a>
         </h3>
-<p id="section-9.8-1">A workload may use a variety of mechanisms to determine the Transaction Token Service it should interact with. Workloads should only retrieve configuration information indicating which Transaction Token Service it should interact with from a trusted location to  minimize the risk of a threat actor inserting configuration information pointing to a Transaction Token Service under it's control, which it may use to collect Access Tokens sent to it as part of the Txn-Token Request message. The workload should authenticate the service providing the configuration information and verify the integrity of the information to prevent a threat actor from inserting configuration information for a Trust Domain Service under its control. The workload may use TLS to authenticate the end-point and protect the request at the transport layer, and may use additional application layer signatures or message authentication codes to detect tampering with the configuration information.<a href="#section-9.8-1" class="pilcrow">¶</a></p>
+<p id="section-9.8-1">A workload may use various mechanisms to determine which Transaction Token Service to interact with. Workloads MUST retrieve configuration information from a trusted source to minimize the risk of a threat actor providing malicious configuration data that points to a Transaction Token Service under it's control. Such a service could be used to collect Access Tokens sent as part of the Transaction Token Request message.<a href="#section-9.8-1" class="pilcrow">¶</a></p>
+<p id="section-9.8-2">To mitigate this risk, workloads SHOULD authenticate the service providing the configuration information and verify the integrity of the configuration information. This ensures that no unauthorized entity can insert or alter configuration data. The workload SHOULDuse Transport Layer Security (TLS) to authenticate the endpoint and secure the communication channel. Additionally, application-layer signatures or message authentication codes MAY be used to detect any tampering with the configuration information.<a href="#section-9.8-2" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="workload-configuration-protection">

diff --git a/PieterKas-patch-1/draft-ietf-oauth-transaction-tokens.txt b/PieterKas-patch-1/draft-ietf-oauth-transaction-tokens.txt
@@ -1061,21 +1061,22 @@ Table of Contents
 
 9.8.  Transaction Token Service Discovery
 
-   A workload may use a variety of mechanisms to determine the
-   Transaction Token Service it should interact with.  Workloads should
-   only retrieve configuration information indicating which Transaction
-   Token Service it should interact with from a trusted location to
-   minimize the risk of a threat actor inserting configuration
-   information pointing to a Transaction Token Service under it's
-   control, which it may use to collect Access Tokens sent to it as part
-   of the Txn-Token Request message.  The workload should authenticate
-   the service providing the configuration information and verify the
-   integrity of the information to prevent a threat actor from inserting
-   configuration information for a Trust Domain Service under its
-   control.  The workload may use TLS to authenticate the end-point and
-   protect the request at the transport layer, and may use additional
-   application layer signatures or message authentication codes to
-   detect tampering with the configuration information.
+   A workload may use various mechanisms to determine which Transaction
+   Token Service to interact with.  Workloads MUST retrieve
+   configuration information from a trusted source to minimize the risk
+   of a threat actor providing malicious configuration data that points
+   to a Transaction Token Service under it's control.  Such a service
+   could be used to collect Access Tokens sent as part of the
+   Transaction Token Request message.
+
+   To mitigate this risk, workloads SHOULD authenticate the service
+   providing the configuration information and verify the integrity of
+   the configuration information.  This ensures that no unauthorized
+   entity can insert or alter configuration data.  The workload
+   SHOULDuse Transport Layer Security (TLS) to authenticate the endpoint
+   and secure the communication channel.  Additionally, application-
+   layer signatures or message authentication codes MAY be used to
+   detect any tampering with the configuration information.
 
 9.9.  Workload Configuration Protection