%% You should probably cite draft-hardt-aauth-bootstrap-01 instead of this revision. @techreport{hardt-aauth-bootstrap-00, number = {draft-hardt-aauth-bootstrap-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-hardt-aauth-bootstrap/00/}, author = {Dick Hardt}, title = {{AAuth Bootstrap}}, pagetotal = 38, year = , month = , day = , abstract = {This document defines AAuth Bootstrap, an extension to the AAuth Protocol ({[}I-D.hardt-aauth-protocol{]}) that specifies how an agent server and an agent bootstrap the agent to be bound to a person at the person's Person Server (PS). Bootstrap establishes the binding between a user (as vouched for by the user's PS) and an agent identity (aauth:local@domain) hosted by an agent server. The specification covers self-hosted agents (where the agent and agent server are co-located under a domain the user controls), web apps, and mobile agents. The agent MAY pass account hints on the PS /bootstrap request to help the PS resolve the user when the user has more than one account at the PS or when the agent already knows something about the user. Identity claims and scoped authorization are obtained separately through the standard three-party flow defined in AAuth Protocol. This specification defines the bootstrap\_token, the bootstrap\_endpoint on the PS and agent server, the signature schemes used at each step, and renewal flows that bypass the PS after the initial binding is established.}, }