[Ace] CBOR Web Token (CWT) spec addressing IESG comments
Mike Jones <Michael.Jones@microsoft.com> Fri, 16 March 2018 09:55 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB35124234 for <ace@ietfa.amsl.com>; Fri, 16 Mar 2018 02:55:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CIjwzUO8ddI for <ace@ietfa.amsl.com>; Fri, 16 Mar 2018 02:55:16 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0134.outbound.protection.outlook.com [104.47.34.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 087051204DA for <ace@ietf.org>; Fri, 16 Mar 2018 02:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lI6+m8O3BxYbWZp2d3HTrMf8Vc8qCKu9aM/rGyL7Mkc=; b=VKTCy5ZksjxiFTB+SMeveY6RM8kwlwe/f89FFAK6LxRPrBY9W5ImrL5DEllWBNYdaE5uYFDkTaqdr4X78Z1roKnEvebq0IpmKMaPsvEtd4FbM4YkkNyqPskd8phZ44u1ftg2l998jNPIaVxa0K21QQ3NF7HUaZL7kyz7XTLJgT4=
Received: from DM5PR00MB0296.namprd00.prod.outlook.com (52.132.128.37) by DM5PR00MB0341.namprd00.prod.outlook.com (52.132.128.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.634.0; Fri, 16 Mar 2018 09:54:44 +0000
Received: from DM5PR00MB0296.namprd00.prod.outlook.com ([fe80::e1c0:298f:7c10:4167]) by DM5PR00MB0296.namprd00.prod.outlook.com ([fe80::e1c0:298f:7c10:4167%2]) with mapi id 15.20.0634.000; Fri, 16 Mar 2018 09:54:44 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "ace@ietf.org" <ace@ietf.org>
CC: "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>
Thread-Topic: CBOR Web Token (CWT) spec addressing IESG comments
Thread-Index: AdO9Cs/++x+fLHH7RFSpgOIUBf3XXg==
Date: Fri, 16 Mar 2018 09:54:44 +0000
Message-ID: <DM5PR00MB02960FE04ACB2E372DCEA0B8F5D70@DM5PR00MB0296.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [217.77.82.83]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR00MB0341; 7:V9R3JFMwadjmK+/PIi+vFPBrbbw1UxArCY6l0hk2H2WoCFDZVYZhV6TEGxuYu7RCpC5SkEpCPQVo9TRRwDdcRt6+qdWcSRnUY5iwy5a7NhzyQr14DJxHN1XTHGzvhTLR1r8B9xh3lC09DmO8EamuQJLmavqKI5Cwc7LhsJT9qMG9NQDj7BfQs2tWZCYHeSYQ7PzKjpj0EAZhy2fmFp2+54VuKPWQusVnJDXR0VteuBiKIKuQJbvg3jOeqpXOFUp8; 20:/iurTfvp+8yTBWqX97EWAIOAq8RNLjVNGNUrNmmwAoxVh5bKc9EjT8vVVmZjDv1oM3hVe29sXkxVHyyHz0Zd55qTccVMkXG2lkhKbNBrr4uwY/HsZDXyGufoOnUy1rLfJsXd31GpKmAeEjNU8kXD1UvOksMRXPL8Z10M2TySFOQ=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: bc3394d7-f7eb-4477-e44b-08d58b23f211
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR00MB0341;
x-ms-traffictypediagnostic: DM5PR00MB0341:
x-microsoft-antispam-prvs: <DM5PR00MB0341DE3A168B170AC6C91CBCF5D70@DM5PR00MB0341.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(31418570063057)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(8121501046)(5005006)(3231221)(944501281)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:DM5PR00MB0341; BCL:0; PCL:0; RULEID:; SRVR:DM5PR00MB0341;
x-forefront-prvs: 0613912E23
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(39380400002)(366004)(376002)(346002)(209900001)(199004)(189003)(10290500003)(5630700001)(2501003)(74316002)(66066001)(606006)(3660700001)(72206003)(7696005)(102836004)(99286004)(2906002)(5660300001)(3280700002)(10090500001)(8990500004)(3846002)(6116002)(25786009)(790700001)(316002)(2351001)(68736007)(86362001)(22452003)(5250100002)(7736002)(55016002)(4326008)(97736004)(966005)(6916009)(6346003)(236005)(81156014)(8676002)(1730700003)(105586002)(8936002)(478600001)(5640700003)(14454004)(86612001)(6306002)(54896002)(9686003)(81166006)(33656002)(2900100001)(106356001)(39060400002)(6506007)(186003)(53376002)(59450400001)(53936002)(6436002)(26005)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0341; H:DM5PR00MB0296.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: F6aA7KE8tJlqaB1AOe/3HBqDe6pNTmA19KAGuEn71Krtawm5chNv9sbn/RrwlkLWtj95pEk1jggdos5g9odn22zXEyGVWNyPWFqDuJNQMYgTQmop9YOQ7CtKqTPoD/i0AfkUM48ux7Dj1Td/HFS5VcBFvDGkFBQB8HQEKvFd+7zrCDBzwFSexQpTbH+qCw4OAKZ6wdt4BeNZfP2zIRaecVjQfXaFTRg+rH5Tbk3JEZ+6KoF+MC5Z/ikTCJg+tJ1nmYXsRtqGSxoqGzXEFnpHR87D2/ytq4sVAzi4g2JuiwE4N9bEMxqSDiQnziRRpE24uh34eh5CmkDP2zpIx3k2BA==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR00MB02960FE04ACB2E372DCEA0B8F5D70DM5PR00MB0296namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc3394d7-f7eb-4477-e44b-08d58b23f211
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2018 09:54:44.2166 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0341
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/M06KOYAhU6U0gWMYOL4vJ64Iu6E>
Subject: [Ace] CBOR Web Token (CWT) spec addressing IESG comments
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2018 09:55:18 -0000
The CBOR Web Token (CWT) specification has been updated to address comments received from Internet Engineering Steering Group (IESG)<https://www.ietf.org/about/groups/iesg/> members. Changes were: * Cleaned up the descriptions of the numeric ranges of claim keys being registered in the registration template for the "CBOR Web Token (CWT) Claims" registry, as suggested by Adam Roach. * Clarified the relationships between the JWT and CWT "NumericDate" and "StringOrURI" terms, as suggested by Adam Roach. * Eliminated unnecessary uses of the word "type", as suggested by Adam Roach. * Added the text "IANA must only accept registry updates from the Designated Experts and should direct all requests for registration to the review mailing list" from RFC 7519, as suggested by Amanda Baber of IANA, which is also intended to address Alexey Melnikov's comment. * Removed a superfluous comma, as suggested by Warren Kumari. * Acknowledged additional reviewers. Special thanks to Security Area Director Kathleen Moriarty for helping get this across the finish line! The specification is available at: * https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-14 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-14.html -- Mike P.S. This notice was also posted at http://self-issued.info/?p=1794 and as @selfissued<https://twitter.com/selfissued>.