Re: [Ace] [Jwt-reg-review] Requested review for IANA registration in draft-ietf-ace-oauth-authz
Brian Campbell <bcampbell@pingidentity.com> Fri, 10 January 2020 20:57 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDC5A120119 for <ace@ietfa.amsl.com>; Fri, 10 Jan 2020 12:57:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o63UCvd1_-WN for <ace@ietfa.amsl.com>; Fri, 10 Jan 2020 12:57:44 -0800 (PST)
Received: from mail-lf1-x144.google.com (mail-lf1-x144.google.com [IPv6:2a00:1450:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B5AD120111 for <ace@ietf.org>; Fri, 10 Jan 2020 12:57:44 -0800 (PST)
Received: by mail-lf1-x144.google.com with SMTP id y19so2482538lfl.9 for <ace@ietf.org>; Fri, 10 Jan 2020 12:57:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=q21hQZ3N/IvEP7LqEwES+heaN5MTopjHDTcNcSdobwM=; b=A0sMsZVGU49daTIScV4mOss2knBk8aQQ0ef8hL2qTMgAtCnq/xTDp7iZAIZFDzlgUs ahI6ep6kkMPegMaqF3m8x+54Bzz309pU9KuMUXXyltEZ34EBwgvbun3gBm3wA/oIvpcP VOlcQH4NcR+xEyOOfxaDburZCMX6VLbIYD7vM+qN8D77KBhMR9J/FaLIuboPyOl+5O+l pvVvZ2809xU/HVHM6FAF6DxCIN88Ok7D/catre28kk/U6w6Ue8mB+aMKxbfFXZvgI12L KU7h1jK1N4caNNwwCKVbjk5cHbAaTDY58DQdwp7GcV4K/hPdke8E/xxKARD2+VALIeEP 6Hbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=q21hQZ3N/IvEP7LqEwES+heaN5MTopjHDTcNcSdobwM=; b=doyJ8oWNYljLaVJJOeF18NL/YHg30d7OxRjkcA398XAICHc243l2IQBWllUKLe5bRR mukvxDnWif1FIxTO1GUu2UVL//3XuIhZm7hRwwhCI6Y5zi2CFLcAEc1bScDdyU6P/n72 6q/8QHE52QIZj5XkcTAop/nKQQ153nF+GUGshPx1/DRaDzY24xWE0kZfJRE0ty+bUX2q vziIjrCAU+Hh0zqMovhSad9/TpwMm+1XeZ9E6ZYsQ2y8kK+idoV7mJDz4cN16ACwX3kJ Qdt19OkIXdMICXEA73aJircnpIdd7NOyvz6D9WRVTpgEsHRRw5j/nnuLVn5+7Qmib3Q/ h1Ew==
X-Gm-Message-State: APjAAAVPoCCIKkUMPBTJr8imWLyG6uziDs1hwlXbmMVWlwXJrX31rQix /TxloSsv+W1uiNpy/88fYxHyfbdZfiIsTPPSmpaacoW63ZHBZr54PXyL1OEyMS4FVEpPLjo6XAb JXqCb7tXqnhc=
X-Google-Smtp-Source: APXvYqxPH1mFmXXOPMF8ZtoE2ruod1Mf7n88fcl1/d31snKaft+BG9BDfB3ubsHGYMxwdQxHbUFJN3XxtefHqxiNTwE=
X-Received: by 2002:ac2:4d04:: with SMTP id r4mr3556056lfi.77.1578689862850; Fri, 10 Jan 2020 12:57:42 -0800 (PST)
MIME-Version: 1.0
References: <9c32d171-9a4a-ba71-c989-92a177d9e989@gmx.de> <dc02aa6c-5cfc-bfb1-9672-facf7eb17ad7@gmx.de>
In-Reply-To: <dc02aa6c-5cfc-bfb1-9672-facf7eb17ad7@gmx.de>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 10 Jan 2020 13:57:16 -0700
Message-ID: <CA+k3eCSnNdvZAZZmequkLdcU_OkgD2au7+yFZOMJT3w0CLsrOQ@mail.gmail.com>
To: Ludwig Seitz <ludwig_seitz@gmx.de>
Cc: jwt-reg-review@ietf.org, Roman Danyliw <rdd@cert.org>, Jim Schaad <ietf@augustcellars.com>, The IESG <iesg@ietf.org>, "ace@ietf.org" <ace@ietf.org>, drafts-lastcall@iana.org, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="0000000000007c7bac059bcf6054"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Mx3NHcfLp0_k7DoSsK1JAEtZvLE>
Subject: Re: [Ace] [Jwt-reg-review] Requested review for IANA registration in draft-ietf-ace-oauth-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 20:57:48 -0000
I'm really struggling with understanding what the value of an "ace_profile" claim actually would be in a JWT. A JSON string that's the profile name (though 5.6.4.3 maybe prohibits that)? A JSON number that's an integer matching the CBOR Value? Something else? Is the value of "exi" in a JWT a JSON number? Seems likely but it's something that should probably be made explicit. Also for "exi", the requirement in 5.8.3. to "keep track of the identifiers of tokens containing the "exi" claim that have expired (in order to avoid accepting them again)" seems problematic in that it sounds like it's mandating an unbounded growth of memory use. The draft says that the "cnonce" claim (value) uses binary encoding. What does that mean for JSON based JWT? On Sat, Dec 21, 2019 at 4:35 AM Ludwig Seitz <ludwig_seitz@gmx.de> wrote: > Hello JWT registry reviewers, > > the IESG-designated experts for the JWT claims registry have asked me to > send a review request to you about the claims registered here: > > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.12 > > Thank you in advance for you review comments. > > Regards, > > Ludwig > > _______________________________________________ > Jwt-reg-review mailing list > Jwt-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/jwt-reg-review > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [Ace] Requested review for IANA registration in d… Ludwig Seitz
- Re: [Ace] Requested review for IANA registration … Ludwig Seitz
- Re: [Ace] Requested review for IANA registration … Brian Campbell
- Re: [Ace] [Jwt-reg-review] Requested review for I… Brian Campbell
- Re: [Ace] [Jwt-reg-review] Requested review for I… Seitz Ludwig
- Re: [Ace] [Jwt-reg-review] Requested review for I… Brian Campbell
- Re: [Ace] [Jwt-reg-review] Requested review for I… Ludwig Seitz
- Re: [Ace] [Jwt-reg-review] Requested review for I… Brian Campbell
- Re: [Ace] Requested review for IANA registration … Brian Campbell
- Re: [Ace] Requested review for IANA registration … Benjamin Kaduk
- [Ace] [IANA #1160802] Re: Requested review for IA… Sabrina Tanamal via RT
- Re: [Ace] Requested review for IANA registration … Ludwig Seitz
- Re: [Ace] Requested review for IANA registration … Brian Campbell
- Re: [Ace] [EXTERNAL] [Jwt-reg-review] [IANA #1160… Mike Jones