IETF Logo Mail Archive

Re: [COSE] Consensus Call: Adoption of the COSE Token

Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com> Sun, 22 November 2015 21:25 UTC

Return-Path: <erik.wahlstrom@nexusgroup.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60CEE1B357F for <cose@ietfa.amsl.com>; Sun, 22 Nov 2015 13:25:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.884
X-Spam-Level:
X-Spam-Status: No, score=-2.884 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.585] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LbySP3sO0KjQ for <cose@ietfa.amsl.com>; Sun, 22 Nov 2015 13:25:35 -0800 (PST)
Received: from smtp.nexusgroup.com (smtp.nexusgroup.com [83.241.133.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E011D1B357C for <cose@ietf.org>; Sun, 22 Nov 2015 13:25:34 -0800 (PST)
Received: from NG-EX01.ad.nexusgroup.com (10.75.28.40) by NG-EX01.ad.nexusgroup.com (10.75.28.40) with Microsoft SMTP Server (TLS) id 15.0.995.29; Sun, 22 Nov 2015 22:25:32 +0100
Received: from NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab]) by NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab%12]) with mapi id 15.00.0995.032; Sun, 22 Nov 2015 22:25:32 +0100
From: Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com>
To: Justin Richer <jricher@MIT.EDU>
Thread-Topic: [COSE] Consensus Call: Adoption of the COSE Token
Thread-Index: AQHRGTKb6mzibdroQ0aWbiONihL/Fp6mw9kAgAHRn4A=
Date: Sun, 22 Nov 2015 21:25:31 +0000
Message-ID: <C956700F-1FE3-45C4-AF85-000A7A16F90B@nexusgroup.com>
References: <B163C432-E13C-4D35-B86B-066C1365232A@mit.edu> <7505C89A-FCA1-4AD6-93F6-BDE3517AF1B4@mit.edu>
In-Reply-To: <7505C89A-FCA1-4AD6-93F6-BDE3517AF1B4@mit.edu>
Accept-Language: en-US, sv-SE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.2104)
x-originating-ip: [37.247.26.197]
Content-Type: multipart/alternative; boundary="_000_C956700F1FE345C4AF85000A7A16F90Bnexusgroupcom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/W6KGJXr3igMGdqznqlMsZFpU3RU>
Cc: "cose@ietf.org" <cose@ietf.org>
Subject: Re: [COSE] Consensus Call: Adoption of the COSE Token
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2015 21:25:38 -0000

Hi,

Yes, we have a draft posted in the OAuth WG for a CBOR Web Token (CWT). https://tools.ietf.org/id/draft-wahlstroem-oauth-cbor-web-token-00.txt

We want to keep it there and reference the JWT claims (also defined in OAuth WG) and later add attributes needed for authentication and authorization for IoT to JWT/CWT in ACE WG.

Thanks
Erik



On 21 Nov 2015, at 18:39, Justin Richer <jricher@MIT.EDU<mailto:jricher@MIT.EDU>> wrote:

Reading through the threads an opinions, there is no clear consensus as to where the work should be done. There is roughly equal support for doing this in any of the three offered working groups.

There is clear consensus that it should be done and that, as much as possible, it should be a direct map of the existing JWT payload object and common claims.

In this light, someone needs to just start the work as an individual draft and push forward, and whichever working group most wants to can pick it up and publish it. I have no qualms on accepting this work within the COSE working group and I believe there is enough support to warrant that placement if an author submits a draft here (and this remains my preference as an individual), but I will not object to another group picking it up.

I believe, with all of the overlap between groups, that we will have no trouble getting the “right people” to look at it. Additionally, it is clear that it will be very beneficial to have formal reviews from all three groups once the draft has reached a mature status.

Thankfully, Erik has already done this with his “COSE Web Token” draft. He’s initially targeted this at the OAuth working group, and the work started in ACE, so I call to the author to pick a location and run with it.

— Justin, your COSE chair

On Nov 7, 2015, at 3:01 AM, Justin Richer <jricher@MIT.EDU<mailto:jricher@MIT.EDU>> wrote:

At the Yokohama meeting, the chairs agreed to do a consensus call regarding the adoption and placement of new work to define a COSE Token, analogous to the JWT from JOSE. In the room, there was a general sentiment of support for the work being done, with the wide adoption of JWT and its driving of JOSE being a common theme of precedent. What wasn’t clear is where the work should be done and to what end it should drive. The six positions we are asking the working group to consider and voice their support for are:

A) Define the COSE Token within the COSE working group along side the COSE Messages (and potentially COSE Auxiliary Algorithms) draft.
B) Define the COSE Token inside the OAuth working group.
C) Define the COSE Token inside the ACE working group.
D) Don’t define the COSE Token anywhere.
E) You need more information to decide.
F) You don’t give a flying rat about the COSE Token.*

The consensus call will remain open for two weeks from today, closing on November 21, 2015; at which time, hopefully we will have a clear answer and direction to point this work.

Thank you,
— Justin & Kepeng, your COSE chairs

* I promised those in the room at Yokohama to offer a flying rat option, for which I am deeply sorry.
_______________________________________________
COSE mailing list
COSE@ietf.org<mailto:COSE@ietf.org>
https://www.ietf.org/mailman/listinfo/cose

_______________________________________________
COSE mailing list
COSE@ietf.org<mailto:COSE@ietf.org>
https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email