Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02
Adam Dawes <adawes@google.com> Wed, 02 August 2017 18:12 UTC
Return-Path: <adawes@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A7012EB99 for <id-event@ietfa.amsl.com>; Wed, 2 Aug 2017 11:12:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwaCnNfpV7-e for <id-event@ietfa.amsl.com>; Wed, 2 Aug 2017 11:12:08 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3C08124B18 for <id-event@ietf.org>; Wed, 2 Aug 2017 11:12:07 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id s143so34010885ywg.1 for <id-event@ietf.org>; Wed, 02 Aug 2017 11:12:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MVXh7ZeSDEuwM1pwxH/5tBMYKtY1xljvSvXFJrp/Xus=; b=tUlNfUBTi61GHefhR7dIoiXzzqU8dCVSTtoo0QZQ+cySqhpi+lnnihaBapJI82oHve 8ckupt3cBvWIS084HJnhj5qA5sXXTGW+0l2ofz44LcOnhMEOBLXzP09A9+tfUGWW8EE0 GVAIutUntdoq+7XBnCkuWOq6/swsZ8VOOCB36Zy9iMfw8kBlOlZAgzf+trKwPRpyl+A9 zRRzBOFC9VeKC6XGjFZ/IB5IzyIWfjEDYrYqSYKEowjs4SukRB6S5tshJt6GhbcvloSq jH5XheO2vdVjfsAQzHjFwcQiEvYposOwkAVlyh8El0qbxOkpJFfHZ7A4xm7PSInAAZh3 fp4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MVXh7ZeSDEuwM1pwxH/5tBMYKtY1xljvSvXFJrp/Xus=; b=jnc35SdMutwy2q+Z5f6kp6iPwrpQSNGh7mJ24cJLVgM4tXApL+5JkjrexN77mKzKOi b2mb/rYR1/HSr0xnP5Jw4mYGBs7/ptgFbqetdaswBqCBpjm/fXz09ObquGy4CvHPwktx TC1ZeLLxL9E9oS3mp3b5rhhEsjQwi2K3kW43qnm8BABR6A6rFpEMNYcf6n1ON++7Mgf9 ME7nPWyaolTNIw9LuHhqwcUh9glJHjAAve7azqYXFnc6LBbxevlVQ3yr0GN3HALaj650 kTh1ZOoWS988Ar6IZzVUfr9/cRsvZ4oMS60r2zWhbdOc5XkMrNbOkU6X5snVrceyLDZL ILzg==
X-Gm-Message-State: AIVw1121IHFI6nj2tRcV8pQXxfRAZ+17V+2kFOxchxXc6D3c1F9Ro1aA /QY//BIUToJfrsg79gkGUDAkgcexc0yH
X-Received: by 10.37.203.70 with SMTP id b67mr12366268ybg.209.1501697526572; Wed, 02 Aug 2017 11:12:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.66.193 with HTTP; Wed, 2 Aug 2017 11:12:05 -0700 (PDT)
In-Reply-To: <BA9AC21F-99A4-45F6-B9F4-38323E915C33@oracle.com>
References: <e6649728-f94a-93f5-9885-c948a5b0ed49@gmail.com> <CY4PR21MB0504DEA69A048EADE122995DF5B20@CY4PR21MB0504.namprd21.prod.outlook.com> <D263DE2D-48F7-4AF5-B96F-B83AAED779F6@openconsentgroup.com> <CABzCy2Cxhs_4soMY+iKwva4YrCpKD9fGngb+ffMV6z2nwzJg0A@mail.gmail.com> <BA9AC21F-99A4-45F6-B9F4-38323E915C33@oracle.com>
From: Adam Dawes <adawes@google.com>
Date: Wed, 02 Aug 2017 11:12:05 -0700
Message-ID: <CAOJhRMYwMHEKskNrQta+4OzgePR5fD5pgkrq+O6yYMqzG17cvg@mail.gmail.com>
To: Phil Hunt <phil.hunt@oracle.com>
Cc: Nat Sakimura <sakimura@gmail.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>, "M.Lizar@OCG" <m.lizar@openconsentgroup.com>, SecEvent <id-event@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0566b0a244dc0555c93341"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/DAU7nRaCki3XlAkOIR7GWC5JlfI>
Subject: Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 18:12:10 -0000
I believe this is ready for publication. Google will be making changes to our proto RISC implementation to conform and will be looking forward to getting real-world feedback on the spec. On Wed, Aug 2, 2017 at 10:26 AM, Phil Hunt <phil.hunt@oracle.com> wrote: > Nat, > > Thanks for the read. > > For #1 - should we move that paragraph to section 2 and leave some more > generalized statement in section 1? > > For #2 - I think the paragraph starting “An outer JSON object that acts…” > could be improved. Agreed that something along the lines of defined in JWT > should be used. > > I recall #3 came up before as part of the delivery spec discussions. My > intent is that when using unsecured JWTs the receiver has to validate via > the method of delivery. E.g. was the JWT delivered over a mutually > authenticated channel? > > Section 4.1 and 4.2 covers the issue albeit indirectly. > > I will go over the text and see what improvement could be made - probably > in security considerations. > > Phil > > Oracle Corporation, Identity Cloud Services Architect & Standards > @independentid > www.independentid.com > phil.hunt@oracle.com > > On Aug 2, 2017, at 10:07 AM, Nat Sakimura <sakimura@gmail.com> wrote: > > Thanks, it looks generally good. I had only three small nits. > > *1) "MUST NOT" in the introduction. * > --------------------------------------------------- > I feel that it is better to have this MUST NOT in the main text. The > introduction often is skipped by a reader. > > *2) Potentially missing "defined in " in Section 2 the first bullet* > ------------------------------------------------------------ > ------------------------------------------ > There seems to be missing "defined in" in the sentence "the JWT Token > Claims Registry Section 10.1". > > *3) Issuer validation* > ---------------------------------- > I am not sure how to do an issuer validation when using unsecured JWT. > Adding more explanation would be beneficial. > > Best, > > Nat > > On Wed, Aug 2, 2017 at 1:18 AM M.Lizar@OCG <m.lizar@openconsentgroup.com> > wrote: > >> +1 on existing text . >> >> Agree the document is ready to publish >> >> - Mark >> >> On 31 Jul 2017, at 16:53, Mike Jones <Michael.Jones@microsoft.com> wrote: >> >> I believe that the specification is ready to publish as-is. It already >> meets the needs of the known use cases and is in production use. >> >> -- Mike >> >> *From:* Id-event [mailto:id-event-bounces@ietf.org >> <id-event-bounces@ietf.org>] *On Behalf Of *Yaron Sheffer >> *Sent:* Monday, July 31, 2017 1:40 PM >> *To:* SecEvent <id-event@ietf.org> >> *Subject:* [Id-event] WG Last Call for draft-ietf-secevent-token-02 >> >> >> This is to announce working group last call on this draft ( >> https://datatracker.ietf.org/doc/draft-ietf-secevent-token/ >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dsecevent-2Dtoken_&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=Nj4D94_Z5TX7aZpILIENbLknqDGinZlFUseKss9KZyY&s=34V_EUmT5gCZRmlH04kADdidPjoaKQgvob9KTHAK0Y0&e=> >> ). >> >> Please send your comments to the list. Even if you are perfectly happy >> with the draft, please let us know that you support its publication as-is >> by posting to the list. >> >> Because of the summer holidays, this last call is open for 3 weeks, until >> Aug. 21. >> >> Thanks, >> Dick and Yaron >> >> _______________________________________________ >> Id-event mailing list >> Id-event@ietf.org >> https://www.ietf.org/mailman/listinfo/id-event >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_id-2Devent&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=Nj4D94_Z5TX7aZpILIENbLknqDGinZlFUseKss9KZyY&s=jgy3vjdjQKBEXv9AoYCSJ76EnSrAP9cnVXeoCkGMY9o&e=> >> >> _______________________________________________ >> Id-event mailing list >> Id-event@ietf.org >> https://www.ietf.org/mailman/listinfo/id-event >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_id-2Devent&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=Nj4D94_Z5TX7aZpILIENbLknqDGinZlFUseKss9KZyY&s=jgy3vjdjQKBEXv9AoYCSJ76EnSrAP9cnVXeoCkGMY9o&e=> >> > -- > > Nat Sakimura > > Chairman of the Board, OpenID Foundation > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www. > ietf.org_mailman_listinfo_id-2Devent&d=DwICAg&c= > RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= > JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=Nj4D94_ > Z5TX7aZpILIENbLknqDGinZlFUseKss9KZyY&s=jgy3vjdjQKBEXv9AoYCSJ76EnSrAP9 > cnVXeoCkGMY9o&e= > > > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://www.ietf.org/mailman/listinfo/id-event > > -- Adam Dawes | Sr. Product Manager | adawes@google.com | +1 650-214-2410
- [Id-event] WG Last Call for draft-ietf-secevent-t… Yaron Sheffer
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] WG Last Call for draft-ietf-seceve… John Bradley
- Re: [Id-event] WG Last Call for draft-ietf-seceve… William Denniss
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… M.Lizar@OCG
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Nat Sakimura
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Adam Dawes
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Richard Backman, Annabelle
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Richard Backman, Annabelle
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Richard Backman, Annabelle
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Marius Scurtescu
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Henk Birkholz
- [Id-event] "aud" vs. receiver issue raised in WGLC Phil Hunt
- Re: [Id-event] "aud" vs. receiver issue raised in… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt (IDM)
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt (IDM)
- Re: [Id-event] "aud" vs. receiver issue raised in… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Benjamin Kaduk
- Re: [Id-event] "aud" vs. receiver issue raised in… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt