IETF Logo Mail Archive

Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02

Mike Jones <Michael.Jones@microsoft.com> Tue, 24 October 2017 00:04 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 620B913A5BC for <id-event@ietfa.amsl.com>; Mon, 23 Oct 2017 17:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.009
X-Spam-Level:
X-Spam-Status: No, score=-3.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HevmSIEc5zRn for <id-event@ietfa.amsl.com>; Mon, 23 Oct 2017 17:04:07 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0102.outbound.protection.outlook.com [104.47.41.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0868613A1FA for <id-event@ietf.org>; Mon, 23 Oct 2017 17:04:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UVDJP/6+4+kiVn86tJ5P/NwlQSAEFgtqkwbT22nY8eI=; b=aCfEsumeDaH0EfkrSibEdxY3VB9HnL6//pv3q42/Bvq8pxGC6f8NEpIBtIyn1srMnF5RrW7iaM+bSGxNfxIsMMqdvAnVkyGt6NO3LP3FxJs48V0Hs1g89zkHTbS+ifQ/46NGr6w/G6kqeVko6qpzC0nBiVB2tVgC3YD8Hc3mcvU=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0759.namprd21.prod.outlook.com (10.173.192.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.197.0; Tue, 24 Oct 2017 00:04:05 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0197.001; Tue, 24 Oct 2017 00:04:05 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Nat Sakimura <sakimura@gmail.com>, "M.Lizar@OCG" <m.lizar@openconsentgroup.com>
CC: Yaron Sheffer <yaronf.ietf@gmail.com>, SecEvent <id-event@ietf.org>
Thread-Topic: [Id-event] WG Last Call for draft-ietf-secevent-token-02
Thread-Index: AQHTCj09LrxBWiFA7kmsguwQioPAmaJuaWjQgAFFhACAAaApAICBPUPA
Date: Tue, 24 Oct 2017 00:04:05 +0000
Message-ID: <CY4PR21MB05043CD666835BB3470F2AFDF5470@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <e6649728-f94a-93f5-9885-c948a5b0ed49@gmail.com> <CY4PR21MB0504DEA69A048EADE122995DF5B20@CY4PR21MB0504.namprd21.prod.outlook.com> <D263DE2D-48F7-4AF5-B96F-B83AAED779F6@openconsentgroup.com> <CABzCy2Cxhs_4soMY+iKwva4YrCpKD9fGngb+ffMV6z2nwzJg0A@mail.gmail.com>
In-Reply-To: <CABzCy2Cxhs_4soMY+iKwva4YrCpKD9fGngb+ffMV6z2nwzJg0A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-10-23T17:04:03.2670534-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:5::42f]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0759; 6:izs/IUYHh+rT7rdVraL0w5cZSBJVOToDfpbW2V/g5p9fJk8t6gH60MSX9DHOfa94qOKs5HWPTm6GyQzoPYH9ierJ0GF3mobjaLuBWC5GQcAcbmf2nKzDejvnX/WSNAMnNODFPt+vzzXakFWNMxV+L97P7JNDLciYpognmwYziC1SbmRf5HQSgPqtyt7Foj7INsqWsf9pu/8KgIpN0nFHSD5tRzAHnk6sz7UyF7oKrwus0MKcAX2NOkBc4IfvbX0Vuw9O85FAMzY8SN2iy9e0Fd9m0kKLK+7NQhZpRkH+YQaqNjvPQJMfTVuwz5RmCGi5NjPEsHCdwQf+/dY1TtolUbR5/bk+ckBzfPGrjgtuLf8=; 5:jSBl9TPiaGWyeQoTrz+mYmiaFWlxf4o9UM9bmSXjrYTi7a3e3po1OokZv0/n/pqE0KkUIiYnlCdwooINwMyMMZ3kN0NcUgTQp94snutTn0c9O40ID6p17qh8ul3/OdCm1QQqEHbnDXXsx9eai2sBHVWttasgvcRMReFUCj4wsMM=; 24:U9IjB9DjhMSz4Lwo3JxVqIbEJxp1N6yoDpOFxU7HG2nxmtf+OtXabifPv6cdkibxdpRB8yCBALtEm0kt2FFIJxQKF9zXKjq4VrL/+DMqjMc=; 7:mL6QihcjWTrbpkrxGxSAdSj3eWFzIhTC1Lz+kG5bHb3E3B/jIV+J1nkXTeITBsklQijH/33h2Jo+lSIntViBWvX1llmpI3L5fIp24VmEe4EtfqYnem7xHpi8mhA8FdTyTAXg3K5ynG+eFfw+0HH0OSYlTfhGYcYzkuIBmFGaUznfx1yjsS9EuQHSH8/QRnLbbGwR5Zt3GDoSPr12tWqkYRiwHwxLLwnUO2Jvnr1oPsy4/o78+UGD4EG2EJDyeqZq
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8b31bd39-767c-433e-09d4-08d51a72bdad
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603229); SRVR:CY4PR21MB0759;
x-ms-traffictypediagnostic: CY4PR21MB0759:
x-exchange-antispam-report-test: UriScan:(89211679590171)(120809045254105)(21748063052155)(1591387915157);
x-microsoft-antispam-prvs: <CY4PR21MB075976005AA37735318CE2C4F5470@CY4PR21MB0759.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(3231020)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123558100)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0759; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0759;
x-forefront-prvs: 047001DADA
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(47760400005)(199003)(189002)(24454002)(69234005)(51914003)(4326008)(53936002)(229853002)(2950100002)(102836003)(6116002)(6506006)(790700001)(2900100001)(74316002)(7736002)(77096006)(50986999)(8936002)(76176999)(54356999)(230783001)(14454004)(8676002)(6436002)(105586002)(81166006)(81156014)(106356001)(25786009)(72206003)(478600001)(68736007)(966005)(53546010)(606006)(10290500003)(3280700002)(5660300001)(110136005)(54906003)(3660700001)(316002)(22452003)(19609705001)(189998001)(2906002)(86362001)(33656002)(6306002)(9686003)(236005)(39060400002)(8990500004)(99286003)(101416001)(6246003)(86612001)(93886005)(7696004)(55016002)(97736004)(10090500001)(54896002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0759; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB05043CD666835BB3470F2AFDF5470CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b31bd39-767c-433e-09d4-08d51a72bdad
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2017 00:04:05.1859 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0759
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/tZYFaBwggeamd7yYaDlslcVfokA>
Subject: Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 00:04:09 -0000

Thanks for the useful review, Nat.  Proposed resolutions are inline below.

FYI, Annabelle Backman and I sat down last week during the Internet Identity Workshop (IIW) and read through all the WGLC comments.  The series of replies to come contains proposed resolutions we discussed.

From: Nat Sakimura [mailto:sakimura@gmail.com]
Sent: Wednesday, August 2, 2017 10:07 AM
To: M.Lizar@OCG <m.lizar@openconsentgroup.com>; Mike Jones <Michael.Jones@microsoft.com>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>; SecEvent <id-event@ietf.org>
Subject: Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02

Thanks, it looks generally good. I had only three small nits.

1) "MUST NOT" in the introduction.
---------------------------------------------------
I feel that it is better to have this MUST NOT in the main text. The introduction often is skipped by a reader.

Agreed:  Propose changing “MUST NOT” to “cannot”.

2) Potentially missing "defined in " in Section 2 the first bullet
------------------------------------------------------------------------------------------------------
There seems to be missing "defined in" in the sentence "the JWT Token Claims Registry Section 10.1".

I’ll change this reference to [IANA.JWT.Claims] with target https://www.iana.org/assignments/jwt/jwt.xhtml#claims.

3) Issuer validation
----------------------------------
I am not sure how to do an issuer validation when using unsecured JWT.
Adding more explanation would be beneficial.

I propose adding this additional sentence to the paragraph you referenced:
“Likewise if the profile allows (or requires) that the JWT be unsecured, the means by which the integrity of the JWT is ensured MUST be specified.”

Best,

Nat

                                                                Thanks,
                                                                -- Mike

On Wed, Aug 2, 2017 at 1:18 AM M.Lizar@OCG<mailto:M.Lizar@OCG> <m.lizar@openconsentgroup.com<mailto:m.lizar@openconsentgroup.com>> wrote:
+1 on existing text .

Agree the document is ready to publish

- Mark

On 31 Jul 2017, at 16:53, Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> wrote:

I believe that the specification is ready to publish as-is.  It already meets the needs of the known use cases and is in production use.

                                                                -- Mike

From: Id-event [mailto:id-event-bounces@ietf.org] On Behalf Of Yaron Sheffer
Sent: Monday, July 31, 2017 1:40 PM
To: SecEvent <id-event@ietf.org<mailto:id-event@ietf.org>>
Subject: [Id-event] WG Last Call for draft-ietf-secevent-token-02

This is to announce working group last call on this draft (https://datatracker.ietf.org/doc/draft-ietf-secevent-token/).

Please send your comments to the list. Even if you are perfectly happy with the draft, please let us know that you support its publication as-is by posting to the list.

Because of the summer holidays, this last call is open for 3 weeks, until Aug. 21.

Thanks,
    Dick and Yaron
_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event
_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event
--

Nat Sakimura

Chairman of the Board, OpenID Foundation

v2.23.0 | Report a Bug | By Email