Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Mike Jones <Michael.Jones@microsoft.com> Fri, 05 April 2013 00:06 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB12B21F8F4A for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 17:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.474
X-Spam-Level:
X-Spam-Status: No, score=-2.474 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fuqAkFPqrY48 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2013 17:06:58 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0205.outbound.protection.outlook.com [207.46.163.205]) by ietfa.amsl.com (Postfix) with ESMTP id C2BA921F8EF1 for <jose@ietf.org>; Thu, 4 Apr 2013 17:06:57 -0700 (PDT)
Received: from BY2FFO11FD019.protection.gbl (10.1.15.203) by BY2FFO11HUB007.protection.gbl (10.1.14.165) with Microsoft SMTP Server (TLS) id 15.0.664.0; Fri, 5 Apr 2013 00:06:44 +0000
Received: from TK5EX14HUBC102.redmond.corp.microsoft.com (131.107.125.37) by BY2FFO11FD019.mail.protection.outlook.com (10.1.14.107) with Microsoft SMTP Server (TLS) id 15.0.664.0 via Frontend Transport; Fri, 5 Apr 2013 00:06:45 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.224]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.02.0318.003; Fri, 5 Apr 2013 00:06:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Dick Hardt' <dick.hardt@gmail.com>
Thread-Topic: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
Thread-Index: AQHOMY4K/CBXlejW1k6UsatNlgmVrZjGv6cw
Date: Fri, 05 Apr 2013 00:06:36 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943675B5B79@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org> <074.0ab64512938724c4d95e33c537c743e4@trac.tools.ietf.org> <56E2D113-F689-4C41-93AF-3C0DB8E70A6C@gmail.com> <4E1F6AAD24975D4BA5B1680429673943675B4F18@TK5EX14MBXC283.redmond.corp.microsoft.com> <E82CBC0D-F2C6-4860-BF2B-686C73BAACFF@gmail.com> <4E1F6AAD24975D4BA5B1680429673943675B568E@TK5EX14MBXC283.redmond.corp.microsoft.com> <016901ce318d$ea623ee0$bf26bca0$@augustcellars.com>
In-Reply-To: <016901ce318d$ea623ee0$bf26bca0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.78]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(51704002)(51444002)(13464002)(24454001)(377454001)(54356001)(15202345001)(80022001)(31966008)(63696002)(47976001)(5343635001)(20776003)(49866001)(50986001)(5343655001)(56816002)(77982001)(47776003)(65816001)(81342001)(55846006)(74502001)(50466001)(69226001)(44976002)(56776001)(74662001)(23726001)(16406001)(54316002)(33656001)(47736001)(76482001)(46406002)(4396001)(79102001)(66066001)(81542001)(47446002)(53806001)(59766001)(51856001)(46102001); DIR:OUT; SFP:; SCL:1; SRVR:BY2FFO11HUB007; H:TK5EX14HUBC102.redmond.corp.microsoft.com; LANG:en;
X-OriginatorOrg: microsoft.onmicrosoft.com
X-Forefront-PRVS: 08076ABC99
Cc: "draft-ietf-jose-json-web-encryption@tools.ietf.org" <draft-ietf-jose-json-web-encryption@tools.ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 00:06:58 -0000
Yes, I believe that the intent is 2 - these are global registrations. -- Mike -----Original Message----- From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Thursday, April 04, 2013 4:41 PM To: Mike Jones; 'Dick Hardt' Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org Subject: RE: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names Mike, I want to make sure that I understand how the registry is going to work. After I get an answer I will go back and review the document to make sure that it is both clear and consistent with your response. It is clear that any document (not just an IETF document) can create a new entry in the header registry. Once this has been done there are two possible results: 1. The resulting registration is for a specific protocol - thus if the JWT document registers iss and aud they would be specific for to the JWT documents or 2. The resulting registration is permitted for any protocol - thus the JWT document would be required to provide clear documentation about how the iss and aud header fields would operate for any potential new protocol that wanted to use these header fields. I think that both you and the WG believe that the second statement is correct. This is just a verification for me personally. Jim > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf > Of Mike Jones > Sent: Thursday, April 04, 2013 4:04 PM > To: Dick Hardt > Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org > Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter > Names > > I think it's better for three reasons. First, I think it's better to reserve the > names and define the new processing rules in the document where > they're defined - the JWT spec. > > Second, the "iss" and "aud" header values aren't meaningful in JWEs in > the general case - only in JWEs whose message is a JWT Claims Set. > That's a scoping argument that they shouldn't be defined in the JWE spec. > > Third, as is normal for IETF specs, the "one place to look for > reserved JWE > header names" is the IANA registry for those names. Yes, the JWE spec > reserves an initial set of names, but it won't be the only spec to > reserve header parameter names, and so to see the full list, > developers have to consult the registry. > > -- Mike > > P.S. There's already an example of the JWT spec reserving names in a registry > defined by the JWS spec. See http://tools.ietf.org/html/draft-ietf-oauth-json- > web-token-06#section-9.3.1. Reserving header parameter names in the > JSON Web Signature and Encryption Header Parameters Registry > established in JWS (see http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#section- > 7.1.1) would be done in an analogous manner. > > -----Original Message----- > From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf > Of Dick Hardt > Sent: Thursday, April 04, 2013 1:10 PM > To: Mike Jones > Cc: draft-ietf-jose-json-web-encryption@tools.ietf.org; jose@ietf.org > Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter > Names > > > On Apr 4, 2013, at 9:27 AM, Mike Jones <Michael.Jones@microsoft.com> > wrote: > > > JWT defines "aud" and "iss" and reserves them as claim names but not > > as > JWE header parameter names, nor does it currently specify their usage > in that > location. My point is that I think the best way to accomplish what > you're asking for is to have the JWT spec also reserve these as JWE > header parameter names and define the semantics and processing rules > associated with using them in that location. > > Repeating that you think it is "best" is not educating me on *why* you think it > is "best"! > > The other reserved JWE header parameter names are not reserved in JWT. > The current list of reserved JWE header parameter names are in the JWE > document. Having another place to look for what names are reserved > looks inefficient and error prone unless ALL reserved JWE header > parameter names are listed in JWT. > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] #17: add 'aud' and 'iss' to 4.1 Reserved H… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… John Bradley
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Dick Hardt
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Jim Schaad
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Mike Jones
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… Matt Miller (mamille2)
- Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserv… jose issue tracker