Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names

"jose issue tracker" <trac+jose@trac.tools.ietf.org> Wed, 03 April 2013 20:03 UTC

Return-Path: <trac+jose@trac.tools.ietf.org>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55DFE21F8B97 for <jose@ietfa.amsl.com>; Wed, 3 Apr 2013 13:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RU+sumfo3ym0 for <jose@ietfa.amsl.com>; Wed, 3 Apr 2013 13:03:58 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id B678E21F8A91 for <jose@ietf.org>; Wed, 3 Apr 2013 13:03:58 -0700 (PDT)
Received: from localhost ([127.0.0.1]:45660 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+jose@trac.tools.ietf.org>) id 1UNTuR-000682-C7; Wed, 03 Apr 2013 22:03:51 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: jose issue tracker <trac+jose@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-jose-json-web-encryption@tools.ietf.org, michael.jones@microsoft.com
X-Trac-Project: jose
Date: Wed, 03 Apr 2013 20:03:51 -0000
X-URL: http://tools.ietf.org/jose/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/jose/trac/ticket/17#comment:1
Message-ID: <074.0ab64512938724c4d95e33c537c743e4@trac.tools.ietf.org>
References: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org>
X-Trac-Ticket-ID: 17
In-Reply-To: <059.28920e1fc6703f74a91ab3b3829a8a57@trac.tools.ietf.org>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-jose-json-web-encryption@tools.ietf.org, michael.jones@microsoft.com, jose@ietf.org
X-SA-Exim-Mail-From: trac+jose@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: ekr@rtfm.com, jhildebr@cisco.com, mbj@microsoft.com
Resent-Message-Id: <20130403200358.B678E21F8A91@ietfa.amsl.com>
Resent-Date: Wed, 03 Apr 2013 13:03:58 -0700
Resent-From: trac+jose@trac.tools.ietf.org
Cc: jose@ietf.org
Subject: Re: [jose] #17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 20:03:59 -0000

#17: add 'aud' and 'iss' to 4.1 Reserved Header Parameter Names


Comment (by michael.jones@microsoft.com):

 I believe that this is a JWT issue – not a JOSE issue.  I'd suggest that
 you re-file this issue to be considered for the JWT spec, Dick, and close
 it here, as it's JWT-specific.  The OAuth issue tracker (which can be used
 for the JWT spec, since it's in the OAuth working group) is at
 http://trac.tools.ietf.org/wg/oauth/trac/.

 I think the real change you're requesting is to have the JWT spec add the
 "iss" and "aud" claims, which it defines, to the list of reserved JWE
 header parameter values, and to say that the "iss" and "aud" claim values
 defined by the JWT spec may appear in the JWE header.  The JWT spec *can*
 reserve JOSE header fields.  (Any spec can, through use of the IANA
 registry.)  This doesn't have to be done in the JWE spec.

 A processing question you'd need to answer is whether, if present in the
 JWE header, these claim values must also appear in the JWT Claims Set with
 identical values, or whether it's your intent to allow or require them to
 appear in exactly one of the two locations.

-- 
-------------------------+-------------------------------------------------
 Reporter:               |       Owner:  draft-ietf-jose-json-web-
  dick.hardt@gmail.com   |  encryption@tools.ietf.org
     Type:  enhancement  |      Status:  new
 Priority:  major        |   Milestone:
Component:  json-web-    |     Version:
  encryption             |  Resolution:
 Severity:  -            |
 Keywords:               |
-------------------------+-------------------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/17#comment:1>
jose <http://tools.ietf.org/jose/>