Re: [Jwt-reg-review] Claims registration question
John Bradley <jbradley@me.com> Thu, 23 April 2015 16:50 UTC
Return-Path: <jbradley@me.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 422431AC42B for <jwt-reg-review@ietfa.amsl.com>; Thu, 23 Apr 2015 09:50:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.61
X-Spam-Level:
X-Spam-Status: No, score=-3.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpsXmnXxMiPK for <jwt-reg-review@ietfa.amsl.com>; Thu, 23 Apr 2015 09:50:42 -0700 (PDT)
Received: from nk11p14im-asmtp001.me.com (nk11p14im-asmtp001.me.com [17.158.72.160]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04D521ACCFA for <jwt-reg-review@ietf.org>; Thu, 23 Apr 2015 09:50:33 -0700 (PDT)
Received: from [192.168.1.216] (unknown [186.79.66.209]) by nk11p14im-asmtp001.me.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Dec 4 2014)) with ESMTPSA id <0NN900EYOQS4Q720@nk11p14im-asmtp001.me.com> for jwt-reg-review@ietf.org; Thu, 23 Apr 2015 16:50:32 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68,1.0.33,0.0.0000 definitions=2015-04-23_06:2015-04-23,2015-04-23,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1412110000 definitions=main-1504230190
Content-type: multipart/signed; boundary="Apple-Mail=_FDA3FE8E-EDD7-470C-A4BB-0A5E261FC05B"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: John Bradley <jbradley@me.com>
In-reply-to: <CA+k3eCTF8puhFoRgTt7KkEVmBopBQkSng_-3VjY6La3z8K0t9A@mail.gmail.com>
Date: Thu, 23 Apr 2015 13:48:22 -0300
Message-id: <CFA4581A-E51D-417C-88B9-CF85541734AB@me.com>
References: <etPan.55381d39.643c9869.158@Macintosh-5.local> <4D256956-BEB5-459A-98D3-94416B37AA6F@me.com> <CA+k3eCTF8puhFoRgTt7KkEVmBopBQkSng_-3VjY6La3z8K0t9A@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/jwt-reg-review/1es71qVNhMEuTzsp9lpoP9kGEqY>
Cc: Bart Grantham <bart@genecloud.com>, "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>
Subject: Re: [Jwt-reg-review] Claims registration question
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 16:50:44 -0000
It is collision resistant but is harder to self document without registration. Using a URI pointing at the definition of the claim is a relatively well proven technique to prevent collisions. Both can work. John B. > On Apr 23, 2015, at 1:29 PM, Brian Campbell <bcampbell@pingidentity.com <mailto:bcampbell@pingidentity.com>> wrote: > > Indeed org.genomicsandhealth.* itself also seems sufficiently collision-resistant. > > On Thu, Apr 23, 2015 at 10:06 AM, John Bradley <jbradley@me.com <mailto:jbradley@me.com>> wrote: > You can use public collision resistant names like http://genomicsandhealth.org/claims/value1 <http://genomicsandhealth.org/claims/value1> That also allows for the claim to be documented via the follow your nose principal. > https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.2 <https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.2> > > You could use that and then register them if there is a need for interoperability outside your community. > > If you established that pattern, it would be unlikely that anyone other than the owner of that namespace is going to register something in the registry that conflicts with you. > > John B. > > On Apr 22, 2015, at 7:14 PM, Bart Grantham <bart@genecloud.com <mailto:bart@genecloud.com>> wrote: > > > > A standards body that my company is involved in, the Global Alliance for Genomic Health (“GA4GH”), is looking at OAuth2/OpenID Connect for identity management amongst the various projects and it occurs to us that it may be necessary for the GA4GH to register domain-specific claims regarding researcher’s qualifications/membership in organizations. > > > > I’m wondering if it’s possible for the GA4GH to claim, after appropriate discussion and review, a wildcard claim? Something like org.genomicsandhealth.* ? This would allow the GA4GH to internally manage the registration of claims that that are relavant to the organization (“org.genomicsandhealth.projects.beacon”, “org.genomicsandhealth.eu <http://org.genomicsandhealth.eu/>_commons”, etc.) > > > > If this is not possible, is there an alternative to registering each and every claim name that arises with IANA? > > > > -- > > Bart Grantham > > _______________________________________________ > > Jwt-reg-review mailing list > > Jwt-reg-review@ietf.org <mailto:Jwt-reg-review@ietf.org> > > https://www.ietf.org/mailman/listinfo/jwt-reg-review <https://www.ietf.org/mailman/listinfo/jwt-reg-review> > > _______________________________________________ > Jwt-reg-review mailing list > Jwt-reg-review@ietf.org <mailto:Jwt-reg-review@ietf.org> > https://www.ietf.org/mailman/listinfo/jwt-reg-review <https://www.ietf.org/mailman/listinfo/jwt-reg-review> >
- [Jwt-reg-review] Claims registration question Bart Grantham
- Re: [Jwt-reg-review] Claims registration question John Bradley
- Re: [Jwt-reg-review] Claims registration question Brian Campbell
- Re: [Jwt-reg-review] Claims registration question John Bradley