Re: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"

Brian Campbell <bcampbell@pingidentity.com> Wed, 22 May 2019 18:00 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB1B41202B6 for <jwt-reg-review@ietfa.amsl.com>; Wed, 22 May 2019 11:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yIQcpqiMzoJ for <jwt-reg-review@ietfa.amsl.com>; Wed, 22 May 2019 11:00:03 -0700 (PDT)
Received: from mail-it1-x132.google.com (mail-it1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79DFA120288 for <jwt-reg-review@ietf.org>; Wed, 22 May 2019 11:00:03 -0700 (PDT)
Received: by mail-it1-x132.google.com with SMTP id m141so5076018ita.3 for <jwt-reg-review@ietf.org>; Wed, 22 May 2019 11:00:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Svd3owqBQEPxJXXN3qQC0OsUgVtkmTFH7w9zPvl9tG8=; b=At/JLbasOI5mx5wVwcgoByr5pKxWNt9/G8FG+xGyYYMVZz86TLuP6TFxwx4E9SpJxM RDuYK2cVn9rA8gPM/Uk5zoEKBxx6lQhWB0v+Y07FEQoQVvm37lsJrB9sLOSQbX52dREN NZIxatIn2HtOzE6c097GTu69hG2wZCmmNJ3+4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Svd3owqBQEPxJXXN3qQC0OsUgVtkmTFH7w9zPvl9tG8=; b=YDEUCn5f3rcpb9/vbWBLXssi5mfAGNTBpa2AVLRJiktRix4++EAJwZDQ9RBWJD0Lfh Hzcrt+7AqxH3zdxWlOCB4aVesx5fjc2KGrhdGxqO4tsM40dWP+CndJXC2XTlHdm4dtph KH+gUBrW5pO6BhTK3+CHdUOb3RwTr5Deaaswg+2rPmJvouuQMHLsyb56t/Z5US7W27vq sCXLQeM7btfSszPLtFJ+u7JpLsJ34Y7CKjeNquTBSUo1zbSnmMfjNwJmww5FDq+QA1be oB+hQ8+kwA0o9mKRVqPvK2Dns03RLk0I84wJYLxy1qac9lC6qzpeZkquK3XcpoKHGWKF cR9g==
X-Gm-Message-State: APjAAAVYxXO6qINsj+LnGeFmSXb32IlqOjbRurKvVyykmXFRztSTku/s Euz+WkW/Pb8Wn5BFsj3ZwCS/yyzTQZ4it0gmQMDlaFn2oZuLZEhEaEqE/4KNrlA7juQNpaWLWaJ hSeTJxOKWjJw6nt1tGCeGoeDFSA==
X-Google-Smtp-Source: APXvYqyGKv/nVy5n66dhDX2r0S+5KFCv7gCCjp3fjDrjOoG3yL7vVX+fDMOQBPOIjY0g75CxhjgnBujvEpusVaKNjjA=
X-Received: by 2002:a02:6411:: with SMTP id t17mr59349524jac.90.1558548002343; Wed, 22 May 2019 11:00:02 -0700 (PDT)
MIME-Version: 1.0
References: <52951ff3f45146a284bc3401f2260915@xMail.etsihq.org> <CA+k3eCQEB9LZKKTt-bKOaAXLGLtgDWPkXUBhd2KkiYF+gE8WYg@mail.gmail.com> <51607e41f1fa41038abab52bd23f9bda@xMail.etsihq.org> <a4ab46ed99314ad28e994a46520270fc@xMail.etsihq.org> <CA+k3eCT2TbjRZP-SW3Sz80Oy_7CWMNy1oCQUtNUCfa1oz0p9nw@mail.gmail.com> <d3aee3b253e344c2b5b96605de99002c@xMail.etsihq.org>
In-Reply-To: <d3aee3b253e344c2b5b96605de99002c@xMail.etsihq.org>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 22 May 2019 11:59:36 -0600
Message-ID: <CA+k3eCRHjJkzh5-WwMZ44VJ1P=+HbohKpOakgUbZ6cySS9+ysg@mail.gmail.com>
To: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org>
Cc: "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>, PNNS <PNNS@etsi.org>
Content-Type: multipart/alternative; boundary="0000000000000baca105897dbcc2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/7wvENGmY3DgrQ_-RO7v2LxpDcbo>
Subject: Re: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 18:00:18 -0000

There is not yet an RFC number for it so a reference to the draft will have
to suffice. My main point about that one, however, is just that it will be
in the registry soon via other means so this registration review request
and the associated document should only request registration of
“at_use_nbr”.

On Wed, May 22, 2019 at 11:38 AM Miguel Angel Reina Ortega <
MiguelAngel.ReinaOrtega@etsi.org> wrote:

> Dear Brian,
>
>
>
> Thanks for your answer.
>
>
>
> I will then provide you with the pointer to the draft, and once
> specification is approved, I will resubmit the registration request with
> the final pointer.
>
>
>
> Regarding the “scope” claim, which RFC should it be referenced if there’s
> already a number? And If there’s no number, should we reference the draft?
>
>
>
> Thanks again.
>
>
>
> Best regards.
>
>
>
>
> -----------------------------------------------------------------------------------------------------------------
>
> *Miguel Angel Reina Ortega **–* Testing Expert
>
> Centre for Testing and Interoperability (CTI)
>
> *ETSI* ● www.etsi.org*miguelangel.reinaortega@etsi.org
> <miguelangel.reinaortega@etsi.org>*
>
> Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99
>
>
>
> This email may contain confidential information and is intended for
>
> the use of the addressee only. Any unauthorized use may be unlawful.
>
> If you receive this email by mistake, please advise the sender
>
> immediately by using the reply facility in your email software.
>
> Thank you for your co-operation.
>
>
>
> *From:* Brian Campbell <bcampbell@pingidentity.com>
> *Sent:* 22 May 2019 19:34
> *To:* Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org>
> *Cc:* jwt-reg-review@ietf.org; PNNS <PNNS@etsi.org>
> *Subject:* Re: [Jwt-reg-review] Request to register claims: "scope" ,
> "at_use_nbr"
>
>
>
> Hi Miguel, see inline below
>
>
>
> On Wed, May 22, 2019 at 9:49 AM Miguel Angel Reina Ortega <
> MiguelAngel.ReinaOrtega@etsi.org> wrote:
>
> Dear Brian,
>
>
>
> I have a couple of questions. First, regarding the pointer to the
> specification. Actually, the specification is going to be approved this
> week and publicly available soon. I could provide a pointer that will not
> work for the time being but it will in short time. Would that be fine? Or
> would it be better to provide a temp pointer that works right now but
> modify it later?
>
>
>
> It's a bit of chicken and egg, isn't it? And I'm honestly not sure how
> that's supposed to work. But I think that the latter - a pointer to a draft
> but soonish to be approved spec - would be appropriate for the review
> request. And the final pointer can be given to IANA for the registration
> request.
>
>
>
>
>
> Second question is regarding the “scope” claim, the reason why it was
> requested is that it does not appear in the JSON Web token registry page.
> Is that just a mistake or is there a reason why it is not there?
>
>
>
> The “scope” claim does not yet appear in the JSON Web token registry page
> but it should show up there (relatively) soon. The request has been made
> already
> https://mailarchive.ietf.org/arch/msg/jwt-reg-review/VXiedtm3lP0IfyEsVKkg92-I6TA
>
>
>
>
>
> Please, your advice will be very much appreciated.
>
>
>
> Best regards.
>
>
>
>
> -----------------------------------------------------------------------------------------------------------------
>
> *Miguel Angel Reina Ortega **–* Testing Expert
>
> Centre for Testing and Interoperability (CTI)
>
> *ETSI* ● www.etsi.org*miguelangel.reinaortega@etsi.org
> <miguelangel.reinaortega@etsi.org>*
>
> Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99
>
>
>
> This email may contain confidential information and is intended for
>
> the use of the addressee only. Any unauthorized use may be unlawful.
>
> If you receive this email by mistake, please advise the sender
>
> immediately by using the reply facility in your email software.
>
> Thank you for your co-operation.
>
>
>
> *From:* Miguel Angel Reina Ortega
> *Sent:* 22 May 2019 00:26
> *To:* 'Brian Campbell' <bcampbell@pingidentity.com>
> *Cc:* 'jwt-reg-review@ietf.org' <jwt-reg-review@ietf.org>rg>; PNNS <
> PNNS@etsi.org>
> *Subject:* RE: [Jwt-reg-review] Request to register claims: "scope" ,
> "at_use_nbr"
>
>
>
> Dear Brian,
>
>
>
> Thanks for your prompt response.
>
>
>
> Indeed, you’re right, a Word document attached in an email is not
> sufficient. I sent it in that way for your review and confirmation before
> approving the document at ISG level (a bit chicken and egg problem).
>
>
>
> I take note about your feedback on “scope” claim, bring that feedback to
> the ISG and if required as you said, I will make a new updated request
> which includes a pointer to the spec.
>
>
>
> Best regards.
>
>
>
>
> -----------------------------------------------------------------------------------------------------------------
>
> *Miguel Angel Reina Ortega **–* Testing Expert
>
> Centre for Testing and Interoperability (CTI)
>
> *ETSI* ● www.etsi.org*miguelangel.reinaortega@etsi.org
> <miguelangel.reinaortega@etsi.org>*
>
> Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99
>
>
>
> This email may contain confidential information and is intended for
>
> the use of the addressee only. Any unauthorized use may be unlawful.
>
> If you receive this email by mistake, please advise the sender
>
> immediately by using the reply facility in your email software.
>
> Thank you for your co-operation.
>
>
>
> *From:* Brian Campbell <bcampbell@pingidentity.com>
> *Sent:* 21 May 2019 20:50
> *To:* Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org>
> *Cc:* jwt-reg-review@ietf.org; PNNS <PNNS@etsi.org>
> *Subject:* Re: [Jwt-reg-review] Request to register claims: "scope" ,
> "at_use_nbr"
>
>
>
> Hello Miguel,
>
>
>
> RFC 7519 says that values for the JSON Web Token Claims Registry
> <https://tools.ietf.org/html/rfc7519#section-10.1> are registered on a
> Specification Required basis. RFC 5226 says that Specification Required
> <https://tools.ietf.org/html/rfc5226#section-4.1> means that the values
> and their meanings must be documented in a permanent and readily available
> public specification. I do not believe a Microsoft Word document as an
> email attachment is sufficient in that regard. This registration review
> request will need to be made again with a straightforward pointer to such a
> permanent and readily available public specification that defines the
> claim.
>
>
>
> Also note that the 'scope' claim is being defined in Section 4.2 of OAuth
> 2.0 Token Exchange
> <https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-4.2>
> with effectively the same meaning.  Registration has already been requested
> from/by that document so isn't necessary from the ETSI GS NFV-SEC 022
> perspective.
>
>
>
> Thanks,
>
> Brian Campbell
>
> One of the (so called) Designated Experts for the JWT Claims Registry
>
>
>
>
>
> On Mon, May 20, 2019 at 11:35 AM Miguel Angel Reina Ortega <
> MiguelAngel.ReinaOrtega@etsi.org> wrote:
>
> Dear,
>
> On behalf of ETSI NFV ISG, I would like to submit the following
> registration requests for the “JSON Web Token” registry:
>
>
>
>    - Claim Name: “scope”
>
>
>    - Claim Description: space-separated list of scope of operation values
>    for which the access token is valid.
>    - Change Controller: ETSI (pnns@etsi.org)
>
>
>    - Specification Document(s): Clause 5.5
>    <https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>
>    of the present ETSI GS NFV-SEC 022
>    <https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=54060>
>    (attached)
>
>
>
>    - Claim Name: “at_use_nbr”
>    - Claim Description: Number of API requests for which the access token
>    can be used.
>    - Change Controller: ETSI (pnns@etsi.org)
>
>
>    - Specification Document(s): Clause 5.5
>    <https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims>
>    of the present ETSI GS NFV-SEC 022
>    <https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=54060>
>    (attached)
>
>
>
> Best regards.
>
>
>
>
>
>
> -----------------------------------------------------------------------------------------------------------------
>
> *Miguel Angel Reina Ortega –* Testing Expert
>
> Centre for Testing and Interoperability (CTI)
>
> *ETSI* ● www.etsi.org*miguelangel.reinaortega@etsi.org
> <miguelangel.reinaortega@etsi.org>*
>
> Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99
>
>
>
> This email may contain confidential information and is intended for
>
> the use of the addressee only. Any unauthorized use may be unlawful.
>
> If you receive this email by mistake, please advise the sender
>
> immediately by using the reply facility in your email software.
>
> Thank you for your co-operation.
>
>
>
> _______________________________________________
> Jwt-reg-review mailing list
> Jwt-reg-review@ietf.org
> https://www.ietf.org/mailman/listinfo/jwt-reg-review
>
>
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._