Re: [Jwt-reg-review] ext (Extension) Claim?
Brian Campbell <bcampbell@pingidentity.com> Mon, 15 July 2019 12:57 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD1D91200F4 for <jwt-reg-review@ietfa.amsl.com>; Mon, 15 Jul 2019 05:57:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjVdINo0jTLq for <jwt-reg-review@ietfa.amsl.com>; Mon, 15 Jul 2019 05:57:01 -0700 (PDT)
Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ECD112008B for <jwt-reg-review@ietf.org>; Mon, 15 Jul 2019 05:57:01 -0700 (PDT)
Received: by mail-qk1-x72c.google.com with SMTP id r6so11503801qkc.0 for <jwt-reg-review@ietf.org>; Mon, 15 Jul 2019 05:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3mrfi6ct/vTY5/upqixLN9ZHvFwGBRUiumIuMx2LLkA=; b=fNGwqbLBgrmAhtpnHC4jinlPdK22xeYGOpb+/Ti3iCywQoN+mSWfgCZ0puFcztnkwG KN7PreMCIVXkjhN273RdrtTgQq5lRe5ry/ojMsDcHMqgmp5RE+/hSrmpimzTHr89lsYd EPAwvBxPdLJjZWBXgVzfAA8fopJxRKYdAdVJQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3mrfi6ct/vTY5/upqixLN9ZHvFwGBRUiumIuMx2LLkA=; b=XPLWSjPq4JuiswH12s2rdzlW0cKDvzK2+cvUACifegDS5+rbdy8RpvmpQGfyTBvhBJ S9LCH8EDFlwWNJ6uuVeDG8ZtTEYxAqJTsVYjX9YDjN9gBVdLXvAw7TZ/6Wr4OyeidwtL DibHLjiqvsNhBCz6rmrBvpOwCZs1hfvWK8xdwhWy6X4ZlmE6fEw5an3NWvC/IJ52pHyG bHK/UXlMwRhn+TDQ4WytBiUpE0IERZOrnNw/TkwH/ggyfhgnVbSb7Mj+96xX1WWDDFt9 jtBHm3HM802vubCM7Zc3zVaHggN/mbo15GzB6DIyODei3ega8N9VhkMjoW6nrDqO0g5l Tv9A==
X-Gm-Message-State: APjAAAWtlQyFamdk+52g9QijNI62MZiWfEzt/i37QczZsQw2xIa5bfvk xd0P7HIoIQVm7moWMX6HvaaL49bnwv6px64SfxL5Peguk6dQ8L/yLprsLVuIJwGyfC50P7ZSc8C 4po0X3MtdpCO3W4e/hZSopZLrNZjJasE=
X-Google-Smtp-Source: APXvYqyVy//fRvE2VMs0Al7ho+jUzQJC5sqzhFPvyAFS+LGHcRzerkD9BarwxOZRMjcevzpt8csxj8k7D/2IcWTgtEE=
X-Received: by 2002:a37:7ec7:: with SMTP id z190mr16538876qkc.347.1563195420090; Mon, 15 Jul 2019 05:57:00 -0700 (PDT)
MIME-Version: 1.0
References: <CANEdHmjErfZ_qXmMpdnoXJqaWT6Ojqc+F=McbeQj1L6wsAz=PA@mail.gmail.com>
In-Reply-To: <CANEdHmjErfZ_qXmMpdnoXJqaWT6Ojqc+F=McbeQj1L6wsAz=PA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 15 Jul 2019 06:56:34 -0600
Message-ID: <CA+k3eCSgM6LqzYDHRz=s-Q0D37ec1UYHfLzj8TPfEKKizeU+oQ@mail.gmail.com>
To: Scott Morgan <scott@adligo.com>
Cc: jwt-reg-review@ietf.org
Content-Type: multipart/alternative; boundary="000000000000babdd5058db7cbd1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/Fc6GRqYam48faclY46a-MRBtYK0>
Subject: Re: [Jwt-reg-review] ext (Extension) Claim?
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 12:57:04 -0000
What you've got by way of example there looks to be a JOSE header https://tools.ietf.org/html/rfc7515#section-4 rather than a claim https://tools.ietf.org/html/rfc7519#section-4 and is probably not the best choice for what you're looking to do. You might consider using a collision-resistant public claim name https://tools.ietf.org/html/rfc7519#section-4.2 such as " http://www.adligo.com/jwt-ext-asbp" or something along those lines. And then putting whatever content you like under that. That'd look something like this (unencoded): {"alg":"HS256"} . {"http://www.adligo.com/jwt-ext-asbp": { "name" : "Scott", "sname" : "Morgan", "roles" : ["SA", "ROOT"], "auth-cache-servers" : ["1.2.3.4","2.3.4.5"] } "iat": 1516239022 ... other claims ... } On Sat, Jul 13, 2019 at 2:03 PM Scott Morgan <scott@adligo.com> wrote: > Hi All, > > I am simply trying to extend JWT to add some arbitrary data including; > roles (ie LDAP) > auth-cache-servers > name (ie LDAP) > sname (ie LDAP) > > Should this be done with a new claim 'ext' (Extensions); > > {"typ":"JWT", > "alg":"HS256", > > "ext": { > > "name" : "Scott", > > "sname" : "Morgan", > > "roles" : ["SA", "ROOT"], > > "auth-cache-servers" : ["1.2.3.4","2.3.4.5"] > > } > > } > > > Or is there better way to extend JWT? > > > This is connected to work on; > > https://tools.ietf.org/html/draft-adligo-hybi-asbp-02 > > > -- > Regards, > Scott Morgan > President & CEO > Adligo Inc > http://www.adligo.com > https://www.linkedin.com/in/scott-morgan-21739415 > A+ Better Business Bureau Rating > <https://www.bbb.org/chicago/business-reviews/computer-software-publishers-and-developers/adligo-inc-in-chicago-il-88381256> > https://github.com/adligo > > By Appointment Only: > 1-866-968-1893 Ex 101 > scott@adligo.com > skype:adligo1?call > Send Me Files Securely: > *https://www.sendthisfile.com/f.jsp?id=ewOnyeFQM18IDRf7MMIdolfI > <https://www.sendthisfile.com/f.jsp?id=ewOnyeFQM18IDRf7MMIdolfI>* > > > > _______________________________________________ > Jwt-reg-review mailing list > Jwt-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/jwt-reg-review > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [Jwt-reg-review] ext (Extension) Claim? Scott Morgan
- Re: [Jwt-reg-review] ext (Extension) Claim? Brian Campbell