Re: [Jwt-reg-review] Request to register claim: "at_use_nbr"

Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org> Thu, 18 July 2019 08:11 UTC

Return-Path: <MiguelAngel.ReinaOrtega@etsi.org>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CD2512006D for <jwt-reg-review@ietfa.amsl.com>; Thu, 18 Jul 2019 01:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.288
X-Spam-Level:
X-Spam-Status: No, score=-4.288 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=etsi.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NVLKkFx5onxU for <jwt-reg-review@ietfa.amsl.com>; Thu, 18 Jul 2019 01:11:03 -0700 (PDT)
Received: from relay.etsi.org (relay.etsi.org [195.238.226.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 724F2120046 for <jwt-reg-review@ietf.org>; Thu, 18 Jul 2019 01:11:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=1524829736.etsi; d=etsi.org; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To:Content-Type: MIME-Version; i=MiguelAngel.ReinaOrtega@etsi.org; bh=vWEZIlAU1/rM9CT9fk+6CkWjAa0nGwsc4cbB7mDXWQ0=; b=XwfsQ9ZeP5FnduT8Y1dyLta0IZKA7DA0rY4v97vGTcyQiO917jOBUXvZ3OWjv5A36iPuLHd+B+o/ JgQPudlt+4GEXddTuK8Ot3zGn/nlIQ0TqOoE81yvMrMYbQvLHQ8+n6iUkdZ7SOJKmore018m60ez wRAaka7Aph8P3KH71Zw=
Received: from outbound.etsi.org (172.27.1.75) by relay.etsi.org id h60kpc2gvlc2 for <jwt-reg-review@ietf.org>; Thu, 18 Jul 2019 09:11:00 +0100 (envelope-from <MiguelAngel.ReinaOrtega@etsi.org>)
Received: from XMAIL.etsihq.org (172.27.1.75) by xMail.etsihq.org (172.27.1.75) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Thu, 18 Jul 2019 10:11:00 +0200
Received: from XMAIL.etsihq.org ([172.27.1.75]) by xMail.etsihq.org ([172.27.1.75]) with mapi id 15.00.1236.000; Thu, 18 Jul 2019 10:11:00 +0200
From: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org>
To: Mike Jones <Michael.Jones@microsoft.com>, Brian Campbell <bcampbell@pingidentity.com>
CC: PNNS <PNNS@etsi.org>, "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>
Thread-Topic: [Jwt-reg-review] Request to register claim: "at_use_nbr"
Thread-Index: AdUUPCk35WRFbawXQP2CfNV5KeT+3QB81EuAAYenrcACMEbSgAAoNKsAAAcLn7D///UTAP//xKXg/9DSCcA=
Date: Thu, 18 Jul 2019 08:10:59 +0000
Message-ID: <1a1321f2aefd4894abf7a1744ba57eb6@xMail.etsihq.org>
References: <7ddd8b990a544ac195b711f66bbebdba@xMail.etsihq.org> <CA+k3eCTppz+9cnbO4TUi40SPn5AJwS5TX-pfL9+x=fLN2F0-=g@mail.gmail.com> <58db505570754ef4abcc30cec50c8e43@xMail.etsihq.org> <2f55588ea3bb4bbbb66990f7ad84cdc0@xMail.etsihq.org> <BL0PR00MB02928379309A9DF0B9D80A62F5EA0@BL0PR00MB0292.namprd00.prod.outlook.com> <2c0b0a98ed534dd7885ecfc19728e9f1@xMail.etsihq.org> <MW2PR00MB0300C02270A9607EFE6D623DF5EA0@MW2PR00MB0300.namprd00.prod.outlook.com> <5877681dfc4246db8b44496f47d5acf1@xMail.etsihq.org>
In-Reply-To: <5877681dfc4246db8b44496f47d5acf1@xMail.etsihq.org>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.7.2.65]
Content-Type: multipart/alternative; boundary="_000_1a1321f2aefd4894abf7a1744ba57eb6xMailetsihqorg_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/VOuUa7N3Lchlr-Jf26TCm17N9Xg>
Subject: Re: [Jwt-reg-review] Request to register claim: "at_use_nbr"
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 08:11:07 -0000

Dear Mike,

I have not heard from you since our last exchange a month ago. It seems also that it has not been registered yet, at least I cannot see it in the registry.

Is there any pending question/modification required for the registration?

Best regards.

-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<http://www.etsi.org/> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

From: Miguel Angel Reina Ortega
Sent: 18 June 2019 16:49
To: 'Mike Jones' <Michael.Jones@microsoft.com>;; 'Brian Campbell' <bcampbell@pingidentity.com>;
Cc: PNNS <PNNS@etsi.org>;; 'jwt-reg-review@ietf.org'; <jwt-reg-review@ietf.org>;
Subject: RE: [Jwt-reg-review] Request to register claim: "at_use_nbr"

Dear Mike,

Then, that’s the right link to use until it gets published. And it will be published once different claims are registered. So, discussing with Brian, it was agreed to use that temporary link so that you can review the specification (which actually is on hold before publication until claims are registered) and then update the registry with the final link.

I hope that’s still ok.

Best regards.

-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<http://www.etsi.org/> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

From: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Sent: 18 June 2019 15:13
To: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>>; Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Cc: PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>; jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>
Subject: RE: [Jwt-reg-review] Request to register claim: "at_use_nbr"

Rather than sending it to me, it would be better to place the normative doc at a permanent URL from which it can be directly opened.  The IANA registration will need to refer to this URL anyway.  Any of docx, pdf, or txt formats should be fine.

                                                       -- Mike

From: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>>
Sent: Tuesday, June 18, 2019 2:54 PM
To: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>; Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Cc: PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>; jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>
Subject: RE: [Jwt-reg-review] Request to register claim: "at_use_nbr"

Dear Mike,

Yes, it is still the correct doc link. I did not have any problem opening any of the documents.

Should I send it attached to an email for you?

Best regards.

-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.etsi.org%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163104705&sdata=kcQ5Nn9pNxIC%2FF8sHhP34116CtRla%2Bq284FSBHVqvDc%3D&reserved=0> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

From: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Sent: 18 June 2019 12:30
To: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>>; Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Cc: PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>; jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>
Subject: RE: [Jwt-reg-review] Request to register claim: "at_use_nbr"

I just tried opening the docs inside the .zip file https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC022_API_Access_Token_Spec/NFV-SEC022v010.zip<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocbox.etsi.org%2FISG%2FNFV%2FOpen%2FDrafts%2FSEC022_API_Access_Token_Spec%2FNFV-SEC022v010.zip&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163104705&sdata=tRgOMS%2F0SQ24UtuxD4PZO9fuYS2DZ0qKqeJHdbbPAHE%3D&reserved=0> to review the request and there were problems opening both of them.  Is this still the correct doc link?

                                           -- Mike

From: Jwt-reg-review <jwt-reg-review-bounces@ietf.org<mailto:jwt-reg-review-bounces@ietf.org>> On Behalf Of Miguel Angel Reina Ortega
Sent: Monday, June 17, 2019 6:21 AM
To: Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Cc: PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>; jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>
Subject: Re: [Jwt-reg-review] Request to register claim: "at_use_nbr"

Dear Brian,

I still don’t see the requested claim appearing on the registry. Is there anything that needs to be done on my side?

Thanks in advance.

Best regards.

From: Miguel Angel Reina Ortega
Sent: 06 June 2019 11:59
To: Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Cc: jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>; PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>
Subject: RE: [Jwt-reg-review] Request to register claim: "at_use_nbr"

Dear Brian,

Thanks for the comments. The “scope” claim will be removed from there.

On the other hand, I don’t see any of those links you mention, just the following: http://openid.net/specs/openid-connect-core-1_0.html#IDToken<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23IDToken&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163114701&sdata=G1SHeIkW2QzRPG4gyWhNNMW15vrb1VC0533fT0AVQ5k%3D&reserved=0>;. which seems correct to me.

Best regards.

From: Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Sent: 29 May 2019 19:02
To: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>>
Cc: jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>; PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>
Subject: Re: [Jwt-reg-review] Request to register claim: "at_use_nbr"

In general I think that the “at_use_nbr” claim can be registered given how it is described in the NFV_SEC022v0-1-0-cb.docx file inside the zip file at the https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC022_API_Access_Token_Spec/NFV-SEC022v010.zip<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocbox.etsi.org%2FISG%2FNFV%2FOpen%2FDrafts%2FSEC022_API_Access_Token_Spec%2FNFV-SEC022v010.zip&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163114701&sdata=QYgBmqU5nYE9URouJxpKhBulAy%2B0hOUUDOgryQCO0V8%3D&reserved=0> link provided.

However, there are also links there to https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23StandardClaims&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163124693&sdata=bkLUsWbrPqh7Ua6zzXG%2BJpiT946oZIgP8pvWGiAIHmY%3D&reserved=0> and https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=54060<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.etsi.org%2Fwebapp%2FWorkProgram%2FReport_WorkItem.asp%3FWKI_ID%3D54060&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163124693&sdata=%2F9ae3ZOXG0CVxP6ziIneKWDanYrPiDNYjcUnzVfSstI%3D&reserved=0> which are confusing and/or don't seem right.

Also the NFV_SEC022v0-1-0-cb.docx document also still has "scope" in the JSON Web Token Claims registry which needs to be removed. Because ultimately I think IANA works off of the specification document itself.



On Sun, May 26, 2019 at 9:36 PM Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>> wrote:
Dear,
On behalf of ETSI NFV ISG, I would like to submit the following registration request for the “JSON Web Token” registry:

  *   Claim Name: “at_use_nbr”
  *   Claim Description: Number of API requests for which the access token can be used.
  *   Change Controller: ETSI (pnns@etsi.org<mailto:pnns@etsi.org>)
  *   Specification Document(s): Clause 5.5<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23StandardClaims&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163134687&sdata=ULwF4H6TeAtTCuAj%2Br6n9D0eorzTyRgTa50GHNAPZxs%3D&reserved=0> of the present ETSI GS NFV-SEC 022<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.etsi.org%2Fwebapp%2FWorkProgram%2FReport_WorkItem.asp%3FWKI_ID%3D54060&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163134687&sdata=1QU0NOBbhwwn%2BJSCofs4uNCcHpIVr0bj0Dh1y7lpJLM%3D&reserved=0> (https://docbox.etsi.org/ISG/NFV/Open/Drafts/SEC022_API_Access_Token_Spec/NFV-SEC022v010.zip<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocbox.etsi.org%2FISG%2FNFV%2FOpen%2FDrafts%2FSEC022_API_Access_Token_Spec%2FNFV-SEC022v010.zip&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163144683&sdata=slUSoTnNlxy6IvkHqImGws47%2FR%2BYSXiuNHrS2h3K%2BkA%3D&reserved=0>;)
Please, note that once the specification is approved, the pointer to the specification will be updated.

Best regards.

-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.etsi.org%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163144683&sdata=L%2FD%2BO3hdKcggGr32EFiewT9ZXa9I2XgKVn4ZtK8njo8%3D&reserved=0> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

_______________________________________________
Jwt-reg-review mailing list
Jwt-reg-review@ietf.org<mailto:Jwt-reg-review@ietf.org>
https://www.ietf.org/mailman/listinfo/jwt-reg-review<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fjwt-reg-review&data=02%7C01%7CMichael.Jones%40microsoft.com%7C03430a778f844150de8508d6f3e39738%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636964556163154673&sdata=5fKpMwKMDx5lKy60oPas9%2Fyk6s2c0gcMeb7osyEV%2BoA%3D&reserved=0>

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.