Re: [Jwt-reg-review] review JWT claims registration request (was Re: Fwd: Review requested: draft-ietf-stir-passport)
Mike Jones <Michael.Jones@microsoft.com> Wed, 16 November 2016 02:21 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0FDF129621 for <jwt-reg-review@ietfa.amsl.com>; Tue, 15 Nov 2016 18:21:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bIOIZDUZZOms for <jwt-reg-review@ietfa.amsl.com>; Tue, 15 Nov 2016 18:21:40 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0115.outbound.protection.outlook.com [104.47.42.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 055FF129458 for <jwt-reg-review@ietf.org>; Tue, 15 Nov 2016 18:21:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FyvF3mNy318tqjbYJhiHNSrX7sLbtoMOzqQPYTnQVSM=; b=QhdKy12QU3fmAOC0hlAN2oaJGEjCHk8dsBYCFfJxvwQxd/YfDcv8/NagBRCMLmH2SWlQIBGTdlRomi6Z4VcFScHAVdZagHZRbzR5QMvG7AVcWyFHJ0zDRzNfxjkrkpzqXPfv4CJeolAErYnluYgx2zuR3cfKY1NyQyE3y35AZTI=
Received: from BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) by BN3PR03MB2353.namprd03.prod.outlook.com (10.166.74.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.721.10; Wed, 16 Nov 2016 02:21:36 +0000
Received: from BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) by BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) with mapi id 15.01.0721.015; Wed, 16 Nov 2016 02:21:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, "Matt Miller (mamille2)" <mamille2@cisco.com>, "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>, Chuck Mortimore <cmortimore@salesforce.com>
Thread-Topic: review JWT claims registration request (was Re: Fwd: Review requested: draft-ietf-stir-passport)
Thread-Index: AQHSKixH6oCJCOkUcU6nJdfkSEzM3qDbC1gg
Date: Wed, 16 Nov 2016 02:21:36 +0000
Message-ID: <BN3PR03MB2355BAED4F5A7CF424CFB13FF5BE0@BN3PR03MB2355.namprd03.prod.outlook.com>
References: <CA+k3eCSV=pjEWrdUoHsZcozLzzZjvkY6Z=06fZZwQEcEu3Aq8Q@mail.gmail.com>
In-Reply-To: <CA+k3eCSV=pjEWrdUoHsZcozLzzZjvkY6Z=06fZZwQEcEu3Aq8Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:67c:370:128:1ca1:d6c2:abc4:44ad]
x-microsoft-exchange-diagnostics: 1; BN3PR03MB2353; 7:F0h3AXUFp0PDRdBgHl+qFCoWEr3ieqhng/JQZDcm8V1dwW7UdMaOh10Z8N3sV7pOq0h1tDomEUCZqnsGiQoiOOk/2iu+IQVf8HFFK4BpduNQuuGdQiNBIkHBD1ifQMe3Xg+HWHC34oU0GdAIdBZZh7vZptyBie39KknPy7BwIQvm5eKssN78/ML2PD+DkQ+H2QFROY788JcPOT7GlpLXOSDUq1G+3pZa44TP0bKZFmxaCkE+0kfh9bKQoonavZttB6L8+hMsuQaoz5Zho/q+2SSdaPRqki1e1OCNuOFokbbdVk5/Qc7QN7Vcy1G2wHUa2V2Dh73gZSPDBsJF37BxPPkjhnOxksSIb6Alvp0H4rzvM1o23Vy5GwnG9N8YxSmH
x-ms-office365-filtering-correlation-id: d8af8970-72f4-4f03-3f10-08d40dc74abd
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BN3PR03MB2353;
x-microsoft-antispam-prvs: <BN3PR03MB235353166B4301017D399BB3F5BE0@BN3PR03MB2353.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(99586504457433)(62221491112393)(95692535739014)(206333022235701)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6045074)(6060326)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038)(6046074)(6061324); SRVR:BN3PR03MB2353; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB2353;
x-forefront-prvs: 01283822F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(24454002)(377454003)(189002)(38284003)(199003)(50944005)(10090500001)(7696004)(2950100002)(19609705001)(189998001)(122556002)(50986999)(8936002)(2501003)(87936001)(77096005)(86362001)(5660300001)(229853002)(3660700001)(9686002)(76576001)(5005710100001)(3280700002)(81166006)(86612001)(106116001)(606004)(81156014)(2900100001)(106356001)(4326007)(97736004)(10290500002)(74316002)(101416001)(8990500004)(230783001)(7846002)(7736002)(8676002)(102836003)(105586002)(76176999)(33656002)(99286002)(6116002)(5001770100001)(7906003)(92566002)(68736007)(54356999)(2906002)(790700001)(6506003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB2353; H:BN3PR03MB2355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN3PR03MB2355BAED4F5A7CF424CFB13FF5BE0BN3PR03MB2355namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2016 02:21:36.8140 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2353
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/hto9_6g54Pd3M52_TAYxq7saCjk>
Cc: Russ Housley <housley@vigilsec.com>, Alissa Cooper <alissa@cooperw.in>, Sean Turner <sean@sn3rd.com>, Robert Sparks <rjsparks@nostrum.com>
Subject: Re: [Jwt-reg-review] review JWT claims registration request (was Re: Fwd: Review requested: draft-ietf-stir-passport)
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 02:21:43 -0000
I attended the STIR WG this morning to better understand the status and expected uses of draft-ietf-stir-passport. While I might have chosen different claim names, I am convinced that this work is valuable and will be widely deployed.
I just sent a note on the related IANA thread approving the registration of the claims.
-- Mike
From: Brian Campbell [mailto:bcampbell@pingidentity.com]
Sent: Thursday, October 20, 2016 2:14 AM
To: Matt Miller (mamille2) <mamille2@cisco.com>; jwt-reg-review@ietf.org; John Bradley <ve7jtb@ve7jtb.com>; Mike Jones <Michael.Jones@microsoft.com>; Chuck Mortimore <cmortimore@salesforce.com>
Cc: Robert Sparks <rjsparks@nostrum.com>; Alissa Cooper <alissa@cooperw.in>; Russ Housley <housley@vigilsec.com>; Sean Turner <sean@sn3rd.com>
Subject: review JWT claims registration request (was Re: Fwd: Review requested: draft-ietf-stir-passport)
Thanks for bringing this to my attention, Matt. The message to jwt-reg-review had somehow gotten lumped together with the jose-reg-review one in such a way that'd I'd completely overlooked it. I don't know if maybe the same happened to the other 'experts' so I'm including them and the jwt-reg-review address again in this message.
Generally I think the draft-ietf-stir-passport claims registrations look okay. A few comments follow. It'd be a nice courtesy to maybe space and group section 11.2.1 like was done in https://tools.ietf.org/html/rfc7519#section-10.1.2 but that's just a nit. I can't help but see the similarity of "orig"/"dest" to "sub"/"aud" and wonder if more couldn't have been done to reuse the existing claims. But having the specific syntax and semantics for PASSporT is understandably nice too. If it were up to me, I'd use base64url encoding rather than hex for mky/dig as it is more space efficient and generally in line with how JWT/JOSE does things but that's just me. You can take or leave those comments though at your choosing.
Hopefully the other reviewers will see this message and we can move things forward.
On Wed, Oct 19, 2016 at 6:33 AM, Matt Miller (mamille2) <mamille2@cisco.com<mailto:mamille2@cisco.com>> wrote:
Hello Brian,
Do you think you can review this JWT registration?
Thanks,
- m&m
Matt Miller (mobile)
On Oct 18, 2016 1:25 PM, Robert Sparks <rjsparks@nostrum.com<mailto:rjsparks@nostrum.com>> wrote:
Hi Matt -
Who should pick this one up? (Jim is taking care of the part that went to jose-reg-review).
We're up against some strong external pressure to get this document suite published, so any nudging to bring this particular review to conclusion would be very helpful.
RjS
-------- Forwarded Message --------
Subject:
Review requested: draft-ietf-stir-passport
Date:
Tue, 18 Oct 2016 13:56:37 -0500
From:
Robert Sparks <rjsparks@nostrum.com><mailto:rjsparks@nostrum.com>
To:
jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>
CC:
Jon Peterson <jon.peterson@gmail.com><mailto:jon.peterson@gmail.com>, chris_wendt@cable.comcast.com<mailto:chris_wendt@cable.comcast.com> <chris_wendt@cable.comcast.com><mailto:chris_wendt@cable.comcast.com>, Russ Housley <housley@vigilsec.com><mailto:housley@vigilsec.com>, Alissa Cooper <alissa@cooperw.in><mailto:alissa@cooperw.in>
Please review the registration request in section 11.2 of
<https://datatracker.ietf.org/doc/draft-ietf-stir-passport/><https://datatracker.ietf.org/doc/draft-ietf-stir-passport/>
The registration request itself is copied below for your convenience.
Robert Sparks - STIR WG co-chair
-----------
11.2. JSON Web Token Claims Registration
11.2.1. Registry Contents Additions Requested
o Claim Name: "orig"
o Claim Description: Originating Identity String
o Change Controller: IESG
o Specification Document(s): Section 5.2.1 of [RFCThis]
o Claim Name: "dest"
o Claim Description: Destination Identity String
o Change Controller: IESG
o Specification Document(s): Section 5.2.1 of [RFCThis]
o Claim Name: "mky"
o Claim Description: Media Key Fingerprint String
o Change Controller: IESG
o Specification Document(s): Section 5.2.2 of [RFCThis]
- [Jwt-reg-review] review JWT claims registration r… Brian Campbell
- Re: [Jwt-reg-review] review JWT claims registrati… Mike Jones