Re: [Jwt-reg-review] [EXTERNAL] Re: JWT claim registration review request: draft-ietf-stir-passport-divert-05
Mike Jones <Michael.Jones@microsoft.com> Wed, 04 December 2019 00:29 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0BF212006F for <jwt-reg-review@ietfa.amsl.com>; Tue, 3 Dec 2019 16:29:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxoEtFRV7UIY for <jwt-reg-review@ietfa.amsl.com>; Tue, 3 Dec 2019 16:29:53 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640108.outbound.protection.outlook.com [40.107.64.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4D3C12000F for <jwt-reg-review@ietf.org>; Tue, 3 Dec 2019 16:29:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LzRCMxKUbmEC/j8PxXnquBjj8NcdTUpRUVtgBVJZj2IeAKpwqlanZW6QrafzpF7mOmsxR8Onx2YC3jzpQ8/SNApxCVr82ltihaYa8QIn0QxsNBjwjlE6wFWFfSdMVv1FTGdWa4QttRmnoaSgkpsq714+6plRnrPUTKDQWq81Ylk/bkt6yC8/0NqJXcBwGCBAH2MJ+6+x5ayJwe1CrhEpVv8cZWiy1YYPYyTSuhgkiq7EAoVDjTt8ALsb1/aZ4lxJyQ4ECtACXAQzl8ngKu4SpDRPL2d7zO7GqG4mMsU2GT9+iREegHrtsgR0m9uavoHQ8vrqWlrFNwUKiCU58SxYzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K0yeVlEuc11rxs77IGnKnKbg4sMYr2gGFoqpMwllzxs=; b=m+im0/fBuL1q4nfjM7onalxg2F7VuAthB5nzSBhR9NEnWhRhQb9uSJFN2DS3ZdB2B4LlAf3LIlTt3Hdn9eryAPayyJHTiAYbn535rWmWu4NYNP2zLauB9TCLlQdhwdpA+y1EwJtqb7J79C956t9RZ5ii1wYG64Jm2yTvz1htq8T8ax1tcEETNpdg+XWSlg4/FKKS0wd5tJRQ83njigj9m5ZDKpOjVK8WIpneDHKVhfXtQJL9zuekV3PRppwyZdNN4XW0tOGrYLf+C4x7Bi4Cyg7QeSQCYZPsuiTLk9IlsebHT7X45H12A0Nlp0poxCsrxXHjJ3w9IKtY/4d6ynzXPQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K0yeVlEuc11rxs77IGnKnKbg4sMYr2gGFoqpMwllzxs=; b=IWjaUlZ8kF3HeWQq8ypzcXQJEH+0TibHMEfbBIf5q2r1GZ7FBZnR8bCk/UC2JMcoQg7TAYJ+sKnPiR2yegWGq/VdZZNuYlHmJUnircx9PgoRCvHsFAQdDi+Fmmq7QrReGZFGFiXYwJ3YCEoXFZR6Q2iz7OqXKX5d/QpsgxpdbLc=
Received: from DM6PR00MB0572.namprd00.prod.outlook.com (20.179.51.15) by DM6PR00MB0585.namprd00.prod.outlook.com (20.179.51.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2546.0; Wed, 4 Dec 2019 00:29:52 +0000
Received: from DM6PR00MB0572.namprd00.prod.outlook.com ([fe80::1551:78f9:99c4:315d]) by DM6PR00MB0572.namprd00.prod.outlook.com ([fe80::1551:78f9:99c4:315d%9]) with mapi id 15.20.2553.000; Wed, 4 Dec 2019 00:29:50 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, Robert Sparks <rjsparks@nostrum.com>
CC: "jon.peterson@team.neustar" <jon.peterson@team.neustar>, "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Jwt-reg-review] JWT claim registration review request: draft-ietf-stir-passport-divert-05
Thread-Index: AQHU8WMr4b/wGdPGm0i8TGzj4rdZ76eqcLCAgAAgQ6A=
Date: Wed, 04 Dec 2019 00:29:50 +0000
Message-ID: <DM6PR00MB0572E54CA0BE1595C91972C4F55D0@DM6PR00MB0572.namprd00.prod.outlook.com>
References: <79a2286d-3ce3-9565-821a-651125619954@nostrum.com> <CA+k3eCTYbnGQ2Wmh44hj2ZVOphQr=EWqos0_CD=W4DBv-sJ9ww@mail.gmail.com>
In-Reply-To: <CA+k3eCTYbnGQ2Wmh44hj2ZVOphQr=EWqos0_CD=W4DBv-sJ9ww@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=4df44b58-5998-499f-888e-0000b6623557; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-12-04T00:29:19Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:9:c8b6:10f0:56aa:22ce]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 27325a20-550e-4cb2-bb96-08d778511360
x-ms-traffictypediagnostic: DM6PR00MB0585:
x-microsoft-antispam-prvs: <DM6PR00MB05853C05E3C57468A07F75CDF55D0@DM6PR00MB0585.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0241D5F98C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(366004)(346002)(376002)(396003)(199004)(189003)(14454004)(55016002)(74316002)(186003)(46003)(966005)(76176011)(66476007)(66556008)(76116006)(22452003)(64756008)(8676002)(86362001)(8990500004)(33656002)(11346002)(790700001)(66446008)(6116002)(71200400001)(66946007)(2906002)(446003)(99286004)(102836004)(25786009)(9686003)(6306002)(4326008)(7736002)(8936002)(6246003)(316002)(606006)(229853002)(6506007)(5660300002)(54896002)(10090500001)(478600001)(110136005)(7696005)(14444005)(236005)(256004)(81156014)(81166006)(54906003)(5024004)(10290500003)(71190400001)(52536014)(53546011)(6436002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR00MB0585; H:DM6PR00MB0572.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gP7Ocy4P80RUV84VT4HogQ6S7/Uxtu3UlI4smBMeXmckOqgz+ohghBcML4gnBCM6TEWdMhC3Y2KkTHzFexWVtmodHsL1gGi8hzC91bv+adsOYOlJPFD989SQiUWjWXqAw5Ka37aygz6EVX2KITqsl2i/+TWloG0YsZRfRSuvM8JrmADUQImcHBYlzcmmN9H4ppSitC9vOTSUIdTW7zFgWE5kHbEsreyoxwn9Lgmus4o1og4rJQTjPo1OLhLTmq9Drm3HjKFjyjogY8VMqZweSQilgJ/aU9lnJ2R8ipA5xfuRA+gB4TCViiY0hPQMi6AbIB4TiSZLRONVZcBIrmnIVrPOjhjogsYvcZpETtYzkabh1zUav+0mpLGxLlwMZ/bF6HEjmdOtbzqYsAhBbuLCMThz92LgeAiJhrGiLXitZDekLqL4pvDaukabWD/cK3ld60k67qMr6V1bqX8EPP2POiTMfoD4ClFEQsZHUDf+eeA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB0572E54CA0BE1595C91972C4F55D0DM6PR00MB0572namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 27325a20-550e-4cb2-bb96-08d778511360
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Dec 2019 00:29:50.8105 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DB5vsyIoNhkBTXrNKMfT3dSkWOLqj4I926HOgTABpWa8F6srlCuTXtFEGcHLVLDcdWO77nfQMRPMCpnO6U2kgA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0585
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/kzayZhh2iRNYSeRXHT_-VWwRj7g>
Subject: Re: [Jwt-reg-review] [EXTERNAL] Re: JWT claim registration review request: draft-ietf-stir-passport-divert-05
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 00:29:57 -0000
I agree that these issues should be addressed before the registrations are made.
-- Mike
From: Jwt-reg-review <jwt-reg-review-bounces@ietf.org> On Behalf Of Brian Campbell
Sent: Tuesday, December 3, 2019 2:34 PM
To: Robert Sparks <rjsparks@nostrum.com>
Cc: jon.peterson@team.neustar; jwt-reg-review@ietf.org
Subject: [EXTERNAL] Re: [Jwt-reg-review] JWT claim registration review request: draft-ietf-stir-passport-divert-05
The good folks at IANA recently reminded the DEs that this request hadn't been responded to. I'm not sure how that happened but apologies for the oversight.
In general I think these registrations are okay but there are a few things that could be tightened up or clarified. And a couple minor things I happened to notice while reading the draft to try and evaluate the registration request.
Sec 6 https://tools.ietf.org/html/draft-ietf-stir-passport-divert-07#section-6<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-stir-passport-divert-07%23section-6&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cc0eacfee74dd4b8f6ff008d77840f233%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637110092653793369&sdata=bdek%2B0XgqBvWFaaudamqOomTluwY6kZcJVuzs4pLZyI%3D&reserved=0> :
I think it'd be helpful if there was an explanation of what "opt" stood for or why those three letters were chosen. Is it original passport token maybe? That was my best guess.
I don't believe the text '"opt" MUST contain a quoted base64 encoded full-form PASSporT...' is quite right and I think it could potentially be misinterpreted in different ways (like it sorta suggests that the JWT is again base64 encoded). From looking at the example and other content my guess is that it should say something more like, 'The value of the "opt" claim is a JSON string containing a full-form PASSporT...'.
typo "identifiier" in sec 3 https://tools.ietf.org/html/draft-ietf-stir-passport-divert-07#section-3<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-stir-passport-divert-07%23section-3&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cc0eacfee74dd4b8f6ff008d77840f233%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637110092653798362&sdata=Qntcs7mfLuzNrGeaHsZTW6XpAsgylYuVwWDWRrQBb7s%3D&reserved=0>
The claims set example in sec 5 https://tools.ietf.org/html/draft-ietf-stir-passport-divert-07#section-5<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-stir-passport-divert-07%23section-5&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cc0eacfee74dd4b8f6ff008d77840f233%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637110092653808365&sdata=r3HszWuYwfv9QSaTWZEBYmY5ZUrvw1K9BMJgFSgDeBc%3D&reserved=0> has one too many closing "}" so isn't valid JSON.
On Fri, Apr 12, 2019 at 1:08 PM Robert Sparks <rjsparks@nostrum.com<mailto:rjsparks@nostrum.com>> wrote:
Please review the JWT claim registration requests in sections 10.1 and
10.2 of
<https://datatracker.ietf.org/doc/draft-ietf-stir-passport-divert<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-stir-passport-divert&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cc0eacfee74dd4b8f6ff008d77840f233%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637110092653813362&sdata=JZ5u5C%2FOR%2BKfnPDXcuSLtRzsNc7703NoPoPaIkuMtZw%3D&reserved=0>>
Robert Sparks - STIR WG co-chair
_______________________________________________
Jwt-reg-review mailing list
Jwt-reg-review@ietf.org<mailto:Jwt-reg-review@ietf.org>
https://www.ietf.org/mailman/listinfo/jwt-reg-review<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fjwt-reg-review&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cc0eacfee74dd4b8f6ff008d77840f233%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637110092653818358&sdata=3AoMXxdSwDRKxTEffUgU00P%2BzUYZ4IdF95Xr7a2L4ls%3D&reserved=0>
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
- [Jwt-reg-review] JWT claim registration review re… Robert Sparks
- Re: [Jwt-reg-review] JWT claim registration revie… Brian Campbell
- Re: [Jwt-reg-review] [EXTERNAL] Re: JWT claim reg… Mike Jones