Re: [Jwt-reg-review] Requested review for IANA registration in draft-ietf-ace-oauth-authz
Brian Campbell <bcampbell@pingidentity.com> Fri, 10 January 2020 20:57 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01C3F120111 for <jwt-reg-review@ietfa.amsl.com>; Fri, 10 Jan 2020 12:57:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJx6WNOEoqVW for <jwt-reg-review@ietfa.amsl.com>; Fri, 10 Jan 2020 12:57:44 -0800 (PST)
Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DBCD120100 for <jwt-reg-review@ietf.org>; Fri, 10 Jan 2020 12:57:44 -0800 (PST)
Received: by mail-lf1-x141.google.com with SMTP id v201so2480910lfa.11 for <jwt-reg-review@ietf.org>; Fri, 10 Jan 2020 12:57:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=q21hQZ3N/IvEP7LqEwES+heaN5MTopjHDTcNcSdobwM=; b=A0sMsZVGU49daTIScV4mOss2knBk8aQQ0ef8hL2qTMgAtCnq/xTDp7iZAIZFDzlgUs ahI6ep6kkMPegMaqF3m8x+54Bzz309pU9KuMUXXyltEZ34EBwgvbun3gBm3wA/oIvpcP VOlcQH4NcR+xEyOOfxaDburZCMX6VLbIYD7vM+qN8D77KBhMR9J/FaLIuboPyOl+5O+l pvVvZ2809xU/HVHM6FAF6DxCIN88Ok7D/catre28kk/U6w6Ue8mB+aMKxbfFXZvgI12L KU7h1jK1N4caNNwwCKVbjk5cHbAaTDY58DQdwp7GcV4K/hPdke8E/xxKARD2+VALIeEP 6Hbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=q21hQZ3N/IvEP7LqEwES+heaN5MTopjHDTcNcSdobwM=; b=OJGc4Iy/bylRmrBXT5Q/VIoxu+z4+dHGp97kdPHEtDu4j/drskqRV1z+GQ+y+oUKX9 9nMGnQ9n2uJGrQgrW4McPB/7hKx8hKNjnewJ5BDQ783m/Lzfhbs84hJJ4IklieK8qQw/ Jvazs2E67h/lrRT3oB/FabCuVM2H6QqihTA37P5lfzg36mR+Tm4m8Q30d9nSG11gtIda KDJzuBS9txhaWDrclhwwvfUl+kK0SCP605j0ugGIoFfeRg3wqvrXPtMJx9mStQ3Qr83E hT2A4yQ4N3pW4W1lEste/vNrzFEn7c6iMydH+3Y9XvMC95OPXGq458soYl0qQ4VUN6fD mLjQ==
X-Gm-Message-State: APjAAAU28MOpM0W81C+hBVXtdNaah9s2Bf8HbL3xAznS77i80sxia3R+ GuQjInopGVHQMbcN1S7134bkxmcADvVxKZWqIiiVN4h3rO9O3nAq5eEAAgmespWuCV/ylBhYGWX RvGjRMu5imFeXKWA+jde6aUZ/Sg==
X-Google-Smtp-Source: APXvYqxPH1mFmXXOPMF8ZtoE2ruod1Mf7n88fcl1/d31snKaft+BG9BDfB3ubsHGYMxwdQxHbUFJN3XxtefHqxiNTwE=
X-Received: by 2002:ac2:4d04:: with SMTP id r4mr3556056lfi.77.1578689862850; Fri, 10 Jan 2020 12:57:42 -0800 (PST)
MIME-Version: 1.0
References: <9c32d171-9a4a-ba71-c989-92a177d9e989@gmx.de> <dc02aa6c-5cfc-bfb1-9672-facf7eb17ad7@gmx.de>
In-Reply-To: <dc02aa6c-5cfc-bfb1-9672-facf7eb17ad7@gmx.de>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 10 Jan 2020 13:57:16 -0700
Message-ID: <CA+k3eCSnNdvZAZZmequkLdcU_OkgD2au7+yFZOMJT3w0CLsrOQ@mail.gmail.com>
To: Ludwig Seitz <ludwig_seitz@gmx.de>
Cc: jwt-reg-review@ietf.org, Roman Danyliw <rdd@cert.org>, Jim Schaad <ietf@augustcellars.com>, The IESG <iesg@ietf.org>, "ace@ietf.org" <ace@ietf.org>, drafts-lastcall@iana.org, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="0000000000007c7bac059bcf6054"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/sg9mIPG6NOgrlXj90WtpfbAGa8A>
Subject: Re: [Jwt-reg-review] Requested review for IANA registration in draft-ietf-ace-oauth-authz
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 20:57:48 -0000
I'm really struggling with understanding what the value of an "ace_profile" claim actually would be in a JWT. A JSON string that's the profile name (though 5.6.4.3 maybe prohibits that)? A JSON number that's an integer matching the CBOR Value? Something else? Is the value of "exi" in a JWT a JSON number? Seems likely but it's something that should probably be made explicit. Also for "exi", the requirement in 5.8.3. to "keep track of the identifiers of tokens containing the "exi" claim that have expired (in order to avoid accepting them again)" seems problematic in that it sounds like it's mandating an unbounded growth of memory use. The draft says that the "cnonce" claim (value) uses binary encoding. What does that mean for JSON based JWT? On Sat, Dec 21, 2019 at 4:35 AM Ludwig Seitz <ludwig_seitz@gmx.de> wrote: > Hello JWT registry reviewers, > > the IESG-designated experts for the JWT claims registry have asked me to > send a review request to you about the claims registered here: > > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.12 > > Thank you in advance for you review comments. > > Regards, > > Ludwig > > _______________________________________________ > Jwt-reg-review mailing list > Jwt-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/jwt-reg-review > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [Jwt-reg-review] Requested review for IANA regist… Ludwig Seitz
- Re: [Jwt-reg-review] Requested review for IANA re… Ludwig Seitz
- Re: [Jwt-reg-review] Requested review for IANA re… Brian Campbell
- Re: [Jwt-reg-review] [Ace] Requested review for I… Brian Campbell
- Re: [Jwt-reg-review] [Ace] Requested review for I… Brian Campbell
- Re: [Jwt-reg-review] [Ace] Requested review for I… Ludwig Seitz
- Re: [Jwt-reg-review] [Ace] Requested review for I… Brian Campbell
- [Jwt-reg-review] [IANA #1160802] Re: [Ace] Reques… Sabrina Tanamal via RT
- [Jwt-reg-review] [IANA #1160802] Re: [Ace] Reques… Sabrina Tanamal via RT
- [Jwt-reg-review] [IANA #1158948] Requested review… Sabrina Tanamal via RT
- Re: [Jwt-reg-review] [EXTERNAL] [IANA #1158948] R… Mike Jones
- Re: [Jwt-reg-review] [EXTERNAL] [IANA #1160802] R… Mike Jones
- [Jwt-reg-review] [IANA #1158948] Requested review… Sabrina Tanamal via RT