Re: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"

Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org> Wed, 22 May 2019 15:49 UTC

Return-Path: <MiguelAngel.ReinaOrtega@etsi.org>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7309012015C for <jwt-reg-review@ietfa.amsl.com>; Wed, 22 May 2019 08:49:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.289
X-Spam-Level:
X-Spam-Status: No, score=-4.289 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=etsi.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-ju-r7lpS7T for <jwt-reg-review@ietfa.amsl.com>; Wed, 22 May 2019 08:49:26 -0700 (PDT)
Received: from relay.etsi.org (relay.etsi.org [195.238.226.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EC2812004F for <jwt-reg-review@ietf.org>; Wed, 22 May 2019 08:49:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=1524829736.etsi; d=etsi.org; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To:Content-Type: MIME-Version; i=MiguelAngel.ReinaOrtega@etsi.org; bh=oOe+tl+bc0MF/apIcYDMP+Mu+TXdrAl4ymOWWvJ4guU=; b=MO8Zzem2HYakVqWWUHkDzkykrdJtuLepTijKD3ArdTXbkl+1YHNJ2icAB96DgXWpTHaov8uCGB0l 4WPCJNOX5K1gJdeK4gnKym1+EGxnMXqu05zD3I+x7kvDLGDWG/LkIyE/cSXaIag9nz9f8+JDVSoC x99WHCuMEVfHJjsmM7A=
Received: from outbound.etsi.org (172.27.1.75) by relay.etsi.org id hslnoa2gvlc9 for <jwt-reg-review@ietf.org>; Wed, 22 May 2019 16:49:23 +0100 (envelope-from <MiguelAngel.ReinaOrtega@etsi.org>)
Received: from XMAIL.etsihq.org (172.27.1.75) by xMail.etsihq.org (172.27.1.75) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Wed, 22 May 2019 17:49:23 +0200
Received: from XMAIL.etsihq.org ([172.27.1.75]) by xMail.etsihq.org ([172.27.1.75]) with mapi id 15.00.1236.000; Wed, 22 May 2019 17:49:23 +0200
From: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org>
To: Brian Campbell <bcampbell@pingidentity.com>
CC: "jwt-reg-review@ietf.org" <jwt-reg-review@ietf.org>, PNNS <PNNS@etsi.org>
Thread-Topic: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"
Thread-Index: AdUPMhUNfRIGinBfSumW2jGWCJvh/AAwyFGAAAtdweAAJHlZgA==
Date: Wed, 22 May 2019 15:49:22 +0000
Message-ID: <a4ab46ed99314ad28e994a46520270fc@xMail.etsihq.org>
References: <52951ff3f45146a284bc3401f2260915@xMail.etsihq.org> <CA+k3eCQEB9LZKKTt-bKOaAXLGLtgDWPkXUBhd2KkiYF+gE8WYg@mail.gmail.com> <51607e41f1fa41038abab52bd23f9bda@xMail.etsihq.org>
In-Reply-To: <51607e41f1fa41038abab52bd23f9bda@xMail.etsihq.org>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.35.156.11]
Content-Type: multipart/alternative; boundary="_000_a4ab46ed99314ad28e994a46520270fcxMailetsihqorg_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/uOFbnT05cdxSwZNdy08jgKEAAlE>
Subject: Re: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 15:49:30 -0000

Dear Brian,

I have a couple of questions. First, regarding the pointer to the specification. Actually, the specification is going to be approved this week and publicly available soon. I could provide a pointer that will not work for the time being but it will in short time. Would that be fine? Or would it be better to provide a temp pointer that works right now but modify it later?

Second question is regarding the “scope” claim, the reason why it was requested is that it does not appear in the JSON Web token registry page. Is that just a mistake or is there a reason why it is not there?

Please, your advice will be very much appreciated.

Best regards.

-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<http://www.etsi.org/> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

From: Miguel Angel Reina Ortega
Sent: 22 May 2019 00:26
To: 'Brian Campbell' <bcampbell@pingidentity.com>
Cc: 'jwt-reg-review@ietf.org' <jwt-reg-review@ietf.org>rg>; PNNS <PNNS@etsi.org>
Subject: RE: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"

Dear Brian,

Thanks for your prompt response.

Indeed, you’re right, a Word document attached in an email is not sufficient. I sent it in that way for your review and confirmation before approving the document at ISG level (a bit chicken and egg problem).

I take note about your feedback on “scope” claim, bring that feedback to the ISG and if required as you said, I will make a new updated request which includes a pointer to the spec.

Best regards.

-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<http://www.etsi.org/> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

From: Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>
Sent: 21 May 2019 20:50
To: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>>
Cc: jwt-reg-review@ietf.org<mailto:jwt-reg-review@ietf.org>; PNNS <PNNS@etsi.org<mailto:PNNS@etsi.org>>
Subject: Re: [Jwt-reg-review] Request to register claims: "scope" , "at_use_nbr"

Hello Miguel,

RFC 7519 says that values for the JSON Web Token Claims Registry<https://tools.ietf.org/html/rfc7519#section-10.1> are registered on a Specification Required basis. RFC 5226 says that Specification Required<https://tools.ietf.org/html/rfc5226#section-4.1> means that the values and their meanings must be documented in a permanent and readily available public specification. I do not believe a Microsoft Word document as an email attachment is sufficient in that regard. This registration review request will need to be made again with a straightforward pointer to such a permanent and readily available public specification that defines the claim.

Also note that the 'scope' claim is being defined in Section 4.2 of OAuth 2.0 Token Exchange<https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-4.2> with effectively the same meaning.  Registration has already been requested from/by that document so isn't necessary from the ETSI GS NFV-SEC 022 perspective.

Thanks,
Brian Campbell
One of the (so called) Designated Experts for the JWT Claims Registry


On Mon, May 20, 2019 at 11:35 AM Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org<mailto:MiguelAngel.ReinaOrtega@etsi.org>> wrote:
Dear,
On behalf of ETSI NFV ISG, I would like to submit the following registration requests for the “JSON Web Token” registry:


  *   Claim Name: “scope”

  *   Claim Description: space-separated list of scope of operation values for which the access token is valid.
  *   Change Controller: ETSI (pnns@etsi.org<mailto:pnns@etsi.org>)

  *   Specification Document(s): Clause 5.5<https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims> of the present ETSI GS NFV-SEC 022<https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=54060> (attached)


  *   Claim Name: “at_use_nbr”
  *   Claim Description: Number of API requests for which the access token can be used.
  *   Change Controller: ETSI (pnns@etsi.org<mailto:pnns@etsi.org>)

  *   Specification Document(s): Clause 5.5<https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims> of the present ETSI GS NFV-SEC 022<https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=54060> (attached)

Best regards.


-----------------------------------------------------------------------------------------------------------------
Miguel Angel Reina Ortega – Testing Expert
Centre for Testing and Interoperability (CTI)
ETSI ● www.etsi.org<http://www.etsi.org/> ● miguelangel.reinaortega@etsi.org<mailto:miguelangel.reinaortega@etsi.org>
Phone: +33 (0)4 92 94 43 49 ● Mobile: +33 (0)6 76 73 60 99

This email may contain confidential information and is intended for
the use of the addressee only. Any unauthorized use may be unlawful.
If you receive this email by mistake, please advise the sender
immediately by using the reply facility in your email software.
Thank you for your co-operation.

_______________________________________________
Jwt-reg-review mailing list
Jwt-reg-review@ietf.org<mailto:Jwt-reg-review@ietf.org>
https://www.ietf.org/mailman/listinfo/jwt-reg-review


--
[Ping Identity]<https://www.pingidentity.com>

Brian Campbell
Distinguished Engineer
bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>
w: +1 720.317.2061
c: +1 303.918.9415


Connect with us:

[Glassdoor logo]<https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>[LinkedIn logo]<https://www.linkedin.com/company/21870>[twitter logo]<https://twitter.com/pingidentity>[facebook logo]<https://www.facebook.com/pingidentitypage>[youtube logo]<https://www.youtube.com/user/PingIdentityTV> [Blog logo] <https://www.pingidentity.com/en/blog.html>


[https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/freetrials-signature_header.png]
[https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/freetrials-signature-it.png]<https://www.pingidentity.com/en/lp/d/p14e-trial.html?utm_source=Email&utm_medium=p14e-trial-sso-mfa-emailsig&utm_campaign=p14e-trial-sso-mfa-emailsig>[https://www.pingidentity.com/content/dam/ping-6-2-assets/images/misc/emailSignature/freetrials-signature-dev.png]<https://developer.pingidentity.com/en/signup.html?utm_source=email&utm_medium=P14C-Trial-Email&utm_campaign=P14C-Trial-Email&utm_content=link>

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.