Re: [Jwt-reg-review] Request to register claim: permissions
Eve Maler <eve.maler@forgerock.com> Mon, 24 July 2017 00:02 UTC
Return-Path: <eve.maler@forgerock.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25CC912EA95 for <jwt-reg-review@ietfa.amsl.com>; Sun, 23 Jul 2017 17:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Txaf9I8QLcnB for <jwt-reg-review@ietfa.amsl.com>; Sun, 23 Jul 2017 17:02:14 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00349124BE8 for <jwt-reg-review@ietf.org>; Sun, 23 Jul 2017 17:02:13 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id e124so52266138oig.2 for <jwt-reg-review@ietf.org>; Sun, 23 Jul 2017 17:02:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GgX9b5HWHDovJwZ5loffsw364fpbL/HABNo+kMI9zC0=; b=Ouy9qqF4yWVilNLpIpU0c8ioDYFnjQVO61FH/vjrZHWDQ/KCz7kZDZnGJxOy6lV5Ce zvV+FdbtiLVaAZYAbODrOJzcmg9+p+BEEo/6sjjZrnhWwCjxOj5GOFnx/gp2L1rb4+Zv pOd4mGUcYXKGpMMHRAgODieHJEQPUxWoMOYng=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GgX9b5HWHDovJwZ5loffsw364fpbL/HABNo+kMI9zC0=; b=AuNEgyIdClF0jR1UTkrbFaekCNNIt7cIhhXLctYi30Dyt0eqFVpQIHyfaB8wEDJyY8 MY90s/HXGgSBxH8J8F8xQcST8F+wCuZRoowjXSIz7RSy5TEnc+WPjGz+/ry+RNhrskNp zLcmfuPLPEVFzmQJX1AqK7G3i2oTlzepJeSwPDVmSo27f0R6V9VsyzLFTmZubW/+H+uP Y3G2KGpq43wElrfQdfYWxZNvQ03pbm1j3RkrezPh2JH0Arnxtthjtzj0L/KMJ5wjE5d1 U3BBWv0+9EWKYmdnkJkDb8XJ7cO0l24hElcCq16rhmdlugzQXatsjSbmdpVKfEPwAWk2 No8w==
X-Gm-Message-State: AIVw11277LAxgpSs1cskskLAAxUTs4D4V6TAPhgA+YtevKvyDFnK9WXi fUlRMUbNtfSFVELUq8NSX10aEWfbJM4V
X-Received: by 10.202.170.84 with SMTP id t81mr3253242oie.237.1500854532938; Sun, 23 Jul 2017 17:02:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.58.138 with HTTP; Sun, 23 Jul 2017 17:01:57 -0700 (PDT)
In-Reply-To: <CA+k3eCRPevg3CNUTXgsQMn4Yg8sPcmEyixbova+DGx9=Ski4kw@mail.gmail.com>
References: <CAMPbGmjim97Ww31RT3ybwZuoL2UA-p3ad8qRYC10kG69HQ1c8w@mail.gmail.com> <CA+k3eCRPevg3CNUTXgsQMn4Yg8sPcmEyixbova+DGx9=Ski4kw@mail.gmail.com>
From: Eve Maler <eve.maler@forgerock.com>
Date: Sun, 23 Jul 2017 17:01:57 -0700
Message-ID: <CAMPbGmhtKuqK+XMgUna5N-TgxON1bXGyDiHz4g=ffBfNWTJDow@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Cc: jwt-reg-review@ietf.org, Maciej Machulak <maciej.machulak@gmail.com>, Justin Richer <justin@bspk.io>
Content-Type: multipart/alternative; boundary="001a113cd0f24bb516055504ed4d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/vFlv4_gEIAGlRk7wO3I2fBZzUkM>
Subject: Re: [Jwt-reg-review] Request to register claim: permissions
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 00:02:17 -0000
Hi Brian-- The Work Group has discussed this, and decided to rescind our registration request. Thanks very much for your time and feedback. We may come back at a later date with something more fully considered. *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Wed, Jun 28, 2017 at 1:24 PM, Brian Campbell <bcampbell@pingidentity.com> wrote: > Hi Eve, > > I think a bit more revision work on the document is needed before this > request to register the 'permissions' JWT claim can be sent to IANA. > > Section 5 kind of sort of implies the possible use of JWT in saying, > "Validate the RPT locally if it is self-contained" but otherwise JWT isn't > mentioned in the document at all other than the IANA request in Section > 9.2. (which cites [OIDCCore] regarding JWT claim registration rather than > RFC 7519 that it should be - see https://tools.ietf.org/html/rf > c7800#section-6.1 for an example). For that matter RFC 7519, which > defines JSON Web Token and established the claims registry, isn't even > referenced in the document. > > Section 5.1.1 > <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html#uma-bearer-token-profile>. > is about the 'permissions' parameter in the Token Introspection response. > While there are similarities in how they sometimes are used, the > introspection response parameters and JWT claims are distinct and different > things. Sec 5.1.1. can't be said to define a JWT claim. At the least, I > would expect some definition of the 'permissions' claim in JWT even if it > just cites the introspection response parameter and says it means the same > thing but is a claim in a self-contained JWT. I'm guessing that was more or > less the intent. But that's a lot of inferring and I believe a > specification and IANA registration need to be more explicit. > > > > > > On Fri, Jun 16, 2017 at 6:41 PM, Eve Maler <eve.maler@forgerock.com> > wrote: > >> As required by RFC 7519 Section 10.1, the authors of the specification Federated >> Authorization for User-Managed Access (UMA) 2.0 >> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html> are >> requesting to register the following claim: >> >> - permissions >> >> The claim definition appears in Section 5.1.1 >> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html#uma-bearer-token-profile>. >> The IANA request appears in Section 9.2 >> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html#rfc.section.9.2> >> . >> >> Thank you. We look forward to your response. >> >> >> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging >> Technology >> Cell +1 425.345.6756 <(425)%20345-6756> | Skype: xmlgrrl | Twitter: >> @xmlgrrl >> >> _______________________________________________ >> Jwt-reg-review mailing list >> Jwt-reg-review@ietf.org >> https://www.ietf.org/mailman/listinfo/jwt-reg-review >> >> > > > -- > <https://www.pingidentity.com>[image: Ping Identity] > <https://www.pingidentity.com> > Brian Campbell > Distinguished Engineer > bcampbell@pingidentity.com > w: +1 720.317.2061 <(720)%20317-2061> > c: +1 303.918.9415 <(303)%20918-9415> > Connect with us: [image: Glassdoor logo] > <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> [image: > LinkedIn logo] <https://www.linkedin.com/company/21870> [image: twitter > logo] <https://twitter.com/pingidentity> [image: facebook logo] > <https://www.facebook.com/pingidentitypage> [image: youtube logo] > <https://www.youtube.com/user/PingIdentityTV> [image: Google+ logo] > <https://plus.google.com/u/0/114266977739397708540> [image: Blog logo] > <https://www.pingidentity.com/en/blog.html> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*
- [Jwt-reg-review] Request to register claim: permi… Eve Maler
- Re: [Jwt-reg-review] Request to register claim: p… Brian Campbell
- Re: [Jwt-reg-review] Request to register claim: p… Eve Maler
- Re: [Jwt-reg-review] Request to register claim: p… Brian Campbell