IETF Logo Mail Archive

Re: [Jwt-reg-review] Request to register claim: permissions

Eve Maler <eve.maler@forgerock.com> Mon, 24 July 2017 00:02 UTC

Return-Path: <eve.maler@forgerock.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25CC912EA95 for <jwt-reg-review@ietfa.amsl.com>; Sun, 23 Jul 2017 17:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Txaf9I8QLcnB for <jwt-reg-review@ietfa.amsl.com>; Sun, 23 Jul 2017 17:02:14 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00349124BE8 for <jwt-reg-review@ietf.org>; Sun, 23 Jul 2017 17:02:13 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id e124so52266138oig.2 for <jwt-reg-review@ietf.org>; Sun, 23 Jul 2017 17:02:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GgX9b5HWHDovJwZ5loffsw364fpbL/HABNo+kMI9zC0=; b=Ouy9qqF4yWVilNLpIpU0c8ioDYFnjQVO61FH/vjrZHWDQ/KCz7kZDZnGJxOy6lV5Ce zvV+FdbtiLVaAZYAbODrOJzcmg9+p+BEEo/6sjjZrnhWwCjxOj5GOFnx/gp2L1rb4+Zv pOd4mGUcYXKGpMMHRAgODieHJEQPUxWoMOYng=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GgX9b5HWHDovJwZ5loffsw364fpbL/HABNo+kMI9zC0=; b=AuNEgyIdClF0jR1UTkrbFaekCNNIt7cIhhXLctYi30Dyt0eqFVpQIHyfaB8wEDJyY8 MY90s/HXGgSBxH8J8F8xQcST8F+wCuZRoowjXSIz7RSy5TEnc+WPjGz+/ry+RNhrskNp zLcmfuPLPEVFzmQJX1AqK7G3i2oTlzepJeSwPDVmSo27f0R6V9VsyzLFTmZubW/+H+uP Y3G2KGpq43wElrfQdfYWxZNvQ03pbm1j3RkrezPh2JH0Arnxtthjtzj0L/KMJ5wjE5d1 U3BBWv0+9EWKYmdnkJkDb8XJ7cO0l24hElcCq16rhmdlugzQXatsjSbmdpVKfEPwAWk2 No8w==
X-Gm-Message-State: AIVw11277LAxgpSs1cskskLAAxUTs4D4V6TAPhgA+YtevKvyDFnK9WXi fUlRMUbNtfSFVELUq8NSX10aEWfbJM4V
X-Received: by 10.202.170.84 with SMTP id t81mr3253242oie.237.1500854532938; Sun, 23 Jul 2017 17:02:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.58.138 with HTTP; Sun, 23 Jul 2017 17:01:57 -0700 (PDT)
In-Reply-To: <CA+k3eCRPevg3CNUTXgsQMn4Yg8sPcmEyixbova+DGx9=Ski4kw@mail.gmail.com>
References: <CAMPbGmjim97Ww31RT3ybwZuoL2UA-p3ad8qRYC10kG69HQ1c8w@mail.gmail.com> <CA+k3eCRPevg3CNUTXgsQMn4Yg8sPcmEyixbova+DGx9=Ski4kw@mail.gmail.com>
From: Eve Maler <eve.maler@forgerock.com>
Date: Sun, 23 Jul 2017 17:01:57 -0700
Message-ID: <CAMPbGmhtKuqK+XMgUna5N-TgxON1bXGyDiHz4g=ffBfNWTJDow@mail.gmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
Cc: jwt-reg-review@ietf.org, Maciej Machulak <maciej.machulak@gmail.com>, Justin Richer <justin@bspk.io>
Content-Type: multipart/alternative; boundary="001a113cd0f24bb516055504ed4d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/vFlv4_gEIAGlRk7wO3I2fBZzUkM>
Subject: Re: [Jwt-reg-review] Request to register claim: permissions
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 00:02:17 -0000

Hi Brian-- The Work Group has discussed this, and decided to rescind our
registration request. Thanks very much for your time and feedback. We may
come back at a later date with something more fully considered.


*Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl

On Wed, Jun 28, 2017 at 1:24 PM, Brian Campbell <bcampbell@pingidentity.com>
wrote:

> Hi Eve,
>
> I think a bit more revision work on the document is needed before this
> request to register the 'permissions' JWT claim can be sent to IANA.
>
> Section 5 kind of sort of implies the possible use of JWT in saying,
> "Validate the RPT locally if it is self-contained" but otherwise JWT isn't
> mentioned in the document at all other than the IANA request in Section
> 9.2. (which cites [OIDCCore] regarding JWT claim registration rather than
> RFC 7519 that it should be - see https://tools.ietf.org/html/rf
> c7800#section-6.1 for an example).  For that matter RFC 7519, which
> defines JSON Web Token and established the claims registry, isn't even
> referenced in the document.
>
> Section 5.1.1
> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html#uma-bearer-token-profile>.
> is about the 'permissions' parameter in the Token Introspection response.
> While there are similarities in how they sometimes are used, the
> introspection response parameters and JWT claims are distinct and different
> things. Sec 5.1.1. can't be said to define a JWT claim. At the least, I
> would expect some definition of the 'permissions' claim in JWT even if it
> just cites the introspection response parameter and says it means the same
> thing but is a claim in a self-contained JWT. I'm guessing that was more or
> less the intent. But that's a lot of inferring and I believe a
> specification and IANA registration need to be more explicit.
>
>
>
>
>
> On Fri, Jun 16, 2017 at 6:41 PM, Eve Maler <eve.maler@forgerock.com>
> wrote:
>
>> As required by RFC 7519 Section 10.1, the authors of the specification Federated
>> Authorization for User-Managed Access (UMA) 2.0
>> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html>  are
>> requesting to register the following claim:
>>
>>    - permissions
>>
>> The claim definition appears in Section 5.1.1
>> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html#uma-bearer-token-profile>.
>> The IANA request appears in Section 9.2
>> <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-05.html#rfc.section.9.2>
>> .
>>
>> Thank you. We look forward to your response.
>>
>>
>> *Eve Maler*ForgeRock Office of the CTO | VP Innovation & Emerging
>> Technology
>> Cell +1 425.345.6756 <(425)%20345-6756> | Skype: xmlgrrl | Twitter:
>> @xmlgrrl
>>
>> _______________________________________________
>> Jwt-reg-review mailing list
>> Jwt-reg-review@ietf.org
>> https://www.ietf.org/mailman/listinfo/jwt-reg-review
>>
>>
>
>
> --
> <https://www.pingidentity.com>[image: Ping Identity]
> <https://www.pingidentity.com>
> Brian Campbell
> Distinguished Engineer
> bcampbell@pingidentity.com
> w: +1 720.317.2061 <(720)%20317-2061>
> c: +1 303.918.9415 <(303)%20918-9415>
> Connect with us: [image: Glassdoor logo]
> <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> [image:
> LinkedIn logo] <https://www.linkedin.com/company/21870> [image: twitter
> logo] <https://twitter.com/pingidentity> [image: facebook logo]
> <https://www.facebook.com/pingidentitypage> [image: youtube logo]
> <https://www.youtube.com/user/PingIdentityTV> [image: Google+ logo]
> <https://plus.google.com/u/0/114266977739397708540> [image: Blog logo]
> <https://www.pingidentity.com/en/blog.html>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*

v2.23.0 | Report a Bug | By Email