[oauth-ext-review] [IANA #1240049] FW: Request to register OAuth Parameter for OpenID Connect Logout Specifications
Sabrina Tanamal via RT <iana-prot-param@iana.org> Fri, 23 September 2022 16:14 UTC
Return-Path: <iana-shared@icann.org>
X-Original-To: oauth-ext-review@ietfa.amsl.com
Delivered-To: oauth-ext-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44059C1522A3 for <oauth-ext-review@ietfa.amsl.com>; Fri, 23 Sep 2022 09:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.657
X-Spam-Level:
X-Spam-Status: No, score=-6.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sNt643-yZkGn for <oauth-ext-review@ietfa.amsl.com>; Fri, 23 Sep 2022 09:14:01 -0700 (PDT)
Received: from smtp.lax.icann.org (smtp.lax.icann.org [IPv6:2620:0:2d0:201::1:81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5E7CC1526ED for <oauth-ext-review@ietf.org>; Fri, 23 Sep 2022 09:12:04 -0700 (PDT)
Received: from request4.lax.icann.org (request1.lax.icann.org [10.32.11.221]) by smtp.lax.icann.org (Postfix) with ESMTP id B0CC8E3992; Fri, 23 Sep 2022 16:12:03 +0000 (UTC)
Received: by request4.lax.icann.org (Postfix, from userid 48) id AC8A620805; Fri, 23 Sep 2022 16:12:03 +0000 (UTC)
RT-Owner: sabrina.tanamal
From: Sabrina Tanamal via RT <iana-prot-param@iana.org>
Reply-To: iana-prot-param@iana.org
In-Reply-To: <CO1PR00MB130847A0D5508965334CAFABF54E9@CO1PR00MB1308.namprd00.prod.outlook.com>
References: <RT-Ticket-1240049@icann.org> <SJ0PR00MB1317EB6F39949BEF4CC73A2CF5479@SJ0PR00MB1317.namprd00.prod.outlook.com> <AS8PR08MB59117311DCA0C1CB7F359712FA4D9@AS8PR08MB5911.eurprd08.prod.outlook.com> <PH0PR00MB131449989F8EAF90BBFC7BF4F54D9@PH0PR00MB1314.namprd00.prod.outlook.com> <AS8PR08MB59111A6BF45DDF426B5E45FBFA4D9@AS8PR08MB5911.eurprd08.prod.outlook.com> <CO1PR00MB130847A0D5508965334CAFABF54E9@CO1PR00MB1308.namprd00.prod.outlook.com>
Message-ID: <rt-4.4.3-28811-1663949523-37.1240049-37-0@icann.org>
X-RT-Loop-Prevention: IANA
X-RT-Ticket: IANA #1240049
X-Managed-BY: RT 4.4.3 (http://www.bestpractical.com/rt/)
X-RT-Originator: sabrina.tanamal@icann.org
To: Michael.Jones@microsoft.com
CC: oauth-ext-review@ietf.org
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Precedence: bulk
Date: Fri, 23 Sep 2022 16:12:03 +0000
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth-ext-review/D9NyIAem3E8olh0Og-VhvYAT-Ts>
Subject: [oauth-ext-review] [IANA #1240049] FW: Request to register OAuth Parameter for OpenID Connect Logout Specifications
X-BeenThere: oauth-ext-review@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "Review of proposed IANA registrations for OAuth." <oauth-ext-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth-ext-review/>
List-Post: <mailto:oauth-ext-review@ietf.org>
List-Help: <mailto:oauth-ext-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 16:14:06 -0000
Hi Mike, This update is complete: https://www.iana.org/assignments/oauth-parameters Best regards, Sabrina Tanamal Lead IANA Services Specialist On Thu Sep 22 17:44:48 2022, Michael.Jones@microsoft.com wrote: > Dear IANA, > > Can you please update the existing registration for the > "session_state" parameter at https://www.iana.org/assignments/oauth- > parameters/oauth-parameters.xhtml#parameters to use this reference and > this link to the reference? > > OpenID Connect Session Management 1.0, Section 2 > https://openid.net/specs/openid-connect-session- > 1_0.html#CreatingUpdatingSessions > > Thank you, > -- Mike > > From: Hannes Tschofenig <Hannes.Tschofenig@arm.com> > Sent: Monday, September 19, 2022 9:09 AM > To: Mike Jones <Michael.Jones@microsoft.com> > Cc: oauth-ext-review@ietf.org > Subject: RE: Request to register OAuth Parameter for OpenID Connect > Logout Specifications > > Thanks for the background, Mike. > > I approve the addition of the session_state parameter to the OAuth > Parameters registry. > > Ciao > Hannes > > From: Mike Jones > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> > Sent: Monday, September 19, 2022 5:38 PM > To: Hannes Tschofenig > <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> > Cc: oauth-ext-review@ietf.org<mailto:oauth-ext-review@ietf.org> > Subject: RE: Request to register OAuth Parameter for OpenID Connect > Logout Specifications > > The confusion is caused by OpenID Connect using the terms > Authentication Request and Authentication Response instead of the > OAuth terms Authorization Request and Authorization Response. The > connect Authentication messages are extensions to the OAuth > Authorization messages. For the OAuth registrations, the OAuth terms > are used. > > Hopefully that clears things up. > > -- Mike > > From: Hannes Tschofenig > <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> > Sent: Monday, September 19, 2022 4:17 AM > To: Mike Jones > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> > Cc: oauth-ext-review@ietf.org<mailto:oauth-ext-review@ietf.org> > Subject: RE: Request to register OAuth Parameter for OpenID Connect > Logout Specifications > > Hi Mike, > > A few questions: Here is the section that defines the session_state > parameter: > > " > 2. Creating and Updating Sessions > > In OpenID Connect, the session at the RP typically starts when the RP > validates the End-User's ID Token. Refer to the OpenID Connect Core > 1.0 [OpenID.Core]<https://openid.net/specs/openid-connect-session- > 1_0.html#OpenID.Core> specification to find out how to obtain an ID > Token and validate it. When the OP supports session management, it > MUST also return the Session State as an additional session_state > parameter in the Authentication Response and SHOULD also return the > Session State as an additional session_state parameter in the > Authentication Error Response. The OpenID Connect Authentication > Response is specified in Section 3.1.2.5 of OpenID Connect Core 1.0. > The OpenID Connect Authentication Error Response is specified in > Section 3.1.2.6 of OpenID Connect Core 1.0. > > This parameter is: > session_state > Session State. JSON [RFC7159]<https://openid.net/specs/openid-connect- > session-1_0.html#RFC7159> string that represents the End-User's login > state at the OP. It MUST NOT contain the space (" ") character. This > value is opaque to the RP. This is REQUIRED if session management is > supported. > > The Session State value is initially calculated on the server. The > same Session State value is also recalculated by the OP iframe in the > User Agent. The generation of suitable Session State values is > specified in Section 3.2<https://openid.net/specs/openid-connect- > session-1_0.html#OPiframe>, and is based on a salted cryptographic > hash of Client ID, origin URL, and OP User Agent state. For the origin > URL, the server can use the origin URL of the Authentication Response, > following the algorithm specified in Section 4 of RFC > 6454<https://openid.net/specs/openid-connect-session-1_0.html#RFC6454> > [RFC6454]. > " > > This text says that the session_state parameter is used in the > Authentication Response and in the Authentication Error Response. The > registration, however, is for the authorization response, and access > token response messages. So, there seems to be some inconsistency. > > Ciao > Hannes > > > From: Mike Jones > <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> > Sent: Tuesday, September 13, 2022 11:03 PM > To: Hannes Tschofenig > <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> > Cc: oauth-ext-review@ietf.org<mailto:oauth-ext-review@ietf.org> > Subject: Request to register OAuth Parameter for OpenID Connect Logout > Specifications > > Dear Designated Expert (Hannes), > > Can you please approve the following OAuth Parameter registration from > this specification? > > * https://openid.net/specs/openid-connect-session- > 1_0.html#ParametersContents "session_state" > > Thanks, > -- Mike > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose > the contents to any other person, use it for any purpose, or store or > copy the information in any medium. Thank you. > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose > the contents to any other person, use it for any purpose, or store or > copy the information in any medium. Thank you.
- [oauth-ext-review] Request to register OAuth Para… Mike Jones
- Re: [oauth-ext-review] Request to register OAuth … Hannes Tschofenig
- Re: [oauth-ext-review] Request to register OAuth … Mike Jones
- Re: [oauth-ext-review] Request to register OAuth … Hannes Tschofenig
- [oauth-ext-review] FW: Request to register OAuth … Mike Jones
- [oauth-ext-review] [IANA #1240049] FW: Request to… Sabrina Tanamal via RT