Re: [oauth-ext-review] Request to register OAuth parameters
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 24 November 2015 11:35 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth-ext-review@ietfa.amsl.com
Delivered-To: oauth-ext-review@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C45B1B2FE7 for <oauth-ext-review@ietfa.amsl.com>; Tue, 24 Nov 2015 03:35:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.785
X-Spam-Level:
X-Spam-Status: No, score=-1.785 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kmIbS-DHRkOP for <oauth-ext-review@ietfa.amsl.com>; Tue, 24 Nov 2015 03:35:25 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1294C1B2FDE for <oauth-ext-review@ietf.org>; Tue, 24 Nov 2015 03:35:24 -0800 (PST)
Received: from [192.168.10.143] ([80.92.121.34]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LgMCe-1adsjQ0Oou-00ngHd; Tue, 24 Nov 2015 12:35:16 +0100
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth-ext-review@ietf.org" <oauth-ext-review@ietf.org>
References: <BY2PR03MB4424406C33CD644C5B95956F5110@BY2PR03MB442.namprd03.prod.outlook.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <56544B70.2090502@gmx.net>
Date: Tue, 24 Nov 2015 12:35:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <BY2PR03MB4424406C33CD644C5B95956F5110@BY2PR03MB442.namprd03.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="FgQb0gssOXgExeN0Lxfu9vrvu2tkwVjQM"
X-Provags-ID: V03:K0:3JV7z3OujUibRvhzwKJLH5SR/ck/m9k7T6DnnrzhDnWHlX8acOQ z1fxnApVmFanoMrRV+QPls0m2vbCk5Chzj+QL04l5Ye8UpylUSScL922F3R7x8lyW1ajJGR I1raGX2Y5T0+SGvJ37GgT9uyRaxrCOlJF0nwuBqxdc2nIRBXIrt8MJTW/SkbL7a3KzHo5nL OboNFMQyRqaAm+sw0Zxtg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:pI5CNCn2AHM=:WhjfEPXU6VG9/9TU5SqmmF cbyhwC73mjdzaEp11mbAwMAz2NOwKALMGbUuA8xphxtP3U8rfbIyGhZHuczUS+ce10tePH5oF uLSpaQDykS7pl7/ennbBnzbHwgBHhbyXaaCfekGQT6UIFOONgOmoypXY3L1ZvWJtA6CupU9ds acAMIOY9YZD6TuZ1SyjBfam5XWyUOrz3MU04MSKqHh/v4IXEdDgTH6+iXuH7+tIK+ygNR2NYO g82uQYeeG879aixf6CxomRC7La8eXG3UHdTUC2vQ0Aa3MY7RpWeDzlM/bGShzCX24RpRyZt4W xNSf6K/xtX3idzF8UqXzGKgBFKham+J0KlKlCt9s0sTfUT8UKRyl1qPtRopTCprTnDCOt8r3L oPFJ2FiyliCit/IxMB5v2rUwpoFq/6zmxH05lT1XFBxKb2WLBdcfvPNZJhRwlzX1bYx7ahWVT cUtw6upv3fC4JYUF8YaRUjChGEtECsWuR7weB4T74L5w4gv7xEi9rOCp6i2zis+eaMdt6sKML vwIwtPys0V/H6il4lQ7gQ6ptgeF9iqzh3Y73qk4rWyLc7wxJf6nwAe7I+P3Ezgjd7JiX36Bua iixrZRNd3j1Rxi858+Aq2SvnesvIgdGcNmZ3X1AAVS+nF4E7cXyrxx/ANWrPb8RPgC/mmfMlf ZXJsMZ4vqZ3aDQ5iJyrGdMJQJjta8Ye8fmjH/xU2GlPDRvYKfm3jux9ynZ+bD0HEQ3IrpQF0+ KyQDZHp55a3YaHUTNQnXb9/tJgJrKRWhLly9socHhIe+aWbyMENmKnJQWx4=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth-ext-review/ZdaCs5WFijRWyH6yv6GoKvggxQI>
Subject: Re: [oauth-ext-review] Request to register OAuth parameters
X-BeenThere: oauth-ext-review@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Review of proposed IANA registrations for OAuth." <oauth-ext-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth-ext-review/>
List-Post: <mailto:oauth-ext-review@ietf.org>
List-Help: <mailto:oauth-ext-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2015 11:35:28 -0000
Hi Mike, thanks for the request. I have read through the list of items and I don't see a problem with the proposed entries to the two registries. Hence, I approve them. I only have one minor question: Do you think that the change controller should be the 'OpenID Foundation Artifact Binding Working Group'? I would have rather said that it would better be the OpenID Foundation in general since that specific working group may not exist forever. To IANA: Use the text from the original email since the text below seems to be garbled. Also note that the words 'Section 2 of this document' refer to Section 2 of this specification: http://openid.net/specs/openid-connect-registration-1_0-29.html Ciao Hannes On 11/13/2015 08:47 PM, Mike Jones wrote: > Dear Designated Experts and IANA, > > > > I am writing to you on behalf of the OpenID Connect Artifact Binding > working group requesting to register the OAuth Dynamic Client > Registration Metadata and OAuth Token Endpoint Authentication Methods > parameters defined in > http://openid.net/specs/openid-connect-registration-1_0-29.html#IANA. > The individual registration requests are repeated below. > > > > These parameters were defined in the OpenID Dynamic Client Registration > specification that became final in February, 2014. Now that the OAuth > Dynamic Client Registration Metadata registry and the OAuth Token > Endpoint Authentication Methods registries have been established at > http://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#client-metadata > and > http://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method, > those parameters not already registered by RFC 7591 are now being > registered. > > > > Thank you, > > -- Mike > > > > ------------------------------------------------------------------------ > > * TOC * > <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> > > > 10.1. OAuth Dynamic Client Registration Metadata Registration > > This specification registers the following client metadata definitions > in the IANA "OAuth Dynamic Client Registration Metadata" registry > [IANA.OAuth.Parameters] > <http://openid.net/specs/openid-connect-registration-1_0-29.html#IANA.OAuth.Parameters> > established by [RFC7591] > <http://openid.net/specs/openid-connect-registration-1_0-29.html#RFC7591>: > > > > ------------------------------------------------------------------------ > > * TOC * > <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> > > > 10.1.1. Registry Contents > > · Client Metadata Name: application_type > > · Client Metadata Description: Kind of the application -- > "native" or "web" > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: sector_identifier_uri > > · Client Metadata Description: URL using the httpsscheme to be > used in calculating Pseudonymous Identifiers by the OP > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: subject_type > > · Client Metadata Description: subject_typerequested for > responses to this Client -- "pairwise" or "public" > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: id_token_signed_response_alg > > · Client Metadata Description: JWS algalgorithm REQUIRED for > signing the ID Token issued to this Client > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: id_token_encrypted_response_alg > > · Client Metadata Description: JWE algalgorithm REQUIRED for > encrypting the ID Token issued to this Client > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: id_token_encrypted_response_enc > > · Client Metadata Description: JWE encalgorithm REQUIRED for > encrypting the ID Token issued to this Client > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: userinfo_signed_response_alg > > · Client Metadata Description: JWS algalgorithm REQUIRED for > signing UserInfo Responses > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: userinfo_encrypted_response_alg > > · Client Metadata Description: JWE algalgorithm REQUIRED for > encrypting UserInfo Responses > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: userinfo_encrypted_response_enc > > · Client Metadata Description: JWE encalgorithm REQUIRED for > encrypting UserInfo Responses > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: request_object_signing_alg > > · Client Metadata Description: JWS algalgorithm that MUST be used > for signing Request Objects sent to the OP > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: request_object_encryption_alg > > · Client Metadata Description: JWE algalgorithm the RP is > declaring that it may use for encrypting Request Objects sent to the OP > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: request_object_encryption_enc > > · Client Metadata Description: JWE encalgorithm the RP is > declaring that it may use for encrypting Request Objects sent to the OP > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: token_endpoint_auth_signing_alg > > · Client Metadata Description: JWS algalgorithm that MUST be used > for signing the JWT used to authenticate the Client at the Token > Endpoint for the private_key_jwtand client_secret_jwtauthentication methods > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: default_max_age > > · Client Metadata Description: Default Maximum Authentication Age > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: require_auth_time > > · Client Metadata Description: Boolean value specifying whether > the auth_timeClaim in the ID Token is REQUIRED > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: default_acr_values > > · Client Metadata Description: Default requested Authentication > Context Class Reference values > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: initiate_login_uri > > · Client Metadata Description: URI using the httpsscheme that a > third party can use to initiate a login by the RP > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > · Client Metadata Name: request_uris > > · Client Metadata Description: Array of request_urivalues that > are pre-registered by the RP for use at the OP > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 2 (Client Metadata) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#ClientMetadata> > of this document > > > > ------------------------------------------------------------------------ > > * TOC * > <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> > > > 10.2. OAuth Token Endpoint Authentication Methods Registration > > This specification registers the following token endpoint authentication > methods in the IANA "OAuth Token Endpoint Authentication Methods" > registry [IANA.OAuth.Parameters] > <http://openid.net/specs/openid-connect-registration-1_0-29.html#IANA.OAuth.Parameters> > established by [RFC7591] > <http://openid.net/specs/openid-connect-registration-1_0-29.html#RFC7591>: > > > > ------------------------------------------------------------------------ > > * TOC * > <http://openid.net/specs/openid-connect-registration-1_0-29.html#toc> > > > 10.2.1. Registry Contents > > · Token Endpoint Authentication Method Name: client_secret_jwt > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 9 of OpenID Connect Core 1.0 > [OpenID.Core] (Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., > and C. Mortimore, “OpenID Connect Core 1.0,” August 2015.) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#OpenID.Core> > > > · Token Endpoint Authentication Method Name: private_key_jwt > > · Change Controller: OpenID Foundation Artifact Binding Working > Group - openid-specs-ab@lists.openid.net > > · Specification Document(s): Section 9 of OpenID Connect Core 1.0 > [OpenID.Core] (Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., > and C. Mortimore, “OpenID Connect Core 1.0,” August 2015.) > <http://openid.net/specs/openid-connect-registration-1_0-29.html#OpenID.Core> > > > >
- [oauth-ext-review] Request to register OAuth para… Mike Jones
- Re: [oauth-ext-review] Request to register OAuth … Hannes Tschofenig
- Re: [oauth-ext-review] Request to register OAuth … Mike Jones
- Re: [oauth-ext-review] Request to register OAuth … Hannes Tschofenig
- [oauth-ext-review] Fwd: Re: Request to register O… Hannes Tschofenig