Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

Hi Mark,
> Am 20.07.2018 um 17:47 schrieb Mark Dobrinic <mdobrinic@cozmanova.com>:
> 
> I +1 this,

thanks

> 
> but at the same time, I'm wondering what happened with the argument that
> this should be solved by Token Exchange instead of Introspect?

We presented two use case in London, (1) providing evidence for the RS’s audit log and (2) providing/transforming tokens by a reverse proxy in front of a resource server.

The WG advised us to consider token exchange for (2) so the current draft only addresses (1).

kind regards,
Torsten.

> 
> Cheers!
> 
> Mark
> 
> 
>> On 20/07/18 17:39, Phil Hunt wrote:
>> +1 adoption
>> 
>> I have always been concerned about clients doing introspection. Use of
>> jwt helps because responses further restricted rather than less (jwe). 
>> 
>> Phil
>> 
>> On Jul 20, 2018, at 7:25 AM, Rob Otto
>> <robotto=40pingidentity.com@dmarc.ietf.org
>> <mailto:robotto=40pingidentity.com@dmarc.ietf.org>> wrote:
>> 
>>> I support this as well 
>>> 
>>> On Fri, 20 Jul 2018 at 15:22, Brian Campbell
>>> <bcampbell=40pingidentity.com@dmarc.ietf.org
>>> <mailto:40pingidentity.com@dmarc.ietf.org>> wrote:
>>> 
>>>    +1
>>> 
>>>    On Thu, Jul 19, 2018 at 1:51 PM, William Denniss
>>>    <wdenniss=40google.com@dmarc.ietf.org
>>>    <mailto:wdenniss=40google.com@dmarc..ietf.org>> wrote:
>>> 
>>>        I support adoption of this document by the working group.
>>> 
>>> 
>>>        On Thu, Jul 19, 2018 at 10:43 AM, Rifaat Shekh-Yusef
>>>        <rifaat.ietf@gmail.com <mailto:rifaat.ietf@gmail.com>> wrote:
>>> 
>>>            Hi all,
>>> 
>>>            This is the call for adoption of the 'JWT Response for
>>>            OAuth Token Introspection' document following the
>>>            presentation by Torsten at the Montreal IETF meeting where
>>>            we didn't have a chance to do a call for adoption in the
>>>            meeting itself.
>>> 
>>>            Here is presentation by Torsten:
>>>            https://datatracker.ietf.org/meeting/102/materials/slides-102-oauth-sessa-jwt-response-for-oauth-token-introspection-00
>>> 
>>>            Here is the document:
>>>            https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-01
>>> 
>>>            Please let us know by August 2nd whether you accept /
>>>            object to the adoption of this document as a starting
>>>            point for work in the OAuth working group.
>>> 
>>>            Regards,
>>>            Hannes & Rifaat
>>> 
>>>            _______________________________________________
>>>            OAuth mailing list
>>>            OAuth@ietf.org <mailto:OAuth@ietf.org>
>>>            https://www.ietf.org/mailman/listinfo/oauth
>>> 
>>> 
>>> 
>>>        _______________________________________________
>>>        OAuth mailing list
>>>        OAuth@ietf.org <mailto:OAuth@ietf.org>
>>>        https://www.ietf.org/mailman/listinfo/oauth
>>> 
>>> 
>>> 
>>>    /CONFIDENTIALITY NOTICE: This email may contain confidential and
>>>    privileged material for the sole use of the intended recipient(s).
>>>    Any review, use, distribution or disclosure by others is strictly
>>>    prohibited...  If you have received this communication in error,
>>>    please notify the sender immediately by e-mail and delete the
>>>    message and any file attachments from your computer. Thank
>>>    you./_______________________________________________
>>>    OAuth mailing list
>>>    OAuth@ietf.org <mailto:OAuth@ietf.org>
>>>    https://www.ietf.org/mailman/listinfo/oauth
>>> 
>>> 
>>> 
>>> -- 
>>> <https://www.pingidentity.com>Ping Identity
>>> <https://www.pingidentity.com>        
>>> Rob Otto    
>>> EMEA Field CTO/Solutions Architect    
>>> robertotto@pingidentity.com <mailto:robertotto@pingidentity.com>    
>>> 
>>> c: +44 (0) 777 135 6092    
>>> 
>>> Connect with us:    Glassdoor logo
>>> <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>
>>> LinkedIn logo <https://www.linkedin.com/company/21870> twitter logo
>>> <https://twitter.com/pingidentity>    facebook logo
>>> <https://www.facebook.com/pingidentitypage>    youtube logo
>>> <https://www.youtube.com/user/PingIdentityTV>    Google+ logo
>>> <https://plus.google.com/u/0/114266977739397708540> Blog logo
>>> <https://www.pingidentity.com/en/blog.html>    
>>> 
>>> <https://www.gartner.com/doc/reprints?id=1-5423XKW&ct=180620&st=sb>
>>> 
>>> /CONFIDENTIALITY NOTICE: This email may contain confidential and
>>> privileged material for the sole use of the intended recipient(s). Any
>>> review, use, distribution or disclosure by others is strictly
>>> prohibited..  If you have received this communication in error, please
>>> notify the sender immediately by e-mail and delete the message and any
>>> file attachments from your computer. Thank you./
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

Attachment: smime.p7s