Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"
Torsten Lodderstedt <torsten@lodderstedt.net> Sat, 21 July 2018 16:53 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 195A4130DC4 for <oauth@ietfa.amsl.com>; Sat, 21 Jul 2018 09:53:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.308
X-Spam-Level:
X-Spam-Status: No, score=0.308 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L3=2.899, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzVnKZpXL9A7 for <oauth@ietfa.amsl.com>; Sat, 21 Jul 2018 09:53:49 -0700 (PDT)
Received: from smtprelay07.ispgateway.de (smtprelay07.ispgateway.de [134.119.228.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 705B6127333 for <oauth@ietf.org>; Sat, 21 Jul 2018 09:53:49 -0700 (PDT)
Received: from [80.187.120.149] (helo=[10.150.89.103]) by smtprelay07.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <torsten@lodderstedt.net>) id 1fgv8c-0000iE-BP; Sat, 21 Jul 2018 18:53:46 +0200
Content-Type: multipart/signed; boundary="Apple-Mail-8A4A1502-B77E-4B92-809A-94B29C196706"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (1.0)
From: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Mailer: iPad Mail (15F79)
In-Reply-To: <670e70fd-d494-9153-9b41-5cab0eab0dd0@cozmanova.com>
Date: Sat, 21 Jul 2018 18:53:45 +0200
Cc: Phil Hunt <phil.hunt@oracle.com>, Rob Otto <robotto=40pingidentity.com@dmarc.ietf.org>, oauth <oauth@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <69007A95-2BD2-4CF9-A6BB-0182F60E8D77@lodderstedt.net>
References: <CAGL6epJQ7qrdTv+RrNhuJ_GqKHzFRV=YDA1aswtTiE9NmK6LjQ@mail.gmail.com> <CAAP42hAusd1vyAGFHTQ46FuODXFrUjEg6BaL7m3th25gy5RC=g@mail.gmail.com> <CA+k3eCQvb2D5NaDeSK1Fys2c8Sam46h2Q5FkpyVxM4Puo1VDdQ@mail.gmail.com> <CABh6VRHkwY-AUVmGPU3VM76a5p8--Gn=iCRmAzsKn-DcghXaLw@mail.gmail.com> <E25B09C9-936A-4CD6-B446-051804564C7B@oracle.com> <670e70fd-d494-9153-9b41-5cab0eab0dd0@cozmanova.com>
To: Mark Dobrinic <mdobrinic@cozmanova.com>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/0Bi-Bs2P_XgYMUAO9BCZ_J6ZIZk>
Subject: Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jul 2018 16:53:52 -0000
Hi Mark, > Am 20.07.2018 um 17:47 schrieb Mark Dobrinic <mdobrinic@cozmanova.com>: > > I +1 this, thanks > > but at the same time, I'm wondering what happened with the argument that > this should be solved by Token Exchange instead of Introspect? We presented two use case in London, (1) providing evidence for the RS’s audit log and (2) providing/transforming tokens by a reverse proxy in front of a resource server. The WG advised us to consider token exchange for (2) so the current draft only addresses (1). kind regards, Torsten. > > Cheers! > > Mark > > >> On 20/07/18 17:39, Phil Hunt wrote: >> +1 adoption >> >> I have always been concerned about clients doing introspection. Use of >> jwt helps because responses further restricted rather than less (jwe). >> >> Phil >> >> On Jul 20, 2018, at 7:25 AM, Rob Otto >> <robotto=40pingidentity.com@dmarc.ietf.org >> <mailto:robotto=40pingidentity.com@dmarc.ietf.org>> wrote: >> >>> I support this as well >>> >>> On Fri, 20 Jul 2018 at 15:22, Brian Campbell >>> <bcampbell=40pingidentity.com@dmarc.ietf.org >>> <mailto:40pingidentity.com@dmarc.ietf.org>> wrote: >>> >>> +1 >>> >>> On Thu, Jul 19, 2018 at 1:51 PM, William Denniss >>> <wdenniss=40google.com@dmarc.ietf.org >>> <mailto:wdenniss=40google.com@dmarc..ietf.org>> wrote: >>> >>> I support adoption of this document by the working group. >>> >>> >>> On Thu, Jul 19, 2018 at 10:43 AM, Rifaat Shekh-Yusef >>> <rifaat.ietf@gmail.com <mailto:rifaat.ietf@gmail.com>> wrote: >>> >>> Hi all, >>> >>> This is the call for adoption of the 'JWT Response for >>> OAuth Token Introspection' document following the >>> presentation by Torsten at the Montreal IETF meeting where >>> we didn't have a chance to do a call for adoption in the >>> meeting itself. >>> >>> Here is presentation by Torsten: >>> https://datatracker.ietf.org/meeting/102/materials/slides-102-oauth-sessa-jwt-response-for-oauth-token-introspection-00 >>> >>> Here is the document: >>> https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-01 >>> >>> Please let us know by August 2nd whether you accept / >>> object to the adoption of this document as a starting >>> point for work in the OAuth working group. >>> >>> Regards, >>> Hannes & Rifaat >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> >>> /CONFIDENTIALITY NOTICE: This email may contain confidential and >>> privileged material for the sole use of the intended recipient(s). >>> Any review, use, distribution or disclosure by others is strictly >>> prohibited... If you have received this communication in error, >>> please notify the sender immediately by e-mail and delete the >>> message and any file attachments from your computer. Thank >>> you./_______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> >>> -- >>> <https://www.pingidentity.com>Ping Identity >>> <https://www.pingidentity.com> >>> Rob Otto >>> EMEA Field CTO/Solutions Architect >>> robertotto@pingidentity.com <mailto:robertotto@pingidentity.com> >>> >>> c: +44 (0) 777 135 6092 >>> >>> Connect with us: Glassdoor logo >>> <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> >>> LinkedIn logo <https://www.linkedin.com/company/21870> twitter logo >>> <https://twitter.com/pingidentity> facebook logo >>> <https://www.facebook.com/pingidentitypage> youtube logo >>> <https://www.youtube.com/user/PingIdentityTV> Google+ logo >>> <https://plus.google.com/u/0/114266977739397708540> Blog logo >>> <https://www.pingidentity.com/en/blog.html> >>> >>> <https://www.gartner.com/doc/reprints?id=1-5423XKW&ct=180620&st=sb> >>> >>> /CONFIDENTIALITY NOTICE: This email may contain confidential and >>> privileged material for the sole use of the intended recipient(s). Any >>> review, use, distribution or disclosure by others is strictly >>> prohibited.. If you have received this communication in error, please >>> notify the sender immediately by e-mail and delete the message and any >>> file attachments from your computer. Thank you./ >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>> https://www.ietf.org/mailman/listinfo/oauth >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Call for adoption of "JWT Response for… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for adoption of "JWT Response… William Denniss
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Anthony Nadalin
- Re: [OAUTH-WG] Call for adoption of "JWT Response… John Bradley
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Hannes Tschofenig
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Brian Campbell
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Rob Otto
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Phil Hunt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Mark Dobrinic
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Filip Skokan
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Hans Zandbelt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Rifaat Shekh-Yusef