Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-token-exchange-04.txt
Brian Campbell <bcampbell@pingidentity.com> Mon, 07 March 2016 15:52 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5DAC1B4337 for <oauth@ietfa.amsl.com>; Mon, 7 Mar 2016 07:52:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zy3hHGnF9jAs for <oauth@ietfa.amsl.com>; Mon, 7 Mar 2016 07:51:58 -0800 (PST)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E4C31B4336 for <oauth@ietf.org>; Mon, 7 Mar 2016 07:51:58 -0800 (PST)
Received: by mail-ig0-x229.google.com with SMTP id ig19so21077907igb.1 for <oauth@ietf.org>; Mon, 07 Mar 2016 07:51:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9BIudLF1VNDeqzTkv2zqVneRShhfe8ntOxGIY5ugWbY=; b=JNOMO6LILjmeU5E4VfKJU0LKhAAZJ4peGe32lpcam3kF17c+jUoWlQndw+iJNOTIt8 poJtqLSikoZ0dZh0DAF8CXY+2xWNeFntyydcdQGVcP750cbAKopEMh+vPxDmYvmJpfeA x/cUzj/j6BoVwZatmKluiTlJ3dao7d+bMo/A0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9BIudLF1VNDeqzTkv2zqVneRShhfe8ntOxGIY5ugWbY=; b=ieqt4oNhEN8VFlZZpkuVe4ol336h2tMw9tMFNpqdNIs7LkfidTlKqJV3nt1zMEWlR8 BtCAi4WkJOKwQRwPoLkP8rkvqOF2ayE/NJmDV5Lj1/9nn6Kkk5Ky6xmxspMkUoPWEjMM reZ75frmwU9V8liERDJFxTaFkqZbi+HVDErK28HrGZm+x0GfM+cdQUQs3g8r5WSa0DHI CvT9ir+b6w6sowxiaMaEg4DSUPLRRLy5Iym37rixUkp218ScKjzBKVRi2xwXKi5r7OYk Qhlqw0MRkUXUcQTwUJg4BGT0pI5e3kc/Zy5FXITArwjS/+C+vdUlHQRMWePkA227GLT1 qd6w==
X-Gm-Message-State: AD7BkJJXVQbWkSikJbrpUSPEC8NdCzWu3k1UBOC1pXkzTC70+BHG8sVb0KW8Crz3R9Vjho1n25mw/kw6FyPeyEjF
X-Received: by 10.50.20.129 with SMTP id n1mr13309130ige.77.1457365917437; Mon, 07 Mar 2016 07:51:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.28.196 with HTTP; Mon, 7 Mar 2016 07:51:27 -0800 (PST)
In-Reply-To: <CAEayHEM_YuXVMeHySdY9tz6CJWb4zUPFzU8szXEF5+38MTnLPw@mail.gmail.com>
References: <20160304195722.15295.99595.idtracker@ietfa.amsl.com> <CA+k3eCS3WPDUaVnoMv9FnSjQWcm7JZduQ=RTsVTCnYjsA9Rr+Q@mail.gmail.com> <CAEayHEM_YuXVMeHySdY9tz6CJWb4zUPFzU8szXEF5+38MTnLPw@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 07 Mar 2016 08:51:27 -0700
Message-ID: <CA+k3eCQWxuFUzcZMv-c=dnC1vFnWcPC6CdDMyPzpGH-MxPE0fA@mail.gmail.com>
To: Thomas Broyer <t.broyer@gmail.com>
Content-Type: multipart/alternative; boundary="047d7bd755aed12f3a052d777132"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/1psmDQrUf-b_sLaU6hc_6ra7rL4>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-token-exchange-04.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 15:52:00 -0000
I hadn't considered that but it's a good question. Do folks see value in the act/may_act claim semantics for introspection? I think doing it for act makes a lot of sense while may_act seems a bit awkward in that context of use. But maybe I'm just not seeing it. On Fri, Mar 4, 2016 at 7:59 PM, Thomas Broyer <t.broyer@gmail.com> wrote: > Should the act and may_act also be registered for Introspection Endpoint > responses? > > Le ven. 4 mars 2016 21:13, Brian Campbell <bcampbell@pingidentity.com> a > écrit : > >> >> A new draft of "OAuth 2.0 Token Exchange" has been published addressing >> review comments on the prior draft. The changes from -03 are listed here: >> >> https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-04 >> >> o Clarified that the "resource" and "audience" request parameters >> can be used at the same time (via http://www.ietf.org/mail- <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html> >> archive/web/oauth/current/msg15335.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html>). >> o Clarified subject/actor token validity after token exchange and >> explained a bit more about the recommendation to not issue refresh >> tokens (via http://www.ietf.org/mail-archive/web/oauth/current/ <http://www.ietf.org/mail-archive/web/oauth/current/msg15318.html> >> msg15318.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15318.html>). >> o Updated the examples appendix to use an issuer value that doesn't >> imply that the client issued and signed the tokens and used >> "Bearer" and "urn:ietf:params:oauth:token-type:access_token" in >> one of the responses (via http://www.ietf.org/mail- <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html> >> archive/web/oauth/current/msg15335.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html>). >> o Defined and registered urn:ietf:params:oauth:token-type:id_token, >> since some use cases perform token exchanges for ID Tokens and no >> >> >> >> ---------- Forwarded message ---------- >> From: <internet-drafts@ietf.org> >> Date: Fri, Mar 4, 2016 at 12:57 PM >> Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-exchange-04.txt >> To: i-d-announce@ietf.org >> Cc: oauth@ietf.org >> >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Web Authorization Protocol of the IETF. >> >> Title : OAuth 2.0 Token Exchange: An STS for the REST >> of Us >> Authors : Michael B. Jones >> Anthony Nadalin >> Brian Campbell >> John Bradley >> Chuck Mortimore >> Filename : draft-ietf-oauth-token-exchange-04.txt >> Pages : 28 >> Date : 2016-03-04 >> >> Abstract: >> This specification defines a protocol for a lightweight HTTP- and >> JSON- based Security Token Service (STS) by defining how to request >> and obtain security tokens from OAuth 2.0 authorization servers, >> including security tokens employing impersonation and delegation. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-04 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-exchange-04 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
- [OAUTH-WG] I-D Action: draft-ietf-oauth-token-exc… internet-drafts
- [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-toke… Brian Campbell
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Thomas Broyer
- Re: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-… Brian Campbell