IETF Logo Mail Archive

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

Anthony Nadalin <tonynad@microsoft.com> Wed, 10 April 2019 11:12 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50C3B120112 for <oauth@ietfa.amsl.com>; Wed, 10 Apr 2019 04:12:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hm0K0b2pmTLO for <oauth@ietfa.amsl.com>; Wed, 10 Apr 2019 04:12:25 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650123.outbound.protection.outlook.com [40.107.65.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DEEB120131 for <oauth@ietf.org>; Wed, 10 Apr 2019 04:12:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=ZG3sTZs1G4OjHKIzQDT9kbLgyGIS96yNgj1XpUkw8pX7N+eCEd7ybECI11bkxWB5IHAekWfPBO+cNnW5JfFFGkFpMvuYFmt6ya/gygm59Z1ORzUvbY9hgJywAO9hmt1uLGaAiyENgcAnCYJYAMI9qPSmHbSgQ2PlGG/P7L4Ypac=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lb0Xevz0iYLtci4x9NQzceokMHLfOXAwW9CKAtzYipU=; b=XCI3lWG/LMfiviWAt7w+Mk7/NB3xq0NyhkFrGU02JxEcGEM1jrWSk69OslqSPFhAwngVbh+A3edesL3KHe88GBgamhOrGZD/gjrZm0sah9rn6g/ytnVmwSLjeh7tWBQK7cMPrChRJtpuKgydr5SxJZE8n2Qm42IKFs3KZkZpvhM=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none action=none header.from=microsoft.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lb0Xevz0iYLtci4x9NQzceokMHLfOXAwW9CKAtzYipU=; b=mbHGZWY7WwfSGSGj6LRB0rUu/cvpCiFulxioxfT1sbVlcJnIrks+YEJlYyDgSyGBOR6xsbSGqf0RRnQPs5Q18ucb4JSax/xSlzTCKPt5pIyOh+01D935S8AEMTaNw4784sNgaCUBrgSpmTst9ZMIr2wg9neznNU0Ns4OTI+NsTo=
Received: from MW2PR00MB0396.namprd00.prod.outlook.com (52.132.148.160) by MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1831.0; Wed, 10 Apr 2019 11:12:22 +0000
Received: from MW2PR00MB0396.namprd00.prod.outlook.com ([fe80::6c8f:347a:7e76:1ea8]) by MW2PR00MB0396.namprd00.prod.outlook.com ([fe80::6c8f:347a:7e76:1ea8%6]) with mapi id 15.20.1832.000; Wed, 10 Apr 2019 11:12:22 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Call for adoption: JWT Usage in OAuth2 Access Tokens
Thread-Index: AdTuLScSpXb+JyqRQxyWjNeRvoJpaABYNsSg
Date: Wed, 10 Apr 2019 11:12:21 +0000
Message-ID: <MW2PR00MB0396F840F48EFC98A28C61BCA62E0@MW2PR00MB0396.namprd00.prod.outlook.com>
References: <AM6PR08MB36861CE2351D6922D5F8F91FFA2C0@AM6PR08MB3686.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB36861CE2351D6922D5F8F91FFA2C0@AM6PR08MB3686.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tonynad@microsoft.com;
x-originating-ip: [77.241.229.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 40281ace-4c4a-4ef1-1eec-08d6bda56761
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:MW2PR00MB0298;
x-ms-traffictypediagnostic: MW2PR00MB0298:
x-ms-exchange-purlcount: 2
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <MW2PR00MB0298BBF7CEF33DCBBEEF527CA62E0@MW2PR00MB0298.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 00032065B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(376002)(366004)(396003)(346002)(53754006)(13464003)(199004)(189003)(40434004)(71190400001)(71200400001)(8990500004)(10090500001)(22452003)(99286004)(6116002)(3846002)(446003)(7696005)(486006)(11346002)(476003)(186003)(26005)(52536014)(9686003)(76176011)(2501003)(6306002)(6506007)(110136005)(106356001)(68736007)(53936002)(316002)(6436002)(53546011)(2906002)(256004)(5024004)(14444005)(105586002)(7736002)(86362001)(86612001)(229853002)(966005)(81166006)(305945005)(8676002)(81156014)(5660300002)(14454004)(66066001)(97736004)(8936002)(55016002)(102836004)(74316002)(10290500003)(478600001)(25786009)(6246003)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0298; H:MW2PR00MB0396.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: dS81llPeyJ66zNzI/s969E0n2BKveLjZdEzVTflzMLMCcjjIXKog97p2QE6qBfcnmTzxmo6AFaoMI6kiuikzY+fEDUGyDxGFb8krzQupaIiiYnDI2ayWME1RamCBitqTpvwUMk6gfCAuxGb9LJ7K9Nw6q+A7w8+Rl5KOWytHmO4aT1/TDCKYz09dC1BL80buBdIUJwTIWW0g+1qxA9aqqTGPOm4Tpt2gPmVjAYneJjod9Iq6jDhi/DX2RYTj6kJHglKTQ616c8lyAr9kRb2721pqWUmwszCZDZeByjIqSI3OozZbxFeXAD3y1H/Hc4R/0XgHJmg5dxHIXA+mMT1zDs7F+6iR4ruIP00+S0IhZvDwPvpJBZziOTsFzXFfHc1FAJHib25JJjFAiVePVMIJVbwLF52bXxjqZBcYENPdxno=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 40281ace-4c4a-4ef1-1eec-08d6bda56761
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2019 11:12:21.9576 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0298
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/DDWRvGTnA_gay4pIlA1mr4NAc0o>
Subject: Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 11:12:28 -0000

I support adoption of this draft as a working group document with the following caveats:

1. These are not to be used as ID Tokens/authentication tokens 
2. The privacy issues must be addressed 
3. Needs to be extensible, much like ID-Token, can't be 100% fixed 


-----Original Message-----
From: OAuth <oauth-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Monday, April 8, 2019 10:07 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

Hi all,

this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens'  document following the positive feedback at the last IETF meeting in Prague.

Here is the document:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-bertocci-oauth-access-token-jwt-00&amp;data=02%7C01%7Ctonynad%40microsoft.com%7Ca3d9527e05364fa8578b08d6bc44b170%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636903400616347061&amp;sdata=ePmwaD%2FHCRZhRx%2FwZbb3U72%2FhBalPoFPKtQ67QTxIRw%3D&amp;reserved=0

Please let us know by April 22nd whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.

Ciao
Hannes & Rifaat

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Foauth&amp;data=02%7C01%7Ctonynad%40microsoft.com%7Ca3d9527e05364fa8578b08d6bc44b170%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636903400616357060&amp;sdata=zcxw1IR3kNbuZ9u58OOJDv9pLb7cUCooDtlIUH7tS%2Fw%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email