Re: [OAUTH-WG] Message ID for draft-jones-oauth-jwt-bearer
Mike Jones <Michael.Jones@microsoft.com> Thu, 24 November 2011 01:27 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B8C1F0C34 for <oauth@ietfa.amsl.com>; Wed, 23 Nov 2011 17:27:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.26
X-Spam-Level:
X-Spam-Status: No, score=-8.26 tagged_above=-999 required=5 tests=[AWL=-1.662, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QKNTTKYhGyNO for <oauth@ietfa.amsl.com>; Wed, 23 Nov 2011 17:27:56 -0800 (PST)
Received: from VA3EHSOBE007.bigfish.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id 76AE011E80A4 for <oauth@ietf.org>; Wed, 23 Nov 2011 17:27:54 -0800 (PST)
Received: from mail140-va3-R.bigfish.com (10.7.14.246) by VA3EHSOBE007.bigfish.com (10.7.40.11) with Microsoft SMTP Server id 14.1.225.22; Thu, 24 Nov 2011 01:27:12 +0000
Received: from mail140-va3 (localhost [127.0.0.1]) by mail140-va3-R.bigfish.com (Postfix) with ESMTP id 708A430019F; Thu, 24 Nov 2011 01:24:07 +0000 (UTC)
X-SpamScore: -23
X-BigFish: VS-23(zz9371Kc85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839h61h)
X-Spam-TCS-SCL: 0:0
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC105.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail140-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC105.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail140-va3 (localhost.localdomain [127.0.0.1]) by mail140-va3 (MessageSwitch) id 132209784752851_27893; Thu, 24 Nov 2011 01:24:07 +0000 (UTC)
Received: from VA3EHSMHS014.bigfish.com (unknown [10.7.14.250]) by mail140-va3.bigfish.com (Postfix) with ESMTP id E25FC180048; Thu, 24 Nov 2011 01:24:06 +0000 (UTC)
Received: from TK5EX14HUBC105.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS014.bigfish.com (10.7.99.24) with Microsoft SMTP Server (TLS) id 14.1.225.22; Thu, 24 Nov 2011 01:27:08 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.220]) by TK5EX14HUBC105.redmond.corp.microsoft.com ([157.54.80.48]) with mapi id 14.02.0247.005; Wed, 23 Nov 2011 17:27:48 -0800
From: Mike Jones <Michael.Jones@microsoft.com>
To: John Bradley <ve7jtb@ve7jtb.com>, oauth WG <oauth@ietf.org>
Thread-Topic: Message ID for draft-jones-oauth-jwt-bearer
Thread-Index: AQHMqkSsSZNH/xSrpk6bjRX2IcEdIJW7OZ9ggAAB1jA=
Date: Thu, 24 Nov 2011 01:27:47 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435F74F95E@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <FF3DAF17-D2AF-4E02-AC4B-CDBCA1FE73FE@ve7jtb.com> <4E1F6AAD24975D4BA5B16804296739435F74F94C@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435F74F94C@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739435F74F95ETK5EX14MBXC283r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Message ID for draft-jones-oauth-jwt-bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2011 01:27:58 -0000
Thinking about it a bit more, since others may want to use "tid" for claims with meanings like Transaction ID ( or other words beginning with "t"), maybe the claim name should be "jti" (JSON web Token ID) to reduce chance of name collisions?
-- Mike
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Wednesday, November 23, 2011 5:21 PM
To: John Bradley; oauth WG
Subject: Re: [OAUTH-WG] Message ID for draft-jones-oauth-jwt-bearer
Thanks John. This makes sense to me.
Feedback from others?
-- Mike
From: John Bradley [mailto:ve7jtb@ve7jtb.com]<mailto:[mailto:ve7jtb@ve7jtb.com]>
Sent: Wednesday, November 23, 2011 5:02 PM
To: oauth WG
Cc: Mike Jones
Subject: Message ID for draft-jones-oauth-jwt-bearer
The draft-jones-oauth-jwt-bearer<http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-02> profile is lacking a message ID that exists in the SAML version.
This is important for the receiver to detect replay attacks.
For Connect I made up a claim to use:
tid The tid (token id) claim, A nonce or unique identifier for the assertion. The Assertion ID may be used by implementations requiring message de- duplication for one-time use assertions.
I was tempted to use mid (Message ID) however it is the id of the token not the message.
If you add something I will change the claim to be consistent.
I think it needs to be in your spec.
Regards
John B.
- [OAUTH-WG] Message ID for draft-jones-oauth-jwt-b… John Bradley
- Re: [OAUTH-WG] Message ID for draft-jones-oauth-j… Mike Jones
- Re: [OAUTH-WG] Message ID for draft-jones-oauth-j… Mike Jones
- Re: [OAUTH-WG] Message ID for draft-jones-oauth-j… John Bradley