Re: [OAUTH-WG] New Version Notification for draft-lodderstedt-oauth-jwt-introspection-response-00.txt
Torsten Lodderstedt <torsten@lodderstedt.net> Mon, 19 March 2018 10:15 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38445126DED for <oauth@ietfa.amsl.com>; Mon, 19 Mar 2018 03:15:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BLQGHWscUSMh for <oauth@ietfa.amsl.com>; Mon, 19 Mar 2018 03:15:00 -0700 (PDT)
Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.31.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F810126CE8 for <oauth@ietf.org>; Mon, 19 Mar 2018 03:15:00 -0700 (PDT)
Received: from [80.187.102.250] (helo=[172.20.10.2]) by smtprelay01.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <torsten@lodderstedt.net>) id 1exrof-0000XM-5s; Mon, 19 Mar 2018 11:14:57 +0100
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Message-Id: <990FE110-03D1-4B3B-8067-1D619D570E25@lodderstedt.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_18DB902B-5262-4A4C-B194-CC216C6338AC"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Mon, 19 Mar 2018 11:14:55 +0100
In-Reply-To: <308c1c61-a2ba-4e45-9fe6-9d525e554fb7@getmailbird.com>
Cc: oauth@ietf.org
To: Brock Allen <brockallen@gmail.com>
References: <152140077785.15835.11388192447917251931.idtracker@ietfa.amsl.com> <2A1E98B8-973E-44F0-96F0-E319FD6969A8@lodderstedt.net> <308c1c61-a2ba-4e45-9fe6-9d525e554fb7@getmailbird.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/4AIuA0eqxBeWBLbmIhX853pP5fM>
Subject: Re: [OAUTH-WG] New Version Notification for draft-lodderstedt-oauth-jwt-introspection-response-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 10:15:03 -0000
> Am 18.03.2018 um 20:40 schrieb Brock Allen <brockallen@gmail.com>: > > Why is TLS to the intospection endpoint not sufficient? TLS is sufficient, if AS and RS want to ensure the integrity of the token data (on transit). But there are use cases, where the RS wants evidence (== digital signature over the token) who created the token. This is for non-repudation/liability. > Are you thinking there needs to be some multi-tenancy support of some kind? With respect to what party? The draft allows every RS to choose the response type and if JWT, the algorithms to use. kind regards, Torsten. > > -Brock > >> On 3/18/2018 3:33:16 PM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote: >> >> Hi all, >> >> I just submitted a new draft that Vladimir Dzhuvinov and I have written. It proposes a JWT-based response type for Token Introspection. The objective is to provide resource servers with signed tokens in case they need cryptographic evidence that the AS created the token (e.g. for liability). >> >> I will present the new draft in the session on Wednesday. >> >> kind regards, >> Torsten. >> >>> Anfang der weitergeleiteten Nachricht: >>> >>> Von: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> >>> Betreff: New Version Notification for draft-lodderstedt-oauth-jwt-introspection-response-00.txt >>> Datum: 18. März 2018 um 20:19:37 MEZ >>> An: "Vladimir Dzhuvinov" <vladimir@connect2id.com <mailto:vladimir@connect2id.com>>, "Torsten Lodderstedt" <torsten@lodderstedt.net <mailto:torsten@lodderstedt.net>> >>> >>> >>> A new version of I-D, draft-lodderstedt-oauth-jwt-introspection-response-00.txt >>> has been successfully submitted by Torsten Lodderstedt and posted to the >>> IETF repository. >>> >>> Name: draft-lodderstedt-oauth-jwt-introspection-response >>> Revision: 00 >>> Title: JWT Response for OAuth Token Introspection >>> Document date: 2018-03-15 >>> Group: Individual Submission >>> Pages: 5 >>> URL: https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt <https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt> >>> Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/ <https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/> >>> Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00 <https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00> >>> Htmlized: https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response <https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response> >>> >>> >>> Abstract: >>> This draft proposes an additional JSON Web Token (JWT) based response >>> for OAuth 2.0 Token Introspection. >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of submission >>> until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>. >>> >>> The IETF Secretariat >>> >>
- [OAUTH-WG] Fwd: New Version Notification for draf… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brock Allen
- Re: [OAUTH-WG] Fwd: New Version Notification for … LARMIGNAT Louis
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Phil Hunt
- Re: [OAUTH-WG] New Version Notification for draft… Samuel Erdtman
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Petteri Stenius
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt
- Re: [OAUTH-WG] New Version Notification for draft… Neil Madden
- Re: [OAUTH-WG] New Version Notification for draft… Torsten Lodderstedt