Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document
Mike Jones <Michael.Jones@microsoft.com> Sun, 13 April 2014 03:31 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A9B51A01CD for <oauth@ietfa.amsl.com>; Sat, 12 Apr 2014 20:31:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y8WILKr585Ej for <oauth@ietfa.amsl.com>; Sat, 12 Apr 2014 20:31:28 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) by ietfa.amsl.com (Postfix) with ESMTP id C93811A000B for <oauth@ietf.org>; Sat, 12 Apr 2014 20:31:27 -0700 (PDT)
Received: from BY2PR03CA067.namprd03.prod.outlook.com (10.141.249.40) by BY2PR03MB027.namprd03.prod.outlook.com (10.255.240.41) with Microsoft SMTP Server (TLS) id 15.0.921.12; Sun, 13 Apr 2014 03:31:18 +0000
Received: from BN1AFFO11FD016.protection.gbl (2a01:111:f400:7c10::116) by BY2PR03CA067.outlook.office365.com (2a01:111:e400:2c5d::40) with Microsoft SMTP Server (TLS) id 15.0.913.9 via Frontend Transport; Sun, 13 Apr 2014 03:31:19 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD016.mail.protection.outlook.com (10.58.52.76) with Microsoft SMTP Server (TLS) id 15.0.918.6 via Frontend Transport; Sun, 13 Apr 2014 03:31:18 +0000
Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.232]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0174.002; Sun, 13 Apr 2014 03:30:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Chuck Mortimore <cmortimore@salesforce.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document
Thread-Index: AQHPTxiWJX+tCnUI4kWVS6o6n/baT5sOy8OAgAAmWoA=
Date: Sun, 13 Apr 2014 03:30:45 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A155FC1@TK5EX14MBXC286.redmond.corp.microsoft.com>
References: <533D1E8D.5000401@gmx.net> <CA+wnMn9h9zmJxQgiRMUK=EW_0DHrdHdXHesri8GyReLS6KSJDw@mail.gmail.com>
In-Reply-To: <CA+wnMn9h9zmJxQgiRMUK=EW_0DHrdHdXHesri8GyReLS6KSJDw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439A155FC1TK5EX14MBXC286r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(438001)(199002)(189002)(24454002)(377454003)(53754006)(33656001)(87936001)(20776003)(2656002)(44976005)(85852003)(83072002)(19580395003)(80976001)(19580405001)(15975445006)(83322001)(6806004)(55846006)(99396002)(16236675002)(76176999)(50986999)(54356999)(46102001)(79102001)(66066001)(19300405004)(80022001)(4396001)(81342001)(2009001)(97736001)(77982001)(81542001)(71186001)(15202345003)(76482001)(92726001)(84676001)(85806002)(92566001)(74662001)(31966008)(86612001)(74502001)(512954002)(84326002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB027; H:mail.microsoft.com; FPR:B474D5F4.82F297D1.73E3347B.40E1D9E9.20290; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 018093A9B5
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/4Ddukfb1fWDGBf8hUJJd7qrx9IE
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Apr 2014 03:31:30 -0000
The new http://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-00 specification defines a way to compute a thumbprint for a JWK (or in fact, any key with a defined JWK representation). -- Mike From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Chuck Mortimore Sent: Saturday, April 12, 2014 6:09 PM To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document Nice document. One quick question In Section 6, on the use of asymmetric keys, it is stated "If the client generates the key pair it includes a fingerprint of the public key (of the SubjectPublicKeyInfo structure, more precisely). The authorization server would include this fingerprint in the access token and thereby bind the asymmetric key pair to the token." However, it's not clear where this fingerprint would go in a JWK. I see a cert fingerprint, but no provision for a public key fingerprint. What's the intent here? -cmort On Thu, Apr 3, 2014 at 1:40 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofenig@gmx.net>> wrote: Hi all, as discussed during the last IETF meeting we are re-factoring our documents on proof-of-possession. (As a reminder, here is the presentation I have during the OAuth meeting: http://www.ietf.org/proceedings/89/slides/slides-89-oauth-0.pptx)* Mike had already posted draft-jones-oauth-proof-of-possession-00 and now I have added the architecture document, which provides an overview of the different pieces. Here is the document for you to look at: http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00 Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Proof-of-Possession (PoP) Architecture… Hannes Tschofenig
- Re: [OAUTH-WG] Proof-of-Possession (PoP) Architec… Chuck Mortimore
- Re: [OAUTH-WG] Proof-of-Possession (PoP) Architec… Mike Jones