Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A9B51A01CD for ; Sat, 12 Apr 2014 20:31:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y8WILKr585Ej for ; Sat, 12 Apr 2014 20:31:28 -0700 (PDT) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) by ietfa.amsl.com (Postfix) with ESMTP id C93811A000B for ; Sat, 12 Apr 2014 20:31:27 -0700 (PDT) Received: from BY2PR03CA067.namprd03.prod.outlook.com (10.141.249.40) by BY2PR03MB027.namprd03.prod.outlook.com (10.255.240.41) with Microsoft SMTP Server (TLS) id 15.0.921.12; Sun, 13 Apr 2014 03:31:18 +0000 Received: from BN1AFFO11FD016.protection.gbl (2a01:111:f400:7c10::116) by BY2PR03CA067.outlook.office365.com (2a01:111:e400:2c5d::40) with Microsoft SMTP Server (TLS) id 15.0.913.9 via Frontend Transport; Sun, 13 Apr 2014 03:31:19 +0000 Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD016.mail.protection.outlook.com (10.58.52.76) with Microsoft SMTP Server (TLS) id 15.0.918.6 via Frontend Transport; Sun, 13 Apr 2014 03:31:18 +0000 Received: from TK5EX14MBXC286.redmond.corp.microsoft.com ([169.254.1.232]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.03.0174.002; Sun, 13 Apr 2014 03:30:47 +0000 From: Mike Jones To: Chuck Mortimore , Hannes Tschofenig Thread-Topic: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document Thread-Index: AQHPTxiWJX+tCnUI4kWVS6o6n/baT5sOy8OAgAAmWoA= Date: Sun, 13 Apr 2014 03:30:45 +0000 Message-ID: <4E1F6AAD24975D4BA5B16804296739439A155FC1@TK5EX14MBXC286.redmond.corp.microsoft.com> References: <533D1E8D.5000401@gmx.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [157.54.51.37] Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439A155FC1TK5EX14MBXC286r_" MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(438001)(199002)(189002)(24454002)(377454003)(53754006)(33656001)(87936001)(20776003)(2656002)(44976005)(85852003)(83072002)(19580395003)(80976001)(19580405001)(15975445006)(83322001)(6806004)(55846006)(99396002)(16236675002)(76176999)(50986999)(54356999)(46102001)(79102001)(66066001)(19300405004)(80022001)(4396001)(81342001)(2009001)(97736001)(77982001)(81542001)(71186001)(15202345003)(76482001)(92726001)(84676001)(85806002)(92566001)(74662001)(31966008)(86612001)(74502001)(512954002)(84326002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB027; H:mail.microsoft.com; FPR:B474D5F4.82F297D1.73E3347B.40E1D9E9.20290; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY) X-Forefront-PRVS: 018093A9B5 Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com; X-OriginatorOrg: microsoft.onmicrosoft.com Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/4Ddukfb1fWDGBf8hUJJd7qrx9IE Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2014 03:31:30 -0000 --_000_4E1F6AAD24975D4BA5B16804296739439A155FC1TK5EX14MBXC286r_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The new http://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-00 speci= fication defines a way to compute a thumbprint for a JWK (or in fact, any k= ey with a defined JWK representation). -- Mike From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Chuck Mortimore Sent: Saturday, April 12, 2014 6:09 PM To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document Nice document. One quick question In Section 6, on the use of asymmetric keys, it is stated "If the client ge= nerates the key pair it includes a fingerprint of the public key (of the Su= bjectPublicKeyInfo structure, more precisely). The authorization server wo= uld include this fingerprint in the access token and thereby bind the asymm= etric key pair to the token." However, it's not clear where this fingerpr= int would go in a JWK. I see a cert fingerprint, but no provision for a p= ublic key fingerprint. What's the intent here? -cmort On Thu, Apr 3, 2014 at 1:40 AM, Hannes Tschofenig > wrote: Hi all, as discussed during the last IETF meeting we are re-factoring our documents on proof-of-possession. (As a reminder, here is the presentation I have during the OAuth meeting: http://www.ietf.org/proceedings/89/slides/slides-89-oauth-0.pptx)* Mike had already posted draft-jones-oauth-proof-of-possession-00 and now I have added the architecture document, which provides an overview of the different pieces. Here is the document for you to look at: http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00 Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth --_000_4E1F6AAD24975D4BA5B16804296739439A155FC1TK5EX14MBXC286r_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The new h= ttp://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-00 specificat= ion defines a way to compute a thumbprint for a JWK (or in fact, any key wi= th a defined JWK representation).

 <= /p>

    &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;     -- Mike

 <= /p>

From: OAuth [m= ailto:oauth-bounces@ietf.org] On Behalf Of Chuck Mortimore
Sent: Saturday, April 12, 2014 6:09 PM
To: Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Docum= ent

 

Nice document.   One quick question<= /p>

 

In Section 6, on the use of asymmetric keys, it is s= tated "If the client generates the key pair it includes a fingerprint = of the public key (of the SubjectPublicKeyInfo structure, more precisely). =  The authorization server would include this fingerprint in the access token and thereby bind the asymmetric key p= air to the token."   However, it's not clear where this fingerpri= nt would go in a JWK.   I see a cert fingerprint, but no provision for= a public key fingerprint.   

 

What's the intent here?

 

-cmort

 

 

On Thu, Apr 3, 2014 at 1:40 AM, Hannes Tschofenig &l= t;hannes.tsc= hofenig@gmx.net> wrote:

Hi all,

as discussed during the last IETF meeting we are re-factoring our
documents on proof-of-possession. (As a reminder, here is the
presentation I have during the OAuth meeting:
http://www.ietf.org/proceedings/89/slides/slides-89-o= auth-0.pptx)*

Mike had already posted draft-jones-oauth-proof-of-possession-00 and now I have added the architecture document, which provides an overview of
the different pieces.

Here is the document for you to look at:
http://tools.ietf.org/html/draft-hunt-oauth-pop-architec= ture-00

Ciao
Hannes


_______________________________________________
OAuth mailing list
OAuth@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/oauth

 

--_000_4E1F6AAD24975D4BA5B16804296739439A155FC1TK5EX14MBXC286r_--