Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 28 April 2014 08:42 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D8E51A0703 for <oauth@ietfa.amsl.com>; Mon, 28 Apr 2014 01:42:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WD5_OHQ8Dgtd for <oauth@ietfa.amsl.com>; Mon, 28 Apr 2014 01:42:38 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 7D8411A06D5 for <oauth@ietf.org>; Mon, 28 Apr 2014 01:42:38 -0700 (PDT)
Received: from [192.168.131.128] ([80.92.122.106]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LnxQO-1X7QFj0mFs-00g1vR; Mon, 28 Apr 2014 10:42:31 +0200
Message-ID: <535E1391.2090909@gmx.net>
Date: Mon, 28 Apr 2014 10:38:41 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>, Brian Campbell <bcampbell@pingidentity.com>
References: <535A3AF4.4060506@gmx.net> <5E2E0F9B-AB61-43AA-B182-E776C97C83FE@adobe.com> <535A5819.2030805@gmx.net> <CA+k3eCTRwPB-BNAoSkzsPCYjP-tuynLLxxHMJcvA4kDFj3aRLQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439A195D48@TK5EX14MBXC288.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439A195D48@TK5EX14MBXC288.redmond.corp.microsoft.com>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mlLQV2dhTJMjWg7wr1THEIM6sbA9mgvkf"
X-Provags-ID: V03:K0:gHqqal/Ur36UkeW3tLBKpb/vjy3Fhagd9issTIYI+nM9o1drDGN gRhWevPW8runDBj8cvI4jeIbo0onmWCKlc/AB/ZVMZUlsqp21FW7MvC2QN/GHxzs3NHjI4x 51POV4ZOpGlDbh8LiZ3TFaToZgkP+QA6giY2YKsmcd89DQeOyQhHgdlEBMIEJxz0EFv2Ffb 20/sFnjNVEzchV79uILBg==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/4IpGHjIUbm0PzdP_-R3m4qY5eJc
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 08:42:40 -0000

Hi Mike,

On 04/25/2014 06:37 PM, Mike Jones wrote:
> While we could add other examples, doing so is beyond the scope of the
> immediate mission to validate the existing examples, Hannes.  There’s
> lots of examples in the underlying JOSE specs, so it’s not clear that we
> really need to add additional ones at this time.  (If this suggestion
> comes up again during IESG review, we could do that, but I don’t think
> it’s necessary at this point to move the spec to IESG review.)
> 
It is certainly true that examples are not mandatory and that the JOSE
specs contain a number of examples.

Read through the document it came to my mind that the most common uses
of JWTs are actually not covered as part of the examples. Many readers
look at the examples to quickly get the idea and neither a JWT protected
using a MAC is there nor a JWT protected with a digital signature.

I will, however, get over it.

Ciao
Hannes