Re: [OAUTH-WG] JARM

Neil Madden <neil.madden@forgerock.com> Thu, 23 January 2020 07:03 UTC

Return-Path: <neil.madden@forgerock.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 874771201C6 for <oauth@ietfa.amsl.com>; Wed, 22 Jan 2020 23:03:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.5, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=forgerock.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jnH0bqeAMqR for <oauth@ietfa.amsl.com>; Wed, 22 Jan 2020 23:03:07 -0800 (PST)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F021C120125 for <oauth@ietf.org>; Wed, 22 Jan 2020 23:03:06 -0800 (PST)
Received: by mail-wm1-x330.google.com with SMTP id s144so1158085wme.1 for <oauth@ietf.org>; Wed, 22 Jan 2020 23:03:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forgerock.com; s=google; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=Nu6QDeU+qBET0Tj070pms885PQ/BxoZkIxzXclkVQVY=; b=LkwejPWQTF4y8Q+BBduW5RbmVr5GtstQmktPdBD+LxN19WgH/cNxKDN0lyXlCCIC8R q+2rX2VCSq0rOY/U9pEZgYZoaxZrtUNCqfP7y2qsBidzNSwmtJalY5a4qG1DR03a8tjd IKNArssC77o0YGQbsCvh+QKvxoHUOAub4its0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=Nu6QDeU+qBET0Tj070pms885PQ/BxoZkIxzXclkVQVY=; b=l90OQJN/MAweIvgwyFZ5MO6BJiT8GSOFB4skQJ9C3OkwtAZydxjqj1bTTaM2GZEcRv hGWY2MtxXHPLLnkP4t80y4AtGYZNiPwC0Giwz9CQ4dLpKhh8YLe9ErWUxDXnfVNzD/hn SF403S2q/uKDci9Y4Vws630O4NPXsTqe+CLfsIiHYqZK55QwJxaVperXQffaSmj8BqnT mN9Ya2mGL/q3k4dXML2ZMfwWDtquoXSMDOC5P6VMQqKav0by05J+AN1x5nPocP4DNE3H zlS8tE5uowD3PAx0xBDWm7ATrh7J+iqU1y9TFtTWeYC4DsDTpftALY0ufgNy8nihdraX qlkQ==
X-Gm-Message-State: APjAAAXFI+zFIJMzA/yjPzb/E/dWWFwig9FiWm9GrLl0DtgMj9muGqXV gqGGtZGVfPnJlVR22HxHbZVWSQ==
X-Google-Smtp-Source: APXvYqwBbZCvGcA7aHtW9YBxWIKXS+SqHyWUig/fYfxL7nHB503SDjRnuiZaxX8Tu1EwYyH1z7FkUw==
X-Received: by 2002:a7b:cc82:: with SMTP id p2mr2331774wma.159.1579762984248; Wed, 22 Jan 2020 23:03:04 -0800 (PST)
Received: from [192.168.1.65] (24.248.90.146.dyn.plus.net. [146.90.248.24]) by smtp.gmail.com with ESMTPSA id o1sm1776567wrn.84.2020.01.22.23.03.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 22 Jan 2020 23:03:03 -0800 (PST)
Content-Type: multipart/alternative; boundary=Apple-Mail-C185C38B-910E-4475-BF2C-559B8FE8BC14
Content-Transfer-Encoding: 7bit
From: Neil Madden <neil.madden@forgerock.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 23 Jan 2020 07:03:02 +0000
Message-Id: <1CBDEC38-D1C6-4E2E-AA68-C26A219F3AE4@forgerock.com>
References: <CAHdPCmN4qNZiDHvKg0e75u03KB54N1Dhyfc+gVgRZ1KQEvE=1Q@mail.gmail.com>
Cc: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>, Nat Sakimura <nat@sakimura.org>, Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org>, oauth <oauth@ietf.org>
In-Reply-To: <CAHdPCmN4qNZiDHvKg0e75u03KB54N1Dhyfc+gVgRZ1KQEvE=1Q@mail.gmail.com>
To: Takahiko Kawasaki <taka@authlete.com>
X-Mailer: iPhone Mail (17C54)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/4v2tbtRv_QDvtTKBm-n9oSpDAuI>
Subject: Re: [OAUTH-WG] JARM
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 07:03:09 -0000

If you’re using auth code and PKCE, what does JARM add?

Neil

> On 23 Jan 2020, at 06:03, Takahiko Kawasaki <taka@authlete.com> wrote:
> 
> 
> I think that JARM is good and even feel that JARM should exist there from a logical perspective because JARM is to Authorization Response what Request Object is to Authorization Request. It is good that we don't have to use "ID Token as Detached Signature" (Financial-grade API Part 2) when JARM is used.
> 
> FWIW, I (Authlete) finished implementing JARM at the beginning of October, 2018, about a year and 3 months ago.
> 
> Best Regards,
> Takahiko Kawasaki
> 
>> On Sat, Jan 18, 2020 at 5:22 AM Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org> wrote:
>> I'd be in favor of it. 
>> 
>>> On Thu, Jan 16, 2020 at 9:28 AM Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org> wrote:
>>> 
>>> 
>>>>> Am 16.01.2020 um 16:48 schrieb Justin Richer <jricher@mit.edu>du>:
>>>>> 
>>>> Maybe PAR and JAR (and JARM?) end up going out as a bundle of specs.
>>> 
>>> Since Justin brought it up, I would like to know whether the community has appetite to standardize JARM as well.
>>> 
>>> Here is the link to the spec: https://openid.net/specs/openid-financial-api-jarm-ID1.html
>>> 
>>> What do you think?
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited...  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth