Re: [OAUTH-WG] DPoP - Impementations

Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> Sat, 27 August 2022 03:16 UTC

Return-Path: <rifaat.s.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8187CC14CF00 for <oauth@ietfa.amsl.com>; Fri, 26 Aug 2022 20:16:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vR9bSNSSoKnj for <oauth@ietfa.amsl.com>; Fri, 26 Aug 2022 20:16:05 -0700 (PDT)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94B70C14CEFC for <oauth@ietf.org>; Fri, 26 Aug 2022 20:16:05 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id m16so3776989wru.9 for <oauth@ietf.org>; Fri, 26 Aug 2022 20:16:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=1eHdxaBexbZwlWjh+m+8QPrhShTQzXyTSWH7gF9RWRw=; b=XckFq9ln/LC8lp41dp1Xk60vY0VZED+KIHYoZmjQpUtL/Y6ZIqb82jVUamM7t3tXSD UoGUd39SRhIGCmpmL0jrgqWMWirvSrtgUTnZzLdSAVFaOUZDyyxYnQ+lwjhF+dzw9Ip3 xk7q1c9Gx/oEWCx4ogx20nuoAIoPdgDfXz3zZd1HFctqT7IFK8DfLIR0Z1BRKyfuVF1x cOYLGGiXc3urf/iOHm1tluIhxDzWWJY/WUhdcAoD873i2PtQ14IjuyPzquLbFSozK1F2 VNRluEZO4BZ2+XoWs6JJp7ysWN8ldY71Bx8oAoiRbXx6XCXzt4tgBy8ytW3RtvzvlNoM sVjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=1eHdxaBexbZwlWjh+m+8QPrhShTQzXyTSWH7gF9RWRw=; b=1Z/z3TlWCTg2uWCBKQmr4o+IHPxh/2Ahqy0N0U7Ev1prFJlTyyYIcqa/AgGIWvsEXa KsiW5Eb667SORk5jLMgO6UfldQAd+Uo2XkzQbNVvdH9jDBthZfGzl7wPLpDhLic+sIyV QIcfHACGtKkrxCGoJRQiui8HF6RX6wvq2EnP5VrTkUgfO0NGgFqEUT9Nfd/2QzzgK2Hf eC/kEroVBbPqIO2L3u/7ci8imaqllXxeqFq37jG+eDxZ+uVJQHT7AGe6GCqPnsnpWCgV EsFcdLqq4a/q2nlL7aBfgDL4Qz2PNlQHrihUEM9o7b+9pOsArXLAso8hvByZhUtGmpCm qgGQ==
X-Gm-Message-State: ACgBeo0mavxV55wB9AyBVqPisrIVWWiBYMpocNj4UEY0o8g+XSYaLMsH QxaJzBbeGnWFsj/DWQD1cswIZ9Q/cqzU1m2UfEg=
X-Google-Smtp-Source: AA6agR4v8/fQDIWpr0Cswm1Tk93RkQSqydlRo9q9n9eRFSNhFEpTES5JO0PLLeinq2BxRV8CSx0X4+Zh6TVTCnzAwKo=
X-Received: by 2002:a5d:6348:0:b0:225:2ec7:81d9 with SMTP id b8-20020a5d6348000000b002252ec781d9mr1177545wrw.693.1661570163643; Fri, 26 Aug 2022 20:16:03 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP-agKP45tAW7es0M5S_y_Rm_V42obWDTCSPWcXt9h5J1g@mail.gmail.com> <08afcc04-0ebc-30c8-c0a4-a2b4a63c62c1@connect2id.com> <CADNypP8FXecVqZMOK8X_i6+c1dAcN3WnaWcaHnoZKR_GQJdrQg@mail.gmail.com> <CAPOPoqFf69V64Ez+UFTjzuhp8+SM_0kZbL1AG-sYvWrqvXv2BQ@mail.gmail.com>
In-Reply-To: <CAPOPoqFf69V64Ez+UFTjzuhp8+SM_0kZbL1AG-sYvWrqvXv2BQ@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Sat, 27 Aug 2022 06:15:52 +0300
Message-ID: <CADNypP_TC0Y6dUGrx2rOm9XuRzH_yRToBA8mvu5rjEPbhj8Z6Q@mail.gmail.com>
To: Dario Savarese Agilitas Europe <dario.savarese@agilitaseurope.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005f99c205e730730d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/4yAlEQSktbM4knaMQYUUhJb-u0Q>
Subject: Re: [OAUTH-WG] DPoP - Impementations
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2022 03:16:09 -0000

Thanks Dario!

Just updated the shepherd writeup to include this implementation.

Regards,
 Rifaat


On Thu, Aug 25, 2022 at 11:34 AM Dario Savarese Agilitas Europe <
dario.savarese@agilitaseurope.com> wrote:

> Hi Rifaat,
> This is Dario from the European Anti-Fraud Office
> <https://anti-fraud.ec.europa.eu/index_en> (aka OLAF).
> Here in Brussels, along with my esteemed colleague Pedro and Frederic, we defined
> a B2B solution for private clients based on the DPoP draft version 03.
> The solution describes the behavior of the Relying Party and the Resource
> Server.
> We implemented both RP and RS in JAVA extending the Spring Framework to
> add the functionalities we need.
>
> The Relying Party B2B specification has already been implemented by
> several member states too.
>
> Here attached you can find an excerpt from the documentation we send to
> the member states who are willing to interact with our system.
> In the second chapter of this document are highlighted a few differences
> from the DPoP draft due to limitations of the AS currently used.
>
> We are glad we could rely on this draft to improve the security of our
> solution and we are looking forward to this to become an RFC.
> We would like to introduce DPoP in our SPA(s)  too, this will be under
> discussion in the coming months.
>
> Feel free to contact me or my colleagues for more details:
>
> SAVARESE Dario (OLAF-EXT) Dario.SAVARESE@ext.ec.europa.eu
> DO VALE Pedro (OLAF-EXT) Pedro.DIAS-DO-VALE@ext.ec.europa.eu
> POELS Frederic (OLAF) Frederic.POELS@ec.europa.eu
>
> Cordialement - Beste Groeten - Kind Regards
>
> *Dario Savarese*
> *Chief Executive Officer*
>
> dario.savarese@agilitaseurope.com
> 0032 483 59 24 15
>
> *Agilitas Europe SRL*
> *Rue Wiertz 4*
> *1050 Bruxelles*
>
>
> Il giorno ven 12 ago 2022 alle ore 14:15 Rifaat Shekh-Yusef <
> rifaat.s.ietf@gmail.com> ha scritto:
>
>> Thank you all for these implementation details!
>>
>>
>>
>> On Thu, Aug 11, 2022 at 1:50 PM Vladimir Dzhuvinov <
>> vladimir@connect2id.com> wrote:
>>
>>> Hello Rifaat,
>>>
>>> We are very pleased with DPoP and hope to see more people using it in
>>> future.
>>>
>>> DPoP in the OSS Nimbus OAuth 2.0 / OIDC Java SDK:
>>>
>>>
>>> https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/oauth/dpop
>>>
>>> In the c2id server:
>>>
>>> https://connect2id.com/products/server/docs/datasheet#dpop
>>>
>>> Vladimir Dzhuvinov
>>>
>>> On 11/08/2022 00:39, Rifaat Shekh-Yusef wrote:
>>>
>>> All,
>>>
>>> As part of the shepherd write-up for the *DPoP* document, we are
>>> looking for information about implementations of this draft.
>>> https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
>>>
>>> Please, reply to this email on the mailing list with any
>>> implementations that you are aware of to support this document.
>>>
>>> Regards,
>>>  Rifaat & Hannes
>>>
>>> _______________________________________________
>>> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>