[OAUTH-WG] New Assertion Drafts Published

Brian Campbell <bcampbell@pingidentity.com> Fri, 29 March 2013 20:51 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B7D21F8FFB for <oauth@ietfa.amsl.com>; Fri, 29 Mar 2013 13:51:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.574
X-Spam-Level:
X-Spam-Status: No, score=-5.574 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SzTftgCx2yYD for <oauth@ietfa.amsl.com>; Fri, 29 Mar 2013 13:51:22 -0700 (PDT)
Received: from na3sys009aog118.obsmtp.com (na3sys009aog118.obsmtp.com [74.125.149.244]) by ietfa.amsl.com (Postfix) with ESMTP id BE21A21F8F00 for <oauth@ietf.org>; Fri, 29 Mar 2013 13:51:17 -0700 (PDT)
Received: from mail-oa0-f72.google.com ([209.85.219.72]) (using TLSv1) by na3sys009aob118.postini.com ([74.125.148.12]) with SMTP ID DSNKUVX+xaLQI7+QtpgMOx4nV/xdpy2KyunK@postini.com; Fri, 29 Mar 2013 13:51:20 PDT
Received: by mail-oa0-f72.google.com with SMTP id j6so5322126oag.7 for <oauth@ietf.org>; Fri, 29 Mar 2013 13:51:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-received:mime-version:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=pTxjSLbQGSENggwuzzo1C05tPNeoOynq0CmM0+0CM9k=; b=XkpqCA1GjyD4aMHjFMvoyg2BZHOCxZz9ae/JsXjqQ79ruo11WqYFo10TDAlKHEBmL7 dKe0UwOP5n1m+t2QAcBypaZbbLoENnrRO5ZZdYsP0A2IPjE8Nj/wPJrp7P6ui+jDXzCS duz104mnDPRXO5CBsj1kBs7kUg05fpyDovIzJDO5jBwUvPf+aP9cyotv649xHaqGdXcU Wcii47AiW5PsUJ++8h7dAZYKwWcOxEhwD3pJZz8OHNpWAbcWequ3kt80HgmXbS5kFKd1 EbCRZDgqP6xhP1TfxxWU6cgGpjA0ndLquWywxRteTyB44xJUFXK/JXb6ovUdIIhLx2CX UWIw==
X-Received: by 10.42.126.133 with SMTP id e5mr2098011ics.17.1364590276910; Fri, 29 Mar 2013 13:51:16 -0700 (PDT)
X-Received: by 10.42.126.133 with SMTP id e5mr2098008ics.17.1364590276811; Fri, 29 Mar 2013 13:51:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.91.99 with HTTP; Fri, 29 Mar 2013 13:50:46 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 29 Mar 2013 14:50:46 -0600
Message-ID: <CA+k3eCSD0dhOmEMgTHCAyS+mbJfSaMV3ngOb7DoZXcXGmu2F7Q@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="20cf301b6431b6b20504d9166e78"
X-Gm-Message-State: ALoCoQktcSi9XetkM2gMA9U1z6Di8qvn9hZald+SKUkdyhLgRsVh2YX6W0NfAH7+FrYp0WWV7mHD/eqI3CEL2b5291s+gWayZ8JWcG+upUyAnSaSviu/dhvTJnnHDIldSTJq10PhOU64
Subject: [OAUTH-WG] New Assertion Drafts Published
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2013 20:51:23 -0000

New versions of all three OAuth related assertion documents have been
published.  New document titles, URLs and change logs are listed below.
I've tried to address the comments and discuss issues from the IESG review
as well as subsequent discussion and decisions that took place in Orlando.
There have also been some comments and questions on the WG list, which I've
attempted to address and clarify things where possible. Special thanks to
Mike Jones for the editorial help with these.


Assertion Framework for OAuth 2.0 Client Authentication and Authorization
Grants
http://tools.ietf.org/html/draft-ietf-oauth-assertions-11

SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization
Grants
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-16

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and
Authorization Grants
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-05


   draft-ietf-oauth-assertions-11
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-11>

   o  Addressed comments from IESG evaluation https://
<https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/ballot/>
      datatracker.ietf.org/doc/draft-ietf-oauth-assertions/ballot/.

   o  Reworded Interoperability Considerations to state what
      identifiers, keys, endpoints, etc. need to be exchanged/agreed
      upon.

   o  Added brief description of assertion to the into and included a
      reference to Section 3
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-11#section-3>
(Framework) where it's described more.

   o  Changed such that a self-issued assertion must (was should) have
      the client id as the issuer.

   o  Changed "Specific Assertion Format and Processing Rules" to
      "Common Scenarios" and reworded to be more suggestive of common
      practices, rather than trying to be normative.  Also removed lots
      of repetitive text in that section.

   o  Refined language around audience, subject, client identifiers,
      etc. to hopefully be clearer and less redundant.


   o  Changed title from "Assertion Framework for OAuth 2.0" to
      "Assertion Framework for OAuth 2.0 Client Authentication and
      Authorization Grants" to be more explicit about the scope of the
      document per
      http://www.ietf.org/mail-archive/web/oauth/current/msg11063.html.

   o  Noted that authentication of the client per Section 3.2.1
<http://tools.ietf.org/html/draft-ietf-oauth-assertions-11#section-3.2.1>
of OAuth
      is optional for an access token request with an assertion as an
      authorization grant and removed client_id from the associated
      example.


   draft-ietf-oauth-saml2-bearer-16
<http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-16>

   o  Changed title from "SAML 2.0 Bearer Assertion Profiles for OAuth
      2.0" to "SAML 2.0 Profile for OAuth 2.0 Client Authentication and
      Authorization Grants" to be more explicit about the scope of the
      document per http://www.ietf.org/mail-archive/web/oauth/current/
<http://www.ietf.org/mail-archive/web/oauth/current/msg11063.html>
      msg11063.html
<http://www.ietf.org/mail-archive/web/oauth/current/msg11063.html>.

   o  Fixed typo in text identifying the presenter from "or similar
      element, the" to "or similar element in the".

   o  Numbered the list of processing rules.


   o  Smallish editorial cleanups to try and improve readability and
      comprehensibility.

   o  Cleaner split out of the processing rules in cases where they
      differ for client authentication and authorization grants.

   o  Clarified the parameters that are used/available for authorization
      grants.

   o  Added Interoperability Considerations section and info reference
      to SAML Metadata.

   o  Added more explanatory context to the example in Section 4
<http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-16#section-4>.




   draft-ietf-oauth-jwt-bearer-05

   o  Changed title from "JSON Web Token (JWT) Bearer Token Profiles for
      OAuth 2.0" to "JSON Web Token (JWT) Profile for OAuth 2.0 Client
      Authentication and Authorization Grants" to be more explicit about
      the scope of the document per
http://www.ietf.org/mail-archive/web
<http://www.ietf.org/mail-archive/web/oauth/current/msg11063.html>
      /oauth/current/msg11063.html
<http://www.ietf.org/mail-archive/web/oauth/current/msg11063.html>.

   o  Numbered the list of processing rules.

   o  Smallish editorial cleanups to try and improve readability and
      comprehensibility.

   o  Cleaner split out of the processing rules in cases where they
      differ for client authentication and authorization grants.

   o  Clarified the parameters that are used/available for authorization
      grants.


   o  Added Interoperability Considerations section.

   o  Added more explanatory context to the example in Section 4
<http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-05#section-4>.