IETF Logo Mail Archive

Re: [OAUTH-WG] Updated shepherd writeup for draft-ietf-oauth-access-token-jwt-09

Vittorio Bertocci <vittorio.bertocci@auth0.com> Tue, 22 September 2020 23:38 UTC

Return-Path: <vittorio.bertocci@auth0.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A9C93A0486 for <oauth@ietfa.amsl.com>; Tue, 22 Sep 2020 16:38:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auth0.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JerLEAo_hGVS for <oauth@ietfa.amsl.com>; Tue, 22 Sep 2020 16:38:02 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A376F3A046D for <oauth@ietf.org>; Tue, 22 Sep 2020 16:38:02 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id t7so2245340pjd.3 for <oauth@ietf.org>; Tue, 22 Sep 2020 16:38:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=auth0.com; s=google; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :mime-version; bh=UatdYDWGqmRgKZK8FJmYNYxpVfD9jnqLdHR5dSSoIcA=; b=OdG6KwpkOp5BaZD88C2JGf+Tegozn8o3XVG6AlNprqxvpw3SnCEng5FA+mpzTQaqjy 2hyRA0XtuichOxkmicP0CATwH3tp2hocagflhy0Kk72roZQvVXaBnMzZZH5QZJuNt7n/ Gi62S5pvtbbkRQJuoaAmsDexClwd6uXX2GSMHp6LzcJWMXCDwYlPWqAke20Mu0K1yQjr Im5KU1PAQvI4N84et70GFa6yenr+yk1Sds3KHAyQe+idelsA+WA0LHpYT6igMkupzklL IvvYP4QIIAUTkuQBRKeBMnccYxxn0VHlQk4CpqjqUHO4dYoJ8MAh5E5n8mJc/rTc1IOb 6LxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:mime-version; bh=UatdYDWGqmRgKZK8FJmYNYxpVfD9jnqLdHR5dSSoIcA=; b=SgCN7fIx/sqDSPQ1D/VAfMzXmFjyQDP0W+H4E9F02bHMnl44UwRIwIoxYHOHcQaXNZ HvGnsy/l0FbM2CmxYAy1rMCJVBBBEa4GkcD77tYt19SRmJI2B1DCHSRJk/3trFRggb1s 0KzVtMCgkGSw0AzxfPtZ/ghl3Kpj0m/rqnddpNt/MMYVRgaFDHIxpZCdcG+CIy2Hg90v 0cNhBKPWJs8t+asZwN1/CS+YR7Nxk8pntMVlsch0QL71yQyTCJP4eo28SM+rnNSFMjY3 kI1+gupjFJFygLLxkccOZmtuvAdEFOhQAkc7oIj8z9VeOwMh25A0G6wausiwkSiFp7zY u5pQ==
X-Gm-Message-State: AOAM530GG+AHdbamXURkOft+6bG9aQtWOvYoPrlefwhfiDQU484lQfKj Q0qKSnu474XeF3q9RdDoFazjhCfajiYfwQ==
X-Google-Smtp-Source: ABdhPJzJ7pbjyuWDdLW0EjEnpiYtF9roJ43gla79o5sC/FqiYjd6abkZ/XA1/vy/Yv74lX6xN0k8kA==
X-Received: by 2002:a17:902:c281:b029:d2:2988:4906 with SMTP id i1-20020a170902c281b02900d229884906mr6962381pld.82.1600817881900; Tue, 22 Sep 2020 16:38:01 -0700 (PDT)
Received: from MWHPR19MB1501.namprd19.prod.outlook.com ([2603:1036:120:1d::5]) by smtp.gmail.com with ESMTPSA id z1sm16485217pfj.113.2020.09.22.16.38.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Sep 2020 16:38:01 -0700 (PDT)
From: Vittorio Bertocci <vittorio.bertocci@auth0.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Updated shepherd writeup for draft-ietf-oauth-access-token-jwt-09
Thread-Index: AdaQBeISequJcNI6SyGP8UQ5sz7JUAAJt86AAEMpp+4=
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Tue, 22 Sep 2020 23:38:00 +0000
Message-ID: <MWHPR19MB150128786E578103BA06DB2AAE3B0@MWHPR19MB1501.namprd19.prod.outlook.com>
References: <AM0PR08MB3716E2DF7EFB4B1763690316FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CA+k3eCT8LU0SV1o=o1kja4V4BT5XpBfuGY0G9W3fxB8xbW=oVw@mail.gmail.com>
In-Reply-To: <CA+k3eCT8LU0SV1o=o1kja4V4BT5XpBfuGY0G9W3fxB8xbW=oVw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_MWHPR19MB150128786E578103BA06DB2AAE3B0MWHPR19MB1501namp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/DQAHaCZk2l1FiuLc_W_4JK2_feY>
Subject: Re: [OAUTH-WG] Updated shepherd writeup for draft-ietf-oauth-access-token-jwt-09
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 23:38:04 -0000

Thanks to both! I agree this can use more clarity.
I am modifying the figure as in the following, adopting a style closer to 6.1 of 7519 and providing a more descriptive caption.

Header:

   {"typ":"at+JWT","alg":"RS256","kid":"RjEwOwOA"}

Claims:

   {
     "iss": "https://authorization-server.example.com/",
     "sub": " 5ba552d67",
     "aud":   "https://rs.example.com/",
     "exp": 1544645174,
     "client_id": "s6BhdRkqt3_",
     "scope": "openid profile reademail"
   }


                       Figure 2: The Header and JWT Claims Set of a JWT Access Token



From: OAuth <oauth-bounces@ietf.org> on behalf of Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Date: Monday, September 21, 2020 at 08:36
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Updated shepherd writeup for draft-ietf-oauth-access-token-jwt-09

I believe the intent of that example was to show the unencoded header and body content of the JWT. So perhaps all that's needed is to adjust the text that introduces the example and the figure title or caption or whatever it's called to reflect that?

On Mon, Sep 21, 2020 at 4:58 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:
Hi all,

I updated the shepherd writeup for draft-ietf-oauth-access-token-jwt-09 and included the links to the implementations distributed on the list. I am sure there are more.

While updating the shepherd writeup I noticed that the draft contains a JWT in a style that does not match the format described in RFC 7519.

I was wondering whether we should actually replicate the example in a way similar to Section 6.1 of RFC 7519 (which shows an unsecured JWT) or, even better, a digitally signed JWT.

Here is the snippet from the draft:

   {"typ":"at+JWT","alg":"RS256","kid":"RjEwOwOA"}
   {
     "iss": "https://authorization-server.example.com/",
     "sub": " 5ba552d67",
     "aud":   "https://rs.example.com/",
     "exp": 1544645174,
     "client_id": "s6BhdRkqt3_",
     "scope": "openid profile reademail"
   }


                       Figure 2: A JWT Access Token

What do you think?

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.

v2.23.0 | Report a Bug | By Email