Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples
Mike Jones <Michael.Jones@microsoft.com> Mon, 28 April 2014 16:22 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71B361A6F4C for <oauth@ietfa.amsl.com>; Mon, 28 Apr 2014 09:22:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_A7RZkM0VpA for <oauth@ietfa.amsl.com>; Mon, 28 Apr 2014 09:22:24 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0210.outbound.protection.outlook.com [207.46.163.210]) by ietfa.amsl.com (Postfix) with ESMTP id 3D59C1A6F45 for <oauth@ietf.org>; Mon, 28 Apr 2014 09:22:24 -0700 (PDT)
Received: from BY2PR03CA028.namprd03.prod.outlook.com (10.242.234.149) by BY2PR03MB363.namprd03.prod.outlook.com (10.242.237.16) with Microsoft SMTP Server (TLS) id 15.0.929.12; Mon, 28 Apr 2014 16:22:22 +0000
Received: from BY2FFO11FD051.protection.gbl (2a01:111:f400:7c0c::142) by BY2PR03CA028.outlook.office365.com (2a01:111:e400:2c2c::21) with Microsoft SMTP Server (TLS) id 15.0.929.12 via Frontend Transport; Mon, 28 Apr 2014 16:22:22 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD051.mail.protection.outlook.com (10.1.15.188) with Microsoft SMTP Server (TLS) id 15.0.929.8 via Frontend Transport; Mon, 28 Apr 2014 16:22:21 +0000
Received: from TK5EX14MBXC288.redmond.corp.microsoft.com ([169.254.3.63]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.03.0181.007; Mon, 28 Apr 2014 16:21:48 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Brian Campbell <bcampbell@pingidentity.com>
Thread-Topic: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples
Thread-Index: AQHPYHPsqQW6K7XM2UikgyZnVh8GF5siN60AgAAO7ICAABvwAIAAIeyQgAQ1JoCAAICXMA==
Date: Mon, 28 Apr 2014 16:21:47 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A1989FE@TK5EX14MBXC288.redmond.corp.microsoft.com>
References: <535A3AF4.4060506@gmx.net> <5E2E0F9B-AB61-43AA-B182-E776C97C83FE@adobe.com> <535A5819.2030805@gmx.net> <CA+k3eCTRwPB-BNAoSkzsPCYjP-tuynLLxxHMJcvA4kDFj3aRLQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739439A195D48@TK5EX14MBXC288.redmond.corp.microsoft.com> <535E1391.2090909@gmx.net>
In-Reply-To: <535E1391.2090909@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(6009001)(438001)(24454002)(189002)(199002)(13464003)(377454003)(479174003)(83322001)(80976001)(87936001)(23676002)(6806004)(19580395003)(44976005)(19580405001)(97736001)(2656002)(84676001)(15975445006)(92726001)(20776003)(47776003)(92566001)(50986999)(76176999)(33656001)(4396001)(79102001)(85852003)(15202345003)(77982001)(54356999)(31966008)(81542001)(74662001)(99396002)(50466002)(46102001)(2009001)(86362001)(66066001)(55846006)(83072002)(80022001)(81342001)(76482001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB363; H:mail.microsoft.com; FPR:B656F336.2E3195C8.41E0F7C9.46E093AC.20289; MLV:sfv; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 01952C6E96
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/6TBLUgw-2YxBuqsNndHGmU2AOvs
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 16:22:26 -0000
I'm confused by your statement below, Hannes, about the examples not showing JWTs protected by MACs or digital signatures, since the example JWT in http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-3.1 is protected by a MAC and the nested JWT example in http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.2 is protected by a digital signature (and then encrypted). -----Original Message----- From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] Sent: Monday, April 28, 2014 1:39 AM To: Mike Jones; Brian Campbell Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples Hi Mike, On 04/25/2014 06:37 PM, Mike Jones wrote: > While we could add other examples, doing so is beyond the scope of the > immediate mission to validate the existing examples, Hannes. There’s > lots of examples in the underlying JOSE specs, so it’s not clear that > we really need to add additional ones at this time. (If this > suggestion comes up again during IESG review, we could do that, but I > don’t think it’s necessary at this point to move the spec to IESG > review.) > It is certainly true that examples are not mandatory and that the JOSE specs contain a number of examples. Read through the document it came to my mind that the most common uses of JWTs are actually not covered as part of the examples. Many readers look at the examples to quickly get the idea and neither a JWT protected using a MAC is there nor a JWT protected with a digital signature. I will, however, get over it. Ciao Hannes
- [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - E… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Sergey Beryozkin
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Antonio Sanso
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones
- Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19… Mike Jones