Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
Mike Jones <Michael.Jones@microsoft.com> Thu, 24 April 2014 21:42 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B3551A03F5 for <oauth@ietfa.amsl.com>; Thu, 24 Apr 2014 14:42:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJ72QivwyZoK for <oauth@ietfa.amsl.com>; Thu, 24 Apr 2014 14:42:20 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0206.outbound.protection.outlook.com [207.46.163.206]) by ietfa.amsl.com (Postfix) with ESMTP id 7CD171A03EF for <oauth@ietf.org>; Thu, 24 Apr 2014 14:42:20 -0700 (PDT)
Received: from BY2PR03CA075.namprd03.prod.outlook.com (10.141.249.48) by BY2PR03MB025.namprd03.prod.outlook.com (10.255.240.39) with Microsoft SMTP Server (TLS) id 15.0.934.12; Thu, 24 Apr 2014 21:42:12 +0000
Received: from BN1AFFO11FD013.protection.gbl (2a01:111:f400:7c10::184) by BY2PR03CA075.outlook.office365.com (2a01:111:e400:2c5d::48) with Microsoft SMTP Server (TLS) id 15.0.929.12 via Frontend Transport; Thu, 24 Apr 2014 21:42:12 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1AFFO11FD013.mail.protection.outlook.com (10.58.52.73) with Microsoft SMTP Server (TLS) id 15.0.929.8 via Frontend Transport; Thu, 24 Apr 2014 21:42:11 +0000
Received: from TK5EX14MBXC288.redmond.corp.microsoft.com ([169.254.3.63]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.03.0181.007; Thu, 24 Apr 2014 21:41:40 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
Thread-Index: Ac9fEZKCDboZV7WmRDqDYDMAE4ic1QAiYecAABqJgEA=
Date: Thu, 24 Apr 2014 21:41:40 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A194BB5@TK5EX14MBXC288.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739439A191D83@TK5EX14MBXC288.redmond.corp.microsoft.com> <5358D1C6.1080807@gmx.net>
In-Reply-To: <5358D1C6.1080807@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(6009001)(438001)(24454002)(13464003)(377454003)(479174003)(189002)(199002)(52604005)(51704005)(51444003)(164054003)(15202345003)(92566001)(92726001)(86362001)(80022001)(66066001)(33656001)(23726002)(15975445006)(97736001)(50466002)(99396002)(97756001)(86612001)(80976001)(46406003)(81342001)(81542001)(20776003)(47776003)(79102001)(6806004)(19580405001)(19580395003)(44976005)(46102001)(83322001)(76482001)(83072002)(74502001)(76176999)(84676001)(2009001)(54356999)(74662001)(50986999)(31966008)(4396001)(85852003)(87936001)(77982001)(55846006)(2656002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB025; H:mail.microsoft.com; FPR:; MLV:sfv; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 01917B1794
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/7Pex558h2jIHXvhac2u37VPJYgw
Subject: Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 21:42:23 -0000
For what it's worth, the JOSE documents such as http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-25 also include the ECMAScript reference for the same reason as JWT does and Karen's shepherd write-up at http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/shepherdwriteup/ doesn't list it as a down-reference. I think that it shouldn't be list as a downref for JWT, because it's a reference to a related standard - not a reference to a standard that was obsoleted by any RFC, including not being obsoleted by RFC 7159. -- Mike -----Original Message----- From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] Sent: Thursday, April 24, 2014 1:57 AM To: Mike Jones; oauth@ietf.org Subject: Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19 Thanks, Mike. Leave the ECMAScript reference in the document. I indicated it as a DOWNREF in the my shepherd write-up and that should be fine. Ciao Hannes On 04/23/2014 06:32 PM, Mike Jones wrote: > Replies inline... > > > > -----Original Message----- > From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes > Tschofenig > Sent: Wednesday, April 23, 2014 4:49 AM > To: oauth@ietf.org > Subject: [OAUTH-WG] Minor questions regarding > draft-ietf-oauth-json-web-token-19 > > > > Doing my shepherd write-up I had a few minor questions: > > > > * Could you move the RFC 6755 reference to the normative reference > section? Reason: the IANA consideration section depends on the > existence of the urn:ietf:params:oauth registry. > > > > OK > > > > * Could you move the JWK reference to the informative reference section? > > Reason: The JWK is only used in an example and not essential to the > implementation or understanding of the specification. > > > > OK > > > > * Would it be sufficient to reference RFC 7159 instead of the > [ECMAScript] reference? > > > > No. There's no equivalent to Section 15.12 of ECMAScript about the > lexically last member name to reference in RFC 7159. See the usage in > the first paragraph of > http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-4. > > > > * The document registers 'urn:ietf:params:oauth:token-type' and it is > used in the "type" header parameter. > > > > The text, however, states that the value can also be set to jwt. Why > would someone prefer to use urn:ietf:params:oauth:token-type instead > of the much shorter jwt value? > > > > There are use cases, such as using JWTs as tokens in WS-Trust, where a > URI is needed. > > > > Ciao > > Hannes > > > > Thanks for doing this. > > > > -- Mike > > >
- [OAUTH-WG] Minor questions regarding draft-ietf-o… Hannes Tschofenig
- Re: [OAUTH-WG] Minor questions regarding draft-ie… Mike Jones
- Re: [OAUTH-WG] Minor questions regarding draft-ie… Hannes Tschofenig
- Re: [OAUTH-WG] Minor questions regarding draft-ie… Mike Jones
- Re: [OAUTH-WG] Minor questions regarding draft-ie… Mike Jones