IETF Logo Mail Archive

[OAUTH-WG] OAuth and OpenID Connect Token Binding specs updated

Mike Jones <Michael.Jones@microsoft.com> Fri, 27 October 2017 01:49 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0559913F48D for <oauth@ietfa.amsl.com>; Thu, 26 Oct 2017 18:49:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.01
X-Spam-Level:
X-Spam-Status: No, score=-3.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09NnTdxWZQHh for <oauth@ietfa.amsl.com>; Thu, 26 Oct 2017 18:49:14 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0090.outbound.protection.outlook.com [104.47.41.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23FD413968C for <oauth@ietf.org>; Thu, 26 Oct 2017 18:49:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NITpwHexTr1nKW6mfEZxz0mhesNfN7t4gg6fevxXGLI=; b=P59dVRstk7BttCCEt6Fi4C0z3SE9HAMyA75RYTJb+QFVvv2vAj7l7XD04RyJp0lPOZQwK7Y4voNtGQ3IkugqY3UCfeTbmMxsQ1O2i2WOesZmfMiql1kr4V2nnD7ka4ApjeQ+atC8yMc7MZYA9SCVr1kRu9/4OBMP7/BEqFnDfMk=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0757.namprd21.prod.outlook.com (10.173.192.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.197.0; Fri, 27 Oct 2017 01:49:12 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0197.006; Fri, 27 Oct 2017 01:49:12 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth and OpenID Connect Token Binding specs updated
Thread-Index: AdNOwS8Q2pa6FtsSQ0mfAarSebdK2A==
Date: Fri, 27 Oct 2017 01:49:12 +0000
Message-ID: <CY4PR21MB0504C66C604809958CEDB57BF55A0@CY4PR21MB0504.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-10-26T18:49:11.4969643-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:d::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0757; 6:mcSZN2v321dffTzGadSe6bVhF09GKbqyO44Ri5XalFj9zuVabdm9yH9Op14KsJnMGq8i3U2l0of3EEAWpz+BjwZqNlyiPzxISau3XG53yN7qKNKuEhgyWYgiHikKeHYWnvoGS1tiqqBDiI4ubZ9GyiEuVPfnsFT6+cCk1GlZ7I1+sYbV8N68ecoN5wAeH9eUjn6OY34ejLpxrUNsTqGO3qUsumfMsXWCLqgEUBelfmXqMJfr6O/yhXAMsb0EcYFAOuJT/vxa/hmQCG0fYK5ahiyiNXTIh7V1AcrOiZ/zYqdQ/BkqILY5Ayi0Pcs6dKfqJdUrIiq+BUPyaOWMyizQVh6MafNoPsyKKzKV42wk4n4=; 5:FLx3bcuCYxxaZ4rOcysz8ZX+QvvwpIbO4+4mFvZsrBbv/KXzLSh04kxOb2uBaGHifrxOziMOsFB5FCnTIxFTUqSEWXaRBuip/3yIW3Nl8+bh8MwGZtksHabmoTExxWGMOjLEVy3+sVB6uTXkNGQePw8EEGovynPajbRu8JDlQew=; 24:XSyczmv2vhTdCNURiUR9uaFPvsSbuKv81Fri733j453mWqwtV2F+hFQajDSuCYrwHoAivMBmoKJ+1eLg4eCWF5wNLAWt/TeGfMuj7d+FsC8=; 7:OgdtUeE3LDODagqiJ83zn0+Xg+AmeC2ryixe/NAcY0uGgYbxzZQ969vA06jIE5bngAa8b0+5lAIoBzkea0Tt8MyuX5OoN0JoEt27iDS7M1iA0yul3R7Pbg26wErO5Jd7OHmk8bzbez2f9g7q1FYBE0gd8Vvp20ueXC2e64jiznSZDBQSeVPuLf7UEgzcVGku+OOXQXn8+tD6qLADvrWLRgPD9EOu7Rf/T7On18JHJnK+PXKZQV199ytPwM297X1N
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7e5ff90a-c771-4bda-31b9-08d51cdcec77
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603238); SRVR:CY4PR21MB0757;
x-ms-traffictypediagnostic: CY4PR21MB0757:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-exchange-antispam-report-test: UriScan:(31418570063057)(21748063052155)(21532816269658);
x-microsoft-antispam-prvs: <CY4PR21MB0757C474340BE847ADADEE9FF55A0@CY4PR21MB0757.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231020)(10201501046)(100000703101)(100105400095)(6055026)(61426038)(61427038)(6041248)(20161123558100)(20161123562025)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0757; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0757;
x-forefront-prvs: 0473A03F3F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(209900001)(47760400005)(189002)(199003)(99286003)(6306002)(2906002)(55016002)(236005)(54896002)(53936002)(9686003)(7110500001)(10090500001)(189998001)(68736007)(7736002)(3280700002)(2900100001)(33656002)(74316002)(606006)(8990500004)(3660700001)(15650500001)(6506006)(77096006)(102836003)(6116002)(101416001)(6916009)(790700001)(72206003)(966005)(478600001)(10290500003)(97736004)(8936002)(25786009)(5660300001)(6436002)(2420400007)(5640700003)(14454004)(2351001)(7696004)(53376002)(22452003)(106356001)(8676002)(1730700003)(86612001)(105586002)(54356999)(86362001)(81156014)(5630700001)(50986999)(2501003)(81166006)(316002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0757; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0504C66C604809958CEDB57BF55A0CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e5ff90a-c771-4bda-31b9-08d51cdcec77
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2017 01:49:12.7609 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0757
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/9ade5J32ox0n05Jq064nsWHc258>
Subject: [OAUTH-WG] OAuth and OpenID Connect Token Binding specs updated
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 01:49:16 -0000

The OAuth 2.0 Token Binding specification has been updated to enable Token Binding of JWT Authorization Grants and JWT Client Authentication.  The discussion of phasing in Token Binding was improved and generalized.  See the Document History section for other improvements applied.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-oauth-token-binding-05

An HTML-formatted version is also available at:

  *   http://self-issued.info/docs/draft-ietf-oauth-token-binding-05.html

An update to the closely-related OpenID Connect Token Bound Authentication 1.0 specification was also simultaneously published.  Its discussion of phasing in Token Binding was correspondingly updated.

The OpenID Connect Token Binding specification is available in HTML and text versions at:

  *   http://openid.net/specs/openid-connect-token-bound-authentication-1_0-02.html
  *   http://openid.net/specs/openid-connect-token-bound-authentication-1_0-02.txt

Thanks to Brian Campbell for doing the bulk of the editing for both sets of revisions.

                                                                -- Mike

P.S.  This note was also published at http://self-issued.info/?p=1740 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email