IETF Logo Mail Archive

[OAUTH-WG] Re: RFC 9068

Justin Richer <jricher@mit.edu> Thu, 10 October 2024 13:51 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1BE1C15108A for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 06:51:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.605
X-Spam-Level:
X-Spam-Status: No, score=-1.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, SUBJ_ALL_CAPS=0.5, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZDH6cmZ5fh3 for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 06:51:21 -0700 (PDT)
Received: from BN1PR04CU002.outbound.protection.outlook.com (mail-eastus2azon11020120.outbound.protection.outlook.com [52.101.56.120]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8079AC15106A for <oauth@ietf.org>; Thu, 10 Oct 2024 06:51:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LUphtf1e67Lv/JJYJACqYgd8EX7fLitGWEBbUiSEajENjDbdm5KbBOUbQp5CE9yyGbhxW+77VtE1KYMkfe97mUWxTnR5OQmPaheg8PT3KjFp8dl4rNOFa1yeljLvwBSNmro8joMeAfJF3pS77X18hzWO+UPstMv72QJ4AvrfG1ivzbG5KQ5vM03JGsD98r+SdS4AlyHkWKOn0QgfRwHJEq8w0FZSW760hGc0gWop8They1As4Cv+F0VJ6AuGI8lNpp+LhUsfQLGIUPI2BFRQx5sLewacMd9M31YUa2Yd9qQ0IEaf4W7Fjsz+tsRbj16kgkXiiyNeuIhmyi/6XpR9iA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hlPp8eVbuZDbupxnBhnAR7uU9g6YkQpGW6iKKNwT39w=; b=PtIBmA6nRJWtZvzJCKWXhP3oumH8I9Wg/Us41bhJggnyWDBy1kvDWIfn+eUaSFERz/RWynvD82YxlFjS41fIohgR0rCYzny/NhpxvSNK1FwpEiptRIEefM/sxwWGzR63RxQ+Nj6EIBal/cMwAzaaDcqFkdDQUlgVRF5upQebND2hRbQtIqbcheurjeB2iqiMjJKgB5wj82a7myZLU7nGmyRdhvWDMW4ANCSTpJzLZFJTMmXsbL6rBLMecZrtmtJqfokfPXSi56ZSqxoJQvTKL7gUqg0kfZdi3YLNHK+E++JZcGR5IhyvqfU206TIhmNFg10ik0nPjmu7kXBvvOSwUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hlPp8eVbuZDbupxnBhnAR7uU9g6YkQpGW6iKKNwT39w=; b=VQO58InNv/If8/K7QTzPsSozlf5tNEJj8IRT6cDvuRhO50FO55NARct24vEzEaoESe8sAYiuUUF5x/I0IioAKJWGCwFl/m/ByaAuoQKyiTw8grzS2NAQR+JVi8SjcBSaeVpfuVQzS9FWUh+7aO0PXhRq2+slho1QS52lkIwoHlI=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SJ0PR01MB6303.prod.exchangelabs.com (2603:10b6:a03:29c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.34; Thu, 10 Oct 2024 13:51:18 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820%6]) with mapi id 15.20.7982.033; Thu, 10 Oct 2024 13:51:17 +0000
From: Justin Richer <jricher@mit.edu>
To: "Lee, Matt D" <Matt.Lee=40kbslp.cloud@dmarc.ietf.org>
Thread-Topic: [OAUTH-WG] RFC 9068
Thread-Index: AQHbGcB/55V0SnvLfEqC3lTstd9zR7KAAqaAgAAAwYA=
Date: Thu, 10 Oct 2024 13:51:17 +0000
Message-ID: <A1547D2F-FE42-431E-B9A6-6754541F7C15@mit.edu>
References: <DM4PR15MB5503161F3F1BB3A66F53264F8D7E2@DM4PR15MB5503.namprd15.prod.outlook.com> <62AD7B59-29FD-4829-B744-D60AB0592D86@mit.edu>
In-Reply-To: <62AD7B59-29FD-4829-B744-D60AB0592D86@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SJ0PR01MB6303:EE_
x-ms-office365-filtering-correlation-id: 8cf187a5-4c35-4e4c-35c8-08dce9329d75
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|4022899009|1800799024|38070700018;
x-microsoft-antispam-message-info: Ums5rELTlrqLz1t1DINOY5dHfzicTFWQlZSkNuOuvZR/jIkH20DMmXqpp2OGkcMEcxNV9RFAKo0uttxb1ENxZ9msQHX/lJxbeNjrom3jg0v8wfSfusoKj1PzsEERJX8NOidYj2pH3KvxxSn+IGrCRxuJzKawcVwzPnOac9UiaJBirrsSvdl6jt6MoGAd8ucKkwvBHPfqGuNBrfKMNtGaFDlFERRscg50Sogdph1CcoWMvK5xbNYD+9n99cATgetBCkQ9yf9BY1S88ah6dJ+sHBdqMcB3i/MC9VE9f9hHx1adB5sxk9FS2ytn3ftj9YJc/PkjRLKvXnyz13kZeWvfzfUEPKP0VqatqN7SMSuQEoSD/AMjhxIUj1n2j7mxXKV0jDFhFsx2BDWJ2jwEJDykNKvQtRS7r0QeynaC9rBn6WKiKDHvvl7S1yyizLzr7SFYyB9jFO6kAbyYlthgTAuYoBM5lYqe5UC4rZqroMQJU27vjSnGcupBBN9qHZBcZ2yEmL5JuR2p5qRQMoBwDEZY4PTwAJ/QHMsPcGsEr6YLNNrkrC26V7l1S3fSJxiTUIRqIvkfYNvuzifvrrVj1VSDqyywZZ2MOSoGizKgNT23tXvsgjP0lcrUT6IMinFlHoSrw0V6GZ3pgyM42KUxQNISCgS8QlkxlnZquq0C36aMZzm4N+hg7gv000t+adoh8wHxiGnyYGpQqLsUWXEH3LZlkx9VLxjjtX55LddwFuruP8dZ1T/hfT8F7SBaAjcgQb3eKDCZbdAP8ZWMdqOb/dF4ZuMG3D0BsSJaVv3Yt+cAFvaEeG06ymaKX42VUhke/PHexu0NNd37SyT0YoUNe2FcfPPWjjO32Xl+l9aoCLud0H4QlJfnQlqAiSGXx5d5n5UMXXBMxV18T1f79lgxn/4fJLNG4HX95BcQbnUPb27tTVCNUbvqSiw+NircIDkCgeJSnEetcpDDYda1G9dUyd8PpViDVvtjkHNgKMWc49miZd1bF4ArWZkAJ7ZYwgkgQaYxVF3yA84WHUWAgO1s+cmde0WoHUAv08t6+jNfzieUFzeWpFuypDL2cMYFD88ryAItEChUQoe3A3SQAe2vBW4qq9u7ZbNF8K227kHUS+Gm9ODOqeIqpPPcn4rtEhjJI5oSYxLtJ5S2jCPaACEnnKdIY6zd0D3PoqlSFZyDJcDrSr645sEPii/sVSARCc8NMIejKs5aGW3Cm7dTkfcg6wFyUInHBsiyckm4sz2ceLPaUcroF5+qnjQ41r1V13lK3dLIUxv9tAMy8Bnm5rgEaxwD+D/GepOreNz5HMWx0kFk6UWKhYJOnCmt0vc22AsljGMWWNY3JSCdQuSDGh4UIeIahw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(4022899009)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: gheeVZwWAU5Ea79wyvrlRaYH4PtfFDQvlMMEoYHt9srOd6IBW3g0JTY3bL1Vz1bmql9JdCYjEVbA6lbfzx0FfxxQv/GTPU5VrtKsVpoIihUPJOc4qdDmCQcYvH8BBV4tWqQst17XpkJcGOseFeaMmWESpjTYG9PhK6/jnem6kbkLpp+JnzI83OCKVonr9+XaW0XKV2ydIIn8pxHdwi7QRPj8GhFb7Y+f5Az2J3Vgwd55cKg+uKlDCgPp57KWOe2QBLmOXADfKjQU6Bvt1OoUiTmKpBOD0wsOQ+GCTPCRB12HemA+vBC4ZTMhb8OYoycp1l1+I4TeL4HYbExb+KQmNonSf5okMk4eKBs6dK9f/pb0rnURniR4Y6M9RYO7jBzuS14kj+c75H068LtAGvW3VAvzaamHs2GHHiVi4btg9iF/QOgsOfKOZhhP7S6BAOd/8/NKgFCFU0YRCVB+V0ohd3qiYWfkaDXKsDwMO5kaRMAbFke6so366LsTS3w6TMpe8XYsx+TScj5H72E2I5A/SJb+hkLxh/ES3XuH4PN/ScB8UcrZPZDy/Cih3dULc9w+3R8GQ6M1hdMlYB53PusPkcoA7KEtt0eCC9kuojJT8IzgWgr4DvVTaLRCg0e7SjZYKOeysOBnVlxnZKu7413uGH6XbI2QaVp4QBugeT35BCwuuysRx9Wi7PbMI4KeVFHkMTGmWY6LpZF4hamNpDYusQeuyUcb9KO7za8My7roLyUdP/yE2Lh0kBna2GX6ARY/WoRt6UAhPBgEZK8unr/rXmeDuMGoFt+aLUSScy42NuelCXKC27HW/lDd9XVauflYopBsamyb55jS8bBBHAW9VwKXwK3e+ogNccV+08zYzmslc/n9W7EmS6aIMtmkdu2cP9P0EDNK4Sx1uPUy0m/x/t8B8vy0bp4mhe3mHu5oKQ0pAxoRf/VyG0sKjGsOl2p1jGa/pzaj6tnyGs0Vjo/r5z0IBxeScWILCN8ufk/1za2rlgXIHJYMD5g9dDHv49yIc1vBrE4QqoHDeAmDUUeRO8Vt981NxhG4VBQTT5bHTDnod0AckNyEhyAqETWHRmRkIZ+OccvLGaDX6he5X+OhMCrGeGgsZGH3PzpvhAyirVn5gB5Vn/tz51a285kmIwJBuoS9FbOCpUjOlI1Asys3uK8iVZiRrVnQNyd/jy9TgY3mwmN6/aM681KIWdDNQvPpQbUNND+txwo5w2sLoamuTVHImTBX6wgAdESZNyEO/CnAZlauvClz/uPcDksGRWl/5i2bzm8aHKugXDVnmDxGguou0LGB83AsaWxBj2XnU9VdLVUkEhrvWMT64FnylJb8Z6DOt/XfGM2cC+lYtDqwvLFB/gw0JSn0sczceKEGxy15pLqgTbcBSX0eqbHr9MjIFRb3TEE0OQT6CtwvxSlyLIXG/pKO4KgWJprtQcutlfpiJ3S6j9/PwqkxJ0p+Ell9SuoXIjC7zQUeqUbAKS8v6V5ykMW92qc3Rf6bEA/uNjeihh81fYIpRHWXFDtMGhgMnNGK8waCk/jQPK3topksYr8wM+Coc1+DynuBd/9LrFNnYjOihHNosj/qwiXFnvIN
Content-Type: multipart/alternative; boundary="_000_A1547D2FFE42431EB9A66754541F7C15mitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8cf187a5-4c35-4e4c-35c8-08dce9329d75
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2024 13:51:17.8520 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gqo6j2qzo40KeaSKNcpIhhYuSOrJUtiAb6BXPasHw2n3K3EUQ0eUgF0RDrG8YZm6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6303
Message-ID-Hash: W33VND7655D44E3K5AAG5UYLNPHJ5HZC
X-Message-ID-Hash: W33VND7655D44E3K5AAG5UYLNPHJ5HZC
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [OAUTH-WG] Re: RFC 9068
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/AvBaCTDSDbW2avcDl7L0RkBRd1E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

My apologies - I just realized that I mistakenly typed "RFC6086" on the first part of the message, to be clear the entire comment is in fact about RFC9068.

 — Justin

On Oct 10, 2024, at 9:48 AM, Justin Richer <jricher@mit.edu> wrote:

Hi Matt,

RFC6086 is published and final — there is not ongoing work on that document, because it is complete. I’m sure there is also other work happening all around about profiling JWTs for specific purposes and circumstances.

The wording of "Proposed Standard" can be confusing. It does not mean that the document is still in process. Instead, it speaks to the nature of organizations like the IETF: we can only really propose and describe standards, it’s the implementations that make those standards concrete in the real world.

With that in mind, the best way to continue the work of RFC9068 is to implement it and advocate for others to implement it as well.

 — Justin

On Oct 8, 2024, at 4:41 PM, Lee, Matt D <Matt.Lee=40kbslp.cloud@dmarc.ietf.org> wrote:

First, my sincerest condolences regarding the loss of Vittorio Bertocci, someone who had an astonishing impact on the industry and community at large.

I was reminded of this loss today as I was having a conversation with some peers about the optional nature of the sub claim in JWTs used in OAuth grants. After we searched for guidance we found this proposed standard from Vittorio that would move sub from optional to required, and wondered if anyone was picking this up now that he has passed.

Thank you

Matt Lee | KGS Enterprise Architect
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-leave@ietf.org

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-leave@ietf.org

v2.38.3 | Report a Bug | By Email | System Status