[OAUTH-WG] JWT BCP updates addressing WGLC feedback

Mike Jones <Michael.Jones@microsoft.com> Thu, 10 May 2018 00:02 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 377DF126C19 for <oauth@ietfa.amsl.com>; Wed, 9 May 2018 17:02:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYZgH06bX0f8 for <oauth@ietfa.amsl.com>; Wed, 9 May 2018 17:02:33 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0129.outbound.protection.outlook.com [104.47.36.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E7B0124234 for <oauth@ietf.org>; Wed, 9 May 2018 17:02:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VqHVs0n+HcDArarLn7jmHkwxVcU7hf6H1Je3q7wSq/Q=; b=AfNgbOrAEq/K2JhGtForzFkRjswbt3dw5Q4TRatfUf8RFc2fVT7RkNpcbzqIzEYwAjEyDsY2Zj9FPWVBjQRmudtheD4RBkrLpDF2Z8Vpz4R316L1j7bVsPUcEXiNBKfNY9YkM0ZhypgdEwDFbj8cYAeq8QQ03+csWmFhGu0p6C4=
Received: from SN6PR00MB0304.namprd00.prod.outlook.com (2603:10b6:805:b::30) by SN6PR00MB0366.namprd00.prod.outlook.com (2603:10b6:805:c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.793.0; Thu, 10 May 2018 00:02:31 +0000
Received: from SN6PR00MB0304.namprd00.prod.outlook.com ([fe80::78c2:1262:2203:b29]) by SN6PR00MB0304.namprd00.prod.outlook.com ([fe80::78c2:1262:2203:b29%4]) with mapi id 15.20.0796.000; Thu, 10 May 2018 00:02:31 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JWT BCP updates addressing WGLC feedback
Thread-Index: AdPn8AGpcsWKiWuLTiCXCDaJYzjVyw==
Date: Thu, 10 May 2018 00:02:31 +0000
Message-ID: <SN6PR00MB03044DD73EAEF9BBDF7B2609F5980@SN6PR00MB0304.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-05-10T00:02:29.4699672Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:b::145]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR00MB0366; 7:5C9BHEalPaZqsRe3SrrtAXapgeTWInwsx8oO+OfY0VYqMUY9gWrsRmN1DzNv8XCfk0Zar8083u8Ym5nzDME68EvP0uGj9DWrYwk5e5Azk21wLv4/x2axg82KTa6taIC/n+/aTZLUERpr09HH8aYEs4Bl4esXmQoXgpfSPCFYhMK4zAoTz+F54MHBhOmtCsRR6BxpAVEzSS6sCv822k+CxxpfR3ubcXj8VVKIZhIxvAJNcPapRTyCzOubzsPmCsb1; 20:vWPWq/q6R9Ly0MYEynft7/CnDIH6MX0d8J6NHvacha6+ThBtA8JNM2ssixs4jCO4pblkHmMnvTApsXp1GMHHmagZwrvsUbOfb0/kMWOx4dOb6+D3o2JSNs+0liH6NdEmf6cTjhxDJO7UpfkrA14EkaMjHEuAoip6kEJZEwx5bVM=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603328)(7193020); SRVR:SN6PR00MB0366;
x-ms-traffictypediagnostic: SN6PR00MB0366:
x-microsoft-antispam-prvs: <SN6PR00MB0366063CD0FDE7509C695EA1F5980@SN6PR00MB0366.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(31418570063057)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3002001)(10201501046)(93006095)(93001095)(3231254)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:SN6PR00MB0366; BCL:0; PCL:0; RULEID:; SRVR:SN6PR00MB0366;
x-forefront-prvs: 066898046A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(396003)(366004)(39380400002)(346002)(376002)(39860400002)(209900001)(189003)(199004)(105586002)(1730700003)(86362001)(86612001)(14454004)(2351001)(486006)(5250100002)(476003)(97736004)(236005)(52396003)(22452003)(2501003)(53936002)(8676002)(68736007)(72206003)(5640700003)(6116002)(2906002)(46003)(81166006)(81156014)(10290500003)(790700001)(9686003)(5630700001)(7696005)(7736002)(99286004)(25786009)(21615005)(3280700002)(478600001)(316002)(59450400001)(5660300001)(3660700001)(186003)(6346003)(74316002)(53376002)(6506007)(966005)(6306002)(2900100001)(55016002)(8936002)(10090500001)(106356001)(102836004)(6916009)(2420400007)(33656002)(606006)(6436002)(54896002)(7110500001)(15650500001)(8990500004)(217873001)(6606295002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR00MB0366; H:SN6PR00MB0304.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: tcXDhoIDiec/Xv9HbrrodCMcGve5993XxQ2wibOgzPajlP8PIuxwu305/Jtyvv15KdU1oPpfJ853kFMA1krjmSn25SEaiBJ3cTE0VYCzWhhVlNhuEGQeAaklO7HfLafugVai0EM/URsjPUxU36FLCTPips7cXF5YFIaqlNIfT9sEv2B6s9Yn29zWYIQXRG8+
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR00MB03044DD73EAEF9BBDF7B2609F5980SN6PR00MB0304namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 50e2c5f3-cd25-46c3-35b7-08d5b6095392
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 50e2c5f3-cd25-46c3-35b7-08d5b6095392
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2018 00:02:31.4654 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR00MB0366
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/m_WsjR0CebpUpNOdr3Nx-qYCn_o>
Subject: [OAUTH-WG] JWT BCP updates addressing WGLC feedback
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 00:02:35 -0000

The JSON Web Token (JWT) Best Current Practices (BCP) specification has been updated to address the Working Group Last Call (WGLC) feedback received.  Thanks to Neil Madden for his numerous comments and to Carsten Bormann and Brian Campbell for their reviews.

Assuming the chairs concur, the next step should be to request publication.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-03

An HTML-formatted version is also available at:

  *   http://self-issued.info/docs/draft-ietf-oauth-jwt-bcp-03.html

                                                                -- Mike

P.S. This notice was also posted at http://self-issued.info/?p=1847 and as @selfissued<https://twitter.com/selfissued>.