IETF Logo Mail Archive

Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05

Dick Hardt <dick.hardt@gmail.com> Sun, 23 December 2012 18:19 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B9A221F8909 for <oauth@ietfa.amsl.com>; Sun, 23 Dec 2012 10:19:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I1rVUT5k1QUK for <oauth@ietfa.amsl.com>; Sun, 23 Dec 2012 10:19:31 -0800 (PST)
Received: from mail-da0-f50.google.com (mail-da0-f50.google.com [209.85.210.50]) by ietfa.amsl.com (Postfix) with ESMTP id BFE5C21F87AE for <oauth@ietf.org>; Sun, 23 Dec 2012 10:19:31 -0800 (PST)
Received: by mail-da0-f50.google.com with SMTP id h15so2857627dan.9 for <oauth@ietf.org>; Sun, 23 Dec 2012 10:19:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=9bh8nyDqQ5PbcMrhQn1vXZcrT5synAQ5gly1JKUicXA=; b=yeuj4DiBcjraccjsu11rEDCFTUovAZjh652MfboCm35wP05w1jPkad7yX3sUS+Q9c3 1oIPL3Y4qGa8go7R5fMRiuCQzQotuS4dP5SMg4m+Y8O4okkS9cdNzCsukfFREj2V+Nbg tniz1+wh4BY/XhmeWPIyxZI5wU1/qh5aAHXTPLgKhEX4SqEVjTC7Zy5FCofSoh3nemyh +wjMd0Z7SVAIUHcQ0iPKSl7yUHf5bYnGzc/d4BpMJ0bDFBEczSz/JbbuE3DRTyr/yI1r JY0Th70oC93AnR+TsYIOt6SLVue6BKfFzJRR+05IFOEviRdkp8CzVh/3tSmoGnikRbZf IXRw==
X-Received: by 10.66.83.6 with SMTP id m6mr55906058pay.52.1356286771475; Sun, 23 Dec 2012 10:19:31 -0800 (PST)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id x2sm11347954paw.8.2012.12.23.10.19.27 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 23 Dec 2012 10:19:28 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <50D74241.40905@KingsMountain.com>
Date: Sun, 23 Dec 2012 10:19:26 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <288FB5FA-3CEF-487C-9C74-3D016FCD1A41@gmail.com>
References: <50D74241.40905@KingsMountain.com>
To: =JeffH <Jeff.Hodges@KingsMountain.com>
X-Mailer: Apple Mail (2.1499)
Cc: IETF oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Dec 2012 18:19:33 -0000

On Dec 23, 2012, at 9:41 AM, =JeffH <Jeff.Hodges@KingsMountain.com> wrote:

> 
> > Thanks for the replies, Jeff.  They make sense.  Particularly, thanks for
> > the "JSON Text Object" suggestion.
> 
> welcome, glad they made some sense.
> 
> similarly, if one employs JSON arrays, I'd define a "JSON text array".
> 
> 
> > For the "claims" definition, I'm actually prone to go with definitions based
> > on those in
> > http://openid.net/specs/openid-connect-messages-1_0-13.html#terminology -
> > specifically:
> >
> > Claim
> > A piece of information about an Entity that a Claims Provider asserts about
> > that Entity.
> > Claims Provider
> > A system or service that can return Claims about an Entity.
> > End-User
> > A human user of a system or service.
> > Entity
> > Something that has a separate and distinct existence and that can be
> > identified in context. An End-User is one example of an Entity.
> 
> well, it seems to me, given the manner in which the JWT spec is written, one can make the case that JWT claims in general aren't necessarily about an Entity (as the latter term is used in the context of the OpenID Connect specs), rather they're in general simply assertions about something(s). this is because all pre-defined JWT claim types are optional and all JWT semantics are left up to specs that profile (aka re-use) the JWT spec.

Agreed. I'm using an encrypted JWT that is rendered as a QR code to store state.

-- Dick

v2.31.3 | Report a Bug | By Email | System Status