IETF Logo Mail Archive

Re: [OAUTH-WG] Wrapping access token and codes

John Bradley <ve7jtb@ve7jtb.com> Fri, 07 November 2014 14:15 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 441351A1BE6 for <oauth@ietfa.amsl.com>; Fri, 7 Nov 2014 06:15:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWblATwA1LMn for <oauth@ietfa.amsl.com>; Fri, 7 Nov 2014 06:15:32 -0800 (PST)
Received: from mail-qc0-f175.google.com (mail-qc0-f175.google.com [209.85.216.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA91F1A1BE0 for <oauth@ietf.org>; Fri, 7 Nov 2014 06:15:18 -0800 (PST)
Received: by mail-qc0-f175.google.com with SMTP id b13so2859848qcw.6 for <oauth@ietf.org>; Fri, 07 Nov 2014 06:15:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=XG9lASP7qNQqCYwV8xUzkexezY0Op9RUzoLx8wV0oCk=; b=SBAJbs4c+r4tWHe5i0XKkW/oCeUNaum1AupGkSFQ/jga192oVnSnvl8vZxf3UYMPHV wjMEtY/E8khjzflT33y9GmraPjvhvPNEgJy/K20thpRsvF8ToH9u1yF6pkFdLA7J5cz5 QXdEW8O30WAnA1zsPtEPNAyGbvW10GGw5tZ6ZHxI4EQOUle8pxYsDuHzIhnydqfiPP8H cUOqO13bfAun1+aSww87lpaG+r9F2pnQqyqlBNd+XE0OZpcOgR6VwpWosZH+1QtCgs19 qBL76rEGFQYqie0T0Sh9g7Yjt+PvOD7/n9Nv0+/08P4XA3D/hS3Xp3hdnctsHVK8feOc H/Rw==
X-Gm-Message-State: ALoCoQn0mjSCf+zUmklnyjfT4UCnx4EpIvzZOMbMIOTEE6YB3EeFFlOUH6SjRtB2ePpkdw77fBNE
X-Received: by 10.229.7.133 with SMTP id d5mr17815812qcd.24.1415369717510; Fri, 07 Nov 2014 06:15:17 -0800 (PST)
Received: from [192.168.8.100] ([186.65.128.197]) by mx.google.com with ESMTPSA id s3sm8464740qat.4.2014.11.07.06.15.15 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 07 Nov 2014 06:15:17 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <545CA92C.3020900@gmail.com>
Date: Fri, 07 Nov 2014 11:15:13 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <73DB2D41-E150-493D-BD73-6365C32EDCC5@ve7jtb.com>
References: <545B6582.2030505@gmail.com> <486890415.168363.1415299911950.JavaMail.yahoo@jws10615.mail.bf1.yahoo.com> <545CA92C.3020900@gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/C0sXisyqETC34adJryeaISF4acQ
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Wrapping access token and codes
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Nov 2014 14:15:34 -0000

You don't need to use JWT access tokens, you could use a opaque token and introspect it.  However JWT access tokens are likely the simplest answer for getting the clients proof key to the RS.

in http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution you can register a secret for the client and encrypt a symmetric key to it, if you want to use symmetric proofs for the RS.

For performance using symmetric proofs to the RS is not a bad option.   

If the client is a server and has appropriate hardware protection for asymmetric keys then using a asymmetric key protected by a HSM is going to be the most secure.

For native public client, they can start the flow with SPOP and when they exchange code and the code verifier get a symmetric proof key for the AT.  

SPOP and Proof of possession for AT are complimentary and used to protect different parts of the flow.

The c_hash and at_hash that we added to the id_token in Connect allow a client to determine if a token delivered in the front channel has been tampered with by the user agent.
(Some AS return at_hash in id_tokens returned from the token endpoint for interoperability, but hat is not required)  

John B


On Nov 7, 2014, at 8:12 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:

> Hi
> On 06/11/14 18:51, Bill Mills wrote:
>> So you're wanting end to end security not relying on TLS?
>> 
> I was not really thinking about HTTPS vs HTTP in this case. I'm kind of in the process of appreciating what JWE/JWS can do and I can't help trying to consider it applying at the every possible opportunity :-)
>> 
>> Have you seen the new draft on protecting codes from interception?
>>  Currently called SPOP but needs a different name.
>> 
> Do you mean this one:
> http://tools.ietf.org/html/draft-ietf-oauth-spop-02
> ?
> 
> Yes I did - it's a different mechanism though, I guess it is of most help to the pubic clients, though we do not distinguish in our code, a confidential client can use the SPOP mechanism too.
> 
> I think the wrapping idea is probably what
> http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-01#ref-10
> 
> talks about with respect to distributing a key using a JWE option.
> That actually looks interesting; I haven't analyzed it much yet but apparently it is tied to the access token being necessarily in a JWT format, may be I did not get it right yet.
> 
> I guess it just can be interesting even in the TLS case. I believe people do not mind doing the extra protection even in the TLS cases.
> 
> Or take the implicit grant; if the wrapped access token reaches a client which is aware of WebCrypto API then it is probably making this grant much more secure...
> 
> Sergey
> 
>> On Thursday, November 6, 2014 4:12 AM, Sergey Beryozkin
>> <sberyozkin@gmail.com> wrote:
>> 
>> 
>> Hi
>> 
>> Does it make sense to consider supporting an access token or code
>> wrapping as part of the standard OAuth2 responses ?
>> 
>> For example, if a client has registered its public key with AS then say
>> the access token response would contain the regular
>> 
>> {"access_token":"1234345"}
>> 
>> except that "1234345" would actually be a JWE RSA-OAEP wrapped opaque
>> token with a client's public key being used. Or a direct key encrypted
>> token if the client and the server only share the client secret
>> allocated to the client during the registration.
>> 
>> The net result is that only the registered confidential client would be
>> able to extract the actual opaque access token. The response would
>> actually be
>> 
>> {"access_token":"1234345", wrapped:true}.
>> 
>> I definitely plan to use this approach as a simple mechanism for making
>> a safer distribution of mac keys as part of access token responses; but
>> IMHO it can be handy for minimizing the possibility of the
>> access/refresh tokens or codes being intercepted...
>> 
>> Sergey
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email