Re: [OAUTH-WG] Wrapping access token and codes
John Bradley <ve7jtb@ve7jtb.com> Fri, 07 November 2014 20:43 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6EB21A1B01 for <oauth@ietfa.amsl.com>; Fri, 7 Nov 2014 12:43:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OMUW9GCu9Enj for <oauth@ietfa.amsl.com>; Fri, 7 Nov 2014 12:43:02 -0800 (PST)
Received: from mail-qg0-f50.google.com (mail-qg0-f50.google.com [209.85.192.50]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A36DB1A1A23 for <oauth@ietf.org>; Fri, 7 Nov 2014 12:43:02 -0800 (PST)
Received: by mail-qg0-f50.google.com with SMTP id a108so2944832qge.37 for <oauth@ietf.org>; Fri, 07 Nov 2014 12:43:01 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=M2O92Pc2uBToGPDtrOA+G4ZsA5mOLRBi36Cr3eVkIO8=; b=KgluE3mTcaGjXOydhErlm/wW4+y+TEP3nVpvJNIUPk7nwj9x5nHAEfg7Ldo2KQPCUx cf2gWqo2maOUafPqN7Nee4aMrmlWBfTedhoGpcGd7c10dc3CY04tuk/2KFUwaX7ozaxk YosXueGv8X0Oxep5HzKOk6cFNtp/Hvu8P7vRvqi1HUyL/55kD7NjBxY64N39PkKsb+2C WrUpcO3KGCOoHp569Ackkll0h9a1r5NmkVkx7v2VcI7nnVncYsJcfE4R6MW4BRPLKgdk odmzGLNyDysfmIJabytX9pKbUw++9Ji2Qvcf0DJ7j9SbQ4xJFGfQ03YhY/IELUaoxASH 9uoQ==
X-Gm-Message-State: ALoCoQnr3K+bQ7xbn4/uD2W9wDCPbCy3RH9Imkevt1rrAmAGxk7DBaQA2bbMx8FosWuDURQl9XPB
X-Received: by 10.224.55.70 with SMTP id t6mr20961706qag.83.1415392981582; Fri, 07 Nov 2014 12:43:01 -0800 (PST)
Received: from [192.168.8.100] ([186.65.164.24]) by mx.google.com with ESMTPSA id i1sm9225043qaz.28.2014.11.07.12.42.59 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 07 Nov 2014 12:43:01 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <545CED0D.6030103@gmail.com>
Date: Fri, 07 Nov 2014 17:42:57 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <EC229654-D92C-4184-8545-0DC7C95E4184@ve7jtb.com>
References: <545B6582.2030505@gmail.com> <486890415.168363.1415299911950.JavaMail.yahoo@jws10615.mail.bf1.yahoo.com> <545CA92C.3020900@gmail.com> <73DB2D41-E150-493D-BD73-6365C32EDCC5@ve7jtb.com> <545CED0D.6030103@gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/DT3ur4kIsA_uhIrldeaYIRkQroE
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Wrapping access token and codes
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Nov 2014 20:43:05 -0000
Inline On Nov 7, 2014, at 1:02 PM, Sergey Beryozkin <sberyozkin@gmail.com> wrote: > Hi John > > Many thanks for the clarifications. FYI, I posted some comments re the http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution to a dedicated thread. > > I just wonder is it OK to distinguish between bearer and JWT tokens in the spec texts referring to the client processing the access token responses. As far as the access tokens are concerned JWT token is just a data container which can be useful to AS/RS for the purpose of representing the relevant info, I'm curious if the client needs to know anything about the access_token format/representations at all. > The goal is for the AT to continue to be opaque to the Client as they are with bearer tokens. The spec contains an example of how to do it with a JWT access token, and is the method I prefer. Introspection or a combination of introspection and structured token can be used. Sec 3.2 states that the use of JWT AT is optional. In some cases real time claim info from the AT is desired by the RS. The way I would do that is to send a JWT with the key info so that session setup can be done by the RS quickly, but include a claim that is a reference to information at the AS and introspect that in parallel, that also deals with a problem that occurs if you have multiple AS for one RS. I don't think that we should go into all the possible options in this spec, perhaps that could be in a implementers guide. > I'm also curious about the option where the whole token responses are JWE encrypted even if TLS is used, with the assymetric key cases; thus allowing for the key being always in a plain base64 URL encoded form (in the case of the key distributions) but also in other cases I guess...We will offer this option for our users as an extension but I wonder if someone else here would find it useful > If the proof key is JWE encrypted to the client what would be the point of encrypting the token as well? I don't think I am quite getting your use case. Encrypting to the client only works if it has a provisioned asymmetric key pair. In the symmetric case the client provides it's secret as part of the request to the token endpoint via http BASIC authentication, so anyone intercepting the https would have that key unless the client is using the JWK assertion flow for authentication (more of an edge case but supported in Connect) Are you thinking that the client would not use it's key for authentication but the AS would encrypt all or part of the response to the key to prevent man in the middle? I will admit looking at it now Sec 4.2 needs to be fleshed out around what keys you could use to encrypt the JWE encoded JWK. I was thinking asymmetric keys but in principal you could use a symmetric key as long as it is not the one used for authenticating the client. John B. > Cheers, Sergey > > On 07/11/14 14:15, John Bradley wrote: >> You don't need to use JWT access tokens, you could use a opaque token and introspect it. However JWT access tokens are likely the simplest answer for getting the clients proof key to the RS. >> >> in http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution you can register a secret for the client and encrypt a symmetric key to it, if you want to use symmetric proofs for the RS. >> >> For performance using symmetric proofs to the RS is not a bad option. >> >> If the client is a server and has appropriate hardware protection for asymmetric keys then using a asymmetric key protected by a HSM is going to be the most secure. >> >> For native public client, they can start the flow with SPOP and when they exchange code and the code verifier get a symmetric proof key for the AT. >> >> SPOP and Proof of possession for AT are complimentary and used to protect different parts of the flow. >> >> The c_hash and at_hash that we added to the id_token in Connect allow a client to determine if a token delivered in the front channel has been tampered with by the user agent. >> (Some AS return at_hash in id_tokens returned from the token endpoint for interoperability, but hat is not required) >> >> John B >> >> >> On Nov 7, 2014, at 8:12 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote: >> >>> Hi >>> On 06/11/14 18:51, Bill Mills wrote: >>>> So you're wanting end to end security not relying on TLS? >>>> >>> I was not really thinking about HTTPS vs HTTP in this case. I'm kind of in the process of appreciating what JWE/JWS can do and I can't help trying to consider it applying at the every possible opportunity :-) >>>> >>>> Have you seen the new draft on protecting codes from interception? >>>> Currently called SPOP but needs a different name. >>>> >>> Do you mean this one: >>> http://tools.ietf.org/html/draft-ietf-oauth-spop-02 >>> ? >>> >>> Yes I did - it's a different mechanism though, I guess it is of most help to the pubic clients, though we do not distinguish in our code, a confidential client can use the SPOP mechanism too. >>> >>> I think the wrapping idea is probably what >>> http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-01#ref-10 >>> >>> talks about with respect to distributing a key using a JWE option. >>> That actually looks interesting; I haven't analyzed it much yet but apparently it is tied to the access token being necessarily in a JWT format, may be I did not get it right yet. >>> >>> I guess it just can be interesting even in the TLS case. I believe people do not mind doing the extra protection even in the TLS cases. >>> >>> Or take the implicit grant; if the wrapped access token reaches a client which is aware of WebCrypto API then it is probably making this grant much more secure... >>> >>> Sergey >>> >>>> On Thursday, November 6, 2014 4:12 AM, Sergey Beryozkin >>>> <sberyozkin@gmail.com> wrote: >>>> >>>> >>>> Hi >>>> >>>> Does it make sense to consider supporting an access token or code >>>> wrapping as part of the standard OAuth2 responses ? >>>> >>>> For example, if a client has registered its public key with AS then say >>>> the access token response would contain the regular >>>> >>>> {"access_token":"1234345"} >>>> >>>> except that "1234345" would actually be a JWE RSA-OAEP wrapped opaque >>>> token with a client's public key being used. Or a direct key encrypted >>>> token if the client and the server only share the client secret >>>> allocated to the client during the registration. >>>> >>>> The net result is that only the registered confidential client would be >>>> able to extract the actual opaque access token. The response would >>>> actually be >>>> >>>> {"access_token":"1234345", wrapped:true}. >>>> >>>> I definitely plan to use this approach as a simple mechanism for making >>>> a safer distribution of mac keys as part of access token responses; but >>>> IMHO it can be handy for minimizing the possibility of the >>>> access/refresh tokens or codes being intercepted... >>>> >>>> Sergey >>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org <mailto:OAuth@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >
- [OAUTH-WG] status of bearer token redelegation dr… Bas Zoetekouw
- Re: [OAUTH-WG] status of bearer token redelegatio… Phil Hunt
- Re: [OAUTH-WG] status of bearer token redelegatio… Richer, Justin P.
- Re: [OAUTH-WG] status of bearer token redelegatio… Bill Mills
- Re: [OAUTH-WG] status of bearer token redelegatio… Phil Hunt
- [OAUTH-WG] Code and token response thumbprints ? Sergey Beryozkin
- [OAUTH-WG] Wrapping access token and codes Sergey Beryozkin
- Re: [OAUTH-WG] Wrapping access token and codes Bill Mills
- Re: [OAUTH-WG] Wrapping access token and codes Sergey Beryozkin
- Re: [OAUTH-WG] Wrapping access token and codes Sergey Beryozkin
- Re: [OAUTH-WG] Wrapping access token and codes Sergey Beryozkin
- Re: [OAUTH-WG] Wrapping access token and codes John Bradley
- Re: [OAUTH-WG] Wrapping access token and codes Sergey Beryozkin
- Re: [OAUTH-WG] Wrapping access token and codes John Bradley
- Re: [OAUTH-WG] Wrapping access token and codes Sergey Beryozkin