Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-access-token-jwt-07.txt
Vittorio Bertocci <vittorio.bertocci@auth0.com> Mon, 27 April 2020 18:29 UTC
Return-Path: <vittorio.bertocci@auth0.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B72E3A1693 for <oauth@ietfa.amsl.com>; Mon, 27 Apr 2020 11:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auth0.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2zEGu6Myv03P for <oauth@ietfa.amsl.com>; Mon, 27 Apr 2020 11:29:28 -0700 (PDT)
Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0F643A0C57 for <oauth@ietf.org>; Mon, 27 Apr 2020 11:29:25 -0700 (PDT)
Received: by mail-pg1-x531.google.com with SMTP id d17so9076331pgo.0 for <oauth@ietf.org>; Mon, 27 Apr 2020 11:29:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=auth0.com; s=google; h=from:to:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=9M7O7QSw0Va+3zwNvH8cog3Yq5Jtc0e8/SJVh6Ej12o=; b=bgopsXpkzDUEuz+2rmMnL2z163dJyk3TwWtX5CeOEL8ErkS+E5Ack31wBOZomKhUgu zEx56Gsje89T+PStQnFDE8GnA0GlmU9gesDlSGxRh1V6jCft/oWZc6GtJATCEmPac/qv Z3STvrJqIXjNeKTNI48OjrfIZBKy93tyMHwnyGFNy3OV9WvGzlkI0bgzofECOolt4l8p uegZQoOm5+TINvLod7vp22ZGJCwc/WB3NvARitWOJBchEsqGyjPTM6wpPfQapiqZeAfK 3uTN25Ucu/Y4uIljohaTnhQ9oMD8fTbS1Z5Zki1B82f4ZYMAXdvQh9j8bTv28UYdA0S+ Zw/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:thread-topic:thread-index:date :message-id:references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=9M7O7QSw0Va+3zwNvH8cog3Yq5Jtc0e8/SJVh6Ej12o=; b=t6nz5iYq0ykjJ1A1W7/YhphAAmU10cCeB/zBm2q/R8j71Crq+1OApwxOL6q7Y42uI3 s844zD5Vo1gE82YV1lL9GwmhKvVDYcgnV7OCFBA14DiKOW2/hyjKvKRgZSIEl4lf+60a j9YjoFKszXF8pjP5srscQYfI/GLGHSLq7ZBX/k/T6jPrgWEuZ6zPaJfhaO5VOERJ9FOe bX5p/KQvmcIbyfuRQyeswQHp3yBV63CNMBEEcUFgLohAlGfvL4vCM6/wAKKKqnUHGXuY EhjAuE1gLVluTpwkwmtWreYeUqHvfoW1bp1TOOi+pspHgHnxnm4dKJk6EQQc94hr+bj9 bJjg==
X-Gm-Message-State: AGi0PuYSAtmbPeeshjmColrXIrAaq4L0NZPcVreD1YRtY0nAxio6Xcgl iZnj2DdcYBnaedO+03tL1VXhOsxSLNCnGY1Zphc48+q3NVMLthg96yw1GANovTzt5mbbjjGY4Yx bR3Px9ha6xS0mjPlqC8aec7oz26gV6rSAPNoI9j3KF56EWNUiRfneZljx2y33O5VrmQ==
X-Google-Smtp-Source: APiQypJf1gH5d2XoFRe+Cd0A+bYKCJwtnYb7iOJtuWj/MyqPjOnCcYtrqTncHvGluhNltRZtjEGKtw==
X-Received: by 2002:a62:3c5:: with SMTP id 188mr24905450pfd.41.1588012164529; Mon, 27 Apr 2020 11:29:24 -0700 (PDT)
Received: from MWHPR19MB1501.namprd19.prod.outlook.com ([2603:1036:120:1d::5]) by smtp.gmail.com with ESMTPSA id a2sm12913348pfg.106.2020.04.27.11.29.24 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Apr 2020 11:29:24 -0700 (PDT)
From: Vittorio Bertocci <vittorio.bertocci@auth0.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-access-token-jwt-07.txt
Thread-Index: ATQzODE5SVVygopWvzbdJoJXmDhTisPTEylj
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Mon, 27 Apr 2020 18:29:23 +0000
Message-ID: <MWHPR19MB1501509074E55ABF2E9DC996AEAF0@MWHPR19MB1501.namprd19.prod.outlook.com>
References: <158801203979.26415.5550810597232016504@ietfa.amsl.com>
In-Reply-To: <158801203979.26415.5550810597232016504@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/IX07Dt5VtjHHjS4EDgfPVjYMv70>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-access-token-jwt-07.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2020 18:29:36 -0000
Dear all, Thanks for all the feedback at the last round. Here’s a new version of the draft incorporating your suggestions. Main changes: -Added the None prohibition in section 2.1 as well -Incorporated language suggestions from Dominick (and fixed the spelling of his last name ;)) -Clarified cases in which identity claims might appear in a JWT AT -Various typos, formatting issues fixed On 4/27/20, 11:27, "OAuth on behalf of internet-drafts@ietf.org" <oauth-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens Author : Vittorio Bertocci Filename : draft-ietf-oauth-access-token-jwt-07.txt Pages : 19 Date : 2020-04-27 Abstract: This specification defines a profile for issuing OAuth 2.0 access tokens in JSON web token (JWT) format. Authorization servers and resource servers from different vendors can leverage this profile to issue and consume access tokens in interoperable manner. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-07 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-access-token-jwt-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-access-token-jwt-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-access-to… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-acces… Vittorio Bertocci
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-acces… Tangui Le Pense
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-acces… Justin Richer