Re: [OAUTH-WG] JSON Web Token Best Current Practices draft describing Explicit Typing
"Phil Hunt (IDM)" <phil.hunt@oracle.com> Tue, 04 July 2017 19:58 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05C7131A21 for <oauth@ietfa.amsl.com>; Tue, 4 Jul 2017 12:58:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwDalDDRzH8a for <oauth@ietfa.amsl.com>; Tue, 4 Jul 2017 12:58:13 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EEE413178D for <oauth@ietf.org>; Tue, 4 Jul 2017 12:58:13 -0700 (PDT)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v64JwCNx017415 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 4 Jul 2017 19:58:12 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v64JwBT6003702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 4 Jul 2017 19:58:12 GMT
Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v64JwBUN016450; Tue, 4 Jul 2017 19:58:11 GMT
Received: from [25.163.1.58] (/72.143.232.81) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 04 Jul 2017 12:58:11 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail-E6FC04A8-598C-4864-806C-B77A7B866FDF"
Mime-Version: 1.0 (1.0)
From: "Phil Hunt (IDM)" <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (14F89)
In-Reply-To: <CY4PR21MB0504A6F0739B0F3EFA46AE54F5D70@CY4PR21MB0504.namprd21.prod.outlook.com>
Date: Tue, 04 Jul 2017 12:58:05 -0700
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <4524B6AF-E350-4D58-8ACC-1554D2506191@oracle.com>
References: <CY4PR21MB0504A6F0739B0F3EFA46AE54F5D70@CY4PR21MB0504.namprd21.prod.outlook.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Dvaz9wmZCoFdhdAlk6B4arMrd3g>
Subject: Re: [OAUTH-WG] JSON Web Token Best Current Practices draft describing Explicit Typing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 19:58:15 -0000
+1 Thanks Mike. Phil > On Jul 4, 2017, at 12:43 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > > The JWT BCP draft has been updated to describe the use of explicit typing of JWTs as one of the ways to prevent confusion among different kinds of JWTs. This is accomplished by including an explicit type for the JWT in the “typ” header parameter. For instance, the Security Event Token (SET) specification now uses the “application/secevent+jwt” content type to explicitly type SETs. > > The specification is available at: > https://tools.ietf.org/html/draft-sheffer-oauth-jwt-bcp-01 > > An HTML-formatted version is also available at: > http://self-issued.info/docs/draft-sheffer-oauth-jwt-bcp-01.html > > -- Mike > > P.S. This notice was also posted at http://self-issued.info/?p=1714 and as @selfissued. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] JSON Web Token Best Current Practices … Mike Jones
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Phil Hunt (IDM)
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Brian Campbell
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Mike Jones
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Justin Richer
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Dick Hardt
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Brian Campbell
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Mike Jones
- Re: [OAUTH-WG] JSON Web Token Best Current Practi… Brian Campbell