[OAUTH-WG] JWT: add "iss" and "aud" to Reserved Header Parameter Names in JWE

Dick Hardt <dick.hardt@gmail.com> Wed, 01 May 2013 21:12 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D01C21F9B44 for <oauth@ietfa.amsl.com>; Wed, 1 May 2013 14:12:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sZC0Rl9Z1AZx for <oauth@ietfa.amsl.com>; Wed, 1 May 2013 14:12:17 -0700 (PDT)
Received: from mail-pd0-f171.google.com (mail-pd0-f171.google.com [209.85.192.171]) by ietfa.amsl.com (Postfix) with ESMTP id 5937421F9B2F for <oauth@ietf.org>; Wed, 1 May 2013 14:12:17 -0700 (PDT)
Received: by mail-pd0-f171.google.com with SMTP id t10so1002742pdi.30 for <oauth@ietf.org>; Wed, 01 May 2013 14:12:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:content-type:content-transfer-encoding:subject :message-id:date:to:mime-version:x-mailer; bh=yukM5PX54GJCtAlz011G4G9aV8QiXuKxVUrnYl54fCY=; b=EQtP9ULpdcFb2ygZsCzP8AxKULwvWZx+Pwhy3snkN3IKCpaeG1q/zx5sOXoUKvSqfA khx/AI55YtyHgZoLNsNidtnapR88dIl53kSCmoiC0qXGQkIo9DgppMxI2I2tVwMb8iiV HaWII3lmuSwkJVrWwUevWx42t/7v9Ombz8WbhuDqK3CBQqfDmHSkG1DeUY1ji8htGB9X 8Ej7ywhBlvz1byoeh8zHj/RnB+u6FlkRWHdeTY9w0osPyyZmwNM3pRXY3cR6X0aJDIPr uzyaxok7yOsPfiSQNJiFzd0pf0XjLlvrohfl5zsnISd7Vz3jSxdPAIY+hAXTAhxSzO8p uJnw==
X-Received: by 10.67.3.2 with SMTP id bs2mr6800343pad.132.1367442736968; Wed, 01 May 2013 14:12:16 -0700 (PDT)
Received: from [10.0.0.80] (c-98-210-193-30.hsd1.ca.comcast.net. [98.210.193.30]) by mx.google.com with ESMTPSA id sg4sm4337866pbc.7.2013.05.01.14.12.15 for <oauth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 01 May 2013 14:12:15 -0700 (PDT)
From: Dick Hardt <dick.hardt@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Message-Id: <4858A2E2-6F15-4D25-9909-E8F2AA15797E@gmail.com>
Date: Wed, 1 May 2013 14:12:14 -0700
To: O Auth WG <oauth@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
X-Mailer: Apple Mail (2.1503)
Subject: [OAUTH-WG] JWT: add "iss" and "aud" to Reserved Header Parameter Names in JWE
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 May 2013 21:12:23 -0000

"iss" and "aud" would be optional parameters in a JWE. These parameters are in the payload, but since it is encrypted, the payload must be decrypted before they can be read. Some times knowing these parameters is required to be able to decrypt the payload …

These would be additions to 9.3.1 in the JWT specification.

Why "iss" is needed:

Bob and Charlie each gave Alice a KID and a symmetric key to use to verify and decrypt tokens from them. 

The App and Alice share keys so Alice knows it is the App.

The User authorizes Bob to give the App a token (which authorizes the App to do something)

The App gives the token to Alice.

Since Alice indirectly received the token,  the only way for Alice to know who sent the token, is to look at the KID as the "iss" claim is encrypted. If the "kid" values are GUIDs, then Alice can just look up the "kid" and retrieve the associated symmetric key, and then decrypt and verify the token and THEN see who sent it. If there is a collision in KID values (Bon and Charlie gave the same KID for different keys), then Alice will not know which symmetric key to use.

Why "aud" is needed:

Dave gives a KID and symmetric key to Ellen, and Frank gives a KID and symmetric key to Gwen. 

Ellen and Gwen trust each other and know how to talk to each other. Gwen does not know Dave. Ellen does not know Frank

The App and Gwen share keys so Gwen knows it is the App.

The User authorizes Dave to give the App a token

Dave gives the token to Gwen (Dave does not have a relationship with Ellen)

Gwen now has a token that Ellen can decrypt and verify, but has no method for knowing that Ellen can do that. The "aud" property would allow Gwen to give the token to Ellen to decrypt and verify.