Re: [OAUTH-WG] JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

Steinar Noem <steinar@udelt.no> Wed, 13 May 2020 15:17 UTC

Return-Path: <steinar@udelt.no>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B12B3A0DAC for <oauth@ietfa.amsl.com>; Wed, 13 May 2020 08:17:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=udelt-no.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qaLdtYo1H4nq for <oauth@ietfa.amsl.com>; Wed, 13 May 2020 08:17:08 -0700 (PDT)
Received: from mail-oo1-xc2c.google.com (mail-oo1-xc2c.google.com [IPv6:2607:f8b0:4864:20::c2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF273A0D59 for <oauth@ietf.org>; Wed, 13 May 2020 08:15:29 -0700 (PDT)
Received: by mail-oo1-xc2c.google.com with SMTP id s139so26127oos.1 for <oauth@ietf.org>; Wed, 13 May 2020 08:15:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=udelt-no.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C7UmsEmINal0nZ3CJqnCFipv7Qib3JS8Rvi9sMXvOAs=; b=KZqhZO1PIbLSD6NDj6Dyr+FnQ/NC7DqQb9axDa5x+iO89apBwv8INEcjA76rYRuI9p SEYVwzfx8k89QoUy6r212rcGHg67/2JjXO89xM/yPzpzaANYxV1dXTVlyGj5MfnMfhWn 7/M6m2v5vXZKPXgGSmNSZHDvYoKnQCm/bEq3AMP6GHf8Qsx0NJ8rQfP8fhRxC854LiNh 67H6JDffNzB30/nrhefiedSBMs5QWF/1eHfzOnhG0iGYbD78J2NPSnIJnfiFEcUfXhNm 6pQq5SmQAHSo27buu5hcchq7B+GgtpK8UdcA4HlBziPeyhsm5hg5/pmV0A05R1PIczJE GGmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C7UmsEmINal0nZ3CJqnCFipv7Qib3JS8Rvi9sMXvOAs=; b=HwuuiKh59Bp7EGi6H/onh5SMqj7tUlGaVDZM/JkcuSzNobwlFEn3x+fmzqnGDXYg4z v2qis2SjPCybUc7qlTIDsfR2kvKse4gYkMkSJgLNTs1m+Z611r4Y7A12vDHfSambAk9g 8hEcJBsU4Vzy6rfgkGD898QsjSLMEPzRCg/FmpyoCRRHRaPAugf0BabGAZprCSxNKNry HdiqGh8/lCkTCsUjsXbA3SPnFT3eR31z6BjqouJMLD3jDo3qRQaW6AclFH2OnnraTlbf rz1PngVnEhjKm9ogRNRGxWu/YYpPaluw4hPKOmRzMbvXqohBEq/eUmsele0UlXQ3fY81 ZQ6A==
X-Gm-Message-State: AGi0PuZwOsA1RiU0t2IrpA4Cm9uiWYVZ3UNIjEYf9c+SK5YqZIExcAXu GYCq6pRHSeE63T07cjkA7nortxWMEIT59XKirN8lVg==
X-Google-Smtp-Source: APiQypJju+ZMpiA9zrht/d1OSmt7fsukBqZzJ+HlYX4gwAomPLEO5KZfO5Y/prObQ9seGuIwIhnR8jck5Vzkiew1v38=
X-Received: by 2002:a4a:e60d:: with SMTP id f13mr21983144oot.6.1589382927662; Wed, 13 May 2020 08:15:27 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP8t4oVUpoqOFhb-Aft-5C4Z2F9O2vBxh6QxmkHrWkN_gw@mail.gmail.com>
In-Reply-To: <CADNypP8t4oVUpoqOFhb-Aft-5C4Z2F9O2vBxh6QxmkHrWkN_gw@mail.gmail.com>
From: Steinar Noem <steinar@udelt.no>
Date: Wed, 13 May 2020 17:15:16 +0200
Message-ID: <CAHsNOKdh9-Pn_WDhE7wXajYAF5ZVpeu=aDPbKWYh5QTcnkBPCA@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Cc: IETF oauth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d0d8e905a5890ce2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/EC-iBfcqSp6PH46Y0h8z4zdwA2E>
Subject: Re: [OAUTH-WG] JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 15:17:10 -0000

Sorry for coming late in the game, but I really think that the "sub" claim
should be OPTIONAL instead of REQUIRED.

We are implementing OAuth 2.0 for the Norwegian health sector, where we
have several resources in production already.
I don't think the "sub" claim should have different meaning depending on
the flow - we would prefer to omit the sub claim in cases where the
resource owner isn't present.
This is not possible with the current language. We would like to be able to
choose if and how we use the "sub" - the "client_id" claim will always be
present.


Regards
Steinar

ons. 13. mai 2020 kl. 16:07 skrev Rifaat Shekh-Yusef <
rifaat.s.ietf@gmail.com>gt;:

> All,
>
> Based on the 3rd WGLC, we believe that we have consensus to move this
> document forward.
> https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/
>
> We will be working on the shepherd write-up and then submit the document
> to the IESG soon.
>
> Regards,
>  Rifaat & Hannes
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
Vennlig hilsen

Steinar Noem
Partner Udelt AS
Systemutvikler

| steinar@udelt.no | hei@udelt.no  | +47 955 21 620 | www.udelt.no |