Re: [OAUTH-WG] Implementation Status of "JWT Secured Authorization Request (JAR)"
Dominick Baier <dbaier@leastprivilege.com> Tue, 22 September 2020 05:32 UTC
Return-Path: <dbaier@leastprivilege.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FA4D3A13A8 for <oauth@ietfa.amsl.com>; Mon, 21 Sep 2020 22:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=leastprivilege-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQSxDmHNfAsp for <oauth@ietfa.amsl.com>; Mon, 21 Sep 2020 22:32:36 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 142D83A13AB for <oauth@ietf.org>; Mon, 21 Sep 2020 22:32:35 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id j2so18237881ioj.7 for <oauth@ietf.org>; Mon, 21 Sep 2020 22:32:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leastprivilege-com.20150623.gappssmtp.com; s=20150623; h=from:in-reply-to:references:mime-version:date:message-id:subject:to; bh=bss7A8OUqAMeuN66IqPfpn7gHSfOEqMbC3F0n6RfZEY=; b=Ue1O2+doUx0DGjpl6gKjPdnFBaVJYO3/ESLukZNsNRwt3HmW6LWck0VbopCNKjuYmz lFFO0dVgeAzLEB/FkfM7SZA9Q/LLXOJTML7kOTPCP/rfg1jMh+jXSOEoLG2v9PnKMroo zMUF8BSLerTfH/q9hzD5XC8ReInCbLBViFq9XlwwfvO1AzUbHRwSl1iNB9DRuwavvgmg PgpnlMqIrMa1QT+d5i5uBytsSby2wK3IAWPMETEYMhxacjz4VWYMYgYyJKNxX4D0evig yzadAdjGjL4AfDsT//vpchllxOpFW2IcPTJzY/goAwRO9TqrZm2noZUSfrSHZrSl5JTF Fi3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to; bh=bss7A8OUqAMeuN66IqPfpn7gHSfOEqMbC3F0n6RfZEY=; b=TUQQQWCR9jCxlFiABoPwrMJ5uGKSZRRmyQjjEIRUXhuMoDr0XP0lCaurWckl2e8GEu eCW37sDhsCLWEc4g70g/TN9HLd1lBUbajL7y7fxTURpEBDATP7hO2WyYkTwsFi6R3c0s KXNREyfCXHUcG2ztmw78OkpWQ92LRnmQaVDS8T6DT3GcSgj++FTyUIlUPEbZgdKy5kDD mjn/xT6ta1e/ZsS3slwgpq3WO/0rsvCO8PrPA8CAz8fpMc73xCRDvH2NJBdCf6d+IQIc 84Xpq+b33D7yQzzF8gU2/9OMjcAXpL2DxNKVtUzI2YNcfN3MeQL0nMhNBp1Mi43ZcPr4 bQ6A==
X-Gm-Message-State: AOAM530xWpgoAHyQKdH2zW28h3uMACAYAh5vpGOKmKGK5ldjAAUSNgey C7tVwqJxEIL2VobMeXsTk3MnIlttSq3FF9ub0S+5O1ut4k3+
X-Google-Smtp-Source: ABdhPJyd1PUwcSrV2+KMyeXDa4lxwiJfAPNZW6TwVoMhwebzAFZSYVSL5g3qrcqAWc96AOhQpTVTFuLl2dNBxK/eYiU=
X-Received: by 2002:a05:6602:2f07:: with SMTP id q7mr2217875iow.191.1600752755088; Mon, 21 Sep 2020 22:32:35 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 22 Sep 2020 01:32:34 -0400
From: Dominick Baier <dbaier@leastprivilege.com>
In-Reply-To: <AM0PR08MB3716CAFF95F9A68853CBEE67FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB3716CAFF95F9A68853CBEE67FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
MIME-Version: 1.0
Date: Tue, 22 Sep 2020 01:32:34 -0400
Message-ID: <CAO7Ng+uRsyPY2V0G3aZ01MdnvCfZR1AS4gC2wzkn4Jwn9iBQ6Q@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@arm.com>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000057342f05afe04bac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Fd-0uJhKd_2xKuyD5mUIChoYycg>
Subject: Re: [OAUTH-WG] Implementation Status of "JWT Secured Authorization Request (JAR)"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 05:32:39 -0000
Also IdentityServer implements JAR https://github.com/IdentityServer ——— Dominick Baier On 21. September 2020 at 21:22:17, Hannes Tschofenig ( hannes.tschofenig@arm.com) wrote: Hi all Because some procedural issues I have to update the shepherd writeup of the JAR document and I wanted to verify whether the implementations listed in https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_JAR.txt (copied below) are still inline with the latest version of https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-30 (given the changes the document has gone through*). ----- List of implementations ----- As part of the OpenID Foundation certification program the following implementations of OpenID Connect Core indicate support for this functionality: * CZ.NIC mojeID, * Thierry Habart's SimpleIdentitySever v.2.0.0, * Roland Hedberg's pyoidc 0.7.7, * Peercraft ApS's Peercarft, * MIT's MITREidConnect, * Gluue Server 2.3, * Filip Skokan's node-oidc pre supports. Authlete (https://www.authlete.com/), a commerical, closed source server implementation, has also implemented this specification and is offering it. There is an open source implementation from NRI in PHP and Scala. NRI's Open Source PHP: https://bitbucket.org/PEOFIAMP/phpoidc ----- Ciao Hannes PS: List of changes from the current draft to the one when I wrote my shepherd writeup: http://tools.ietf.org//rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-oauth-jwsreq-09.txt&url2=https://tools.ietf.org/id/draft-ietf-oauth-jwsreq-30.txt IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Implementation Status of "JWT Secured … Hannes Tschofenig
- Re: [OAUTH-WG] Implementation Status of "JWT Secu… Dominick Baier