Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Fri, 25 October 2019 14:02 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B86B120884 for <oauth@ietfa.amsl.com>; Fri, 25 Oct 2019 07:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S27AsdzqzIPq for <oauth@ietfa.amsl.com>; Fri, 25 Oct 2019 07:02:53 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9C0212007C for <oauth@ietf.org>; Fri, 25 Oct 2019 07:02:53 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id p6so2522209iod.7 for <oauth@ietf.org>; Fri, 25 Oct 2019 07:02:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aWBxxtpOyFBW/s1vMq8rTHpMWLH2i+0Osw1c42KjKLA=; b=T5VQuN4yinUP1isWwfTZSD/RWaBIWYPRjS4+8auzctg8RXJLHVMFPgLcCHNmv9KM34 VUou6UU5xp18/9117Dn0uWnSj5FWL+cDkRnY6i2UMdQ+DEFdWyzf13LG7VSc4Ue4rsZY a7LJb0V4LGGbI6TcSp+cjpl09VWWZF8dutmcSuUSfpsxwch9gdumyQVWY8yqfcXVD2fj qQe7eJreK2QgEr+hUSLqntT+LAqZGCBL+P+OeP5xn52oA4BY6DQ0pp7vRye/8HR1ykFO Nj9rNbAMglFaiQCrUvR7s2DFKS0w4aNMAwrVNt5Md7Q51C3/FHf8HG+JS2eCwc61Cwit NSUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aWBxxtpOyFBW/s1vMq8rTHpMWLH2i+0Osw1c42KjKLA=; b=GI1dmhNWj7gQz/cgSnkuzlLFW6eMvRHDl8jmy2LgO5hLKGu+AzTpnczIP8FYwDBK6l +PHkTuhHGjfkNT2ZFlDBjGE2f50NG7YokoHio/hAZbyolh+p+XTUN7DumsBp/L4D3+az RCFqimvpxNGBgMQmCFmq+iHcqbwYyJPiEqTfbOLcA3FKVjnx3AFc7iq/hkzAVsLTstdR guw3DbxUmmOFIIseODSgymUuMyNZHd6Jc5lBMLED/T5/9yTDZG2r7ZkhuRi6a0aKKfq3 PPWgJ5mbL3yTyalRTgGXybaQ+5R3Pndt96PjjcVjmDAwDWbHYuR+ahDEAJrH1b7qvyit f+CA==
X-Gm-Message-State: APjAAAV14/Bfs/iCY3iIQhhrDty+r3hDMvLcZIKC8sB1SOD5bqQ8U0oR FxaIFr1vP6B4aX83KbBaPH0XMUTYTP01aP5suCYyuKeNr3U=
X-Google-Smtp-Source: APXvYqwH7dxWkUcWE98BFFTnZZTU+9pjIYiKT8PGju2H855lZSCFZAwBVLjomvPqiduMmIOaznrnAEYSFP4u44dPNHM=
X-Received: by 2002:a5d:87ce:: with SMTP id q14mr3660676ios.278.1572012172983; Fri, 25 Oct 2019 07:02:52 -0700 (PDT)
MIME-Version: 1.0
References: <85D42AA1-FF57-4383-BACB-57C5AA32CFAC@lodderstedt.net> <CAEKOcs2gkM3Henz5nS04_EuBQXWWbJU5K02ErP0rnVZXmjxXJQ@mail.gmail.com> <20191021020546.GZ43312@kduck.mit.edu> <CA+k3eCS7pf3wXBkpbXE0AXKUGogo0YcHd8oWfiBfkPB5axGQQw@mail.gmail.com> <8A8B8892-9D16-4210-BC13-47B5D7859976@mit.edu> <20191024170326.GO69013@kduck.mit.edu>
In-Reply-To: <20191024170326.GO69013@kduck.mit.edu>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, 25 Oct 2019 10:02:41 -0400
Message-ID: <CAGL6epJZtTXKSGFj0BfhF3kd_Z-z2xzOWXOPEKXc5m18Z4L1uA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Justin Richer <jricher@mit.edu>, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002746d60595bc9b9c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GMyyb7950z1Eoj2KE_vTrCDQyAE>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 14:02:56 -0000

You might want to look at RFC7239, which is trying to address the issue of
the loss of information by proxies.
https://tools.ietf.org/html/rfc7239

The document does not have a parameter to carry the client certificate
information, but it allows for new parameters to be defined.

Would that help in this case?

Regards,
 Rifaat


On Thu, Oct 24, 2019 at 1:03 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> On Wed, Oct 23, 2019 at 10:13:04AM -0400, Justin Richer wrote:
> >    I also agree. Would it be possible to get this pushed to http or tls?
> It
> >    would be more appropriate there, and very helpful to have a general
> spec
> >    for this.
>
> I think it's possible to get such work done in one of those places, but
> first someone has to actually write a draft.  Barring that, a HotRFC or
> secdispatch slot in Singapore would probably be good for drumming up
> interest.  In related news, I am told that draft-duke-quic-load-balancers
> had some time in the QUIC interim this month, and may be moving towards
> adoption, so time may be short if we want to have a fully general solution.
>
> -Ben
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>