[OAUTH-WG] OAuth Proof-of-Possession draft -02 closing open issues

Mike Jones <Michael.Jones@microsoft.com> Mon, 09 March 2015 23:34 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC961A90BC for <oauth@ietfa.amsl.com>; Mon, 9 Mar 2015 16:34:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jp8ywrTHnx56 for <oauth@ietfa.amsl.com>; Mon, 9 Mar 2015 16:33:57 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0132.outbound.protection.outlook.com [207.46.100.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E33871A891E for <oauth@ietf.org>; Mon, 9 Mar 2015 16:33:56 -0700 (PDT)
Received: from CO2PR03CA0035.namprd03.prod.outlook.com (10.141.194.162) by CY1PR0301MB0652.namprd03.prod.outlook.com (25.160.158.146) with Microsoft SMTP Server (TLS) id 15.1.99.9; Mon, 9 Mar 2015 23:33:55 +0000
Received: from BN1BFFO11FD001.protection.gbl (2a01:111:f400:7c10::1:122) by CO2PR03CA0035.outlook.office365.com (2a01:111:e400:1414::34) with Microsoft SMTP Server (TLS) id 15.1.99.9 via Frontend Transport; Mon, 9 Mar 2015 23:33:55 +0000
Received: from mail.microsoft.com (131.107.125.37) by BN1BFFO11FD001.mail.protection.outlook.com (10.58.144.64) with Microsoft SMTP Server (TLS) id 15.1.112.13 via Frontend Transport; Mon, 9 Mar 2015 23:33:55 +0000
Received: from TK5EX14MBXC292.redmond.corp.microsoft.com ([169.254.1.148]) by TK5EX14HUBC106.redmond.corp.microsoft.com ([157.54.80.61]) with mapi id 14.03.0224.003; Mon, 9 Mar 2015 23:33:51 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth Proof-of-Possession draft -02 closing open issues
Thread-Index: AdBawYCMYNDWzmg2TGGRUnaHTPJ3EQ==
Date: Mon, 9 Mar 2015 23:33:50 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943A2F455FA@TK5EX14MBXC292.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B1680429673943A2F455FATK5EX14MBXC292r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=protection.outlook.com; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com; ietf.org; dkim=none (message not signed) header.d=none;
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; BMV:0; SFV:NSPM; SFS:(10019020)(438002)(209900001)(199003)(189002)(512954002)(2900100001)(106466001)(2930100002)(84326002)(6806004)(86362001)(110136001)(55846006)(92566002)(50986999)(54356999)(16297215004)(2920100001)(104016003)(19580395003)(19625215002)(2656002)(87936001)(229853001)(86612001)(33656002)(85806002)(107886001)(2351001)(102836002)(66066001)(230783001)(19300405004)(19617315012)(2501003)(16236675004)(46102003)(450100001)(62966003)(77156002)(1720100001)(15975445007)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0652; H:mail.microsoft.com; FPR:; SPF:Pass; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB0652;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Microsoft-Antispam-PRVS: <CY1PR0301MB06529BD46D9619F0ABAEF280D71B0@CY1PR0301MB0652.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(5001009); SRVR:CY1PR0301MB0652; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0652;
X-Forefront-PRVS: 05102978A2
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2015 23:33:55.0308 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[131.107.125.37]; Helo=[mail.microsoft.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0652
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/HBwEALyUtsUdlEn9FGUGiVoqn3o>
Subject: [OAUTH-WG] OAuth Proof-of-Possession draft -02 closing open issues
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 23:34:02 -0000

An updated OAuth Proof-of-Possession draft has been posted that address the open issues identified in the previous draft.  Changes were:

*        Defined the terms Issuer, Presenter, and Recipient and updated their usage within the document.

*        Added a description of a use case using an asymmetric proof-of-possession key to the introduction.

*        Added the "kid" (key ID) confirmation method.

Thanks to Hannes Tschofenig for writing text to address the open issues.

This specification is available at:

*        http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02

An HTML formatted version is also available at:

*        http://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-02.html

                                                            -- Mike

P.S.  This announcement was also posted at http://self-issued.info/?p=1354 and as @selfissued.