Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00
Justin Richer <jricher@mit.edu> Tue, 10 May 2016 12:57 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4EF012D5B9; Tue, 10 May 2016 05:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.196
X-Spam-Level:
X-Spam-Status: No, score=-5.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zl7N8RBuMPgl; Tue, 10 May 2016 05:57:37 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FF8912B03D; Tue, 10 May 2016 05:57:36 -0700 (PDT)
X-AuditID: 12074423-58fff7000000258f-cc-5731dabf32f1
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id E5.63.09615.FBAD1375; Tue, 10 May 2016 08:57:35 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id u4ACvYaS010547; Tue, 10 May 2016 08:57:34 -0400
Received: from [10.20.11.38] ([65.115.200.131]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u4ACvRlP031382 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 10 May 2016 08:57:30 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_EF532274-2CD8-4C78-BC6B-DE6F810A1E2D"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <SN1PR0301MB1645A1F955468253B8EF4782F5710@SN1PR0301MB1645.namprd03.prod.outlook.com>
Date: Tue, 10 May 2016 07:57:27 -0500
Message-Id: <5E85AFAC-07D3-4499-A5B2-5FEC69409913@mit.edu>
References: <D356A330.34F31%kepeng.lkp@alibaba-inc.com> <57309F46.9040705@tzi.org> <89B6F196-D08F-4FBD-9F0D-5B250284048F@mit.edu> <CA+KYQAuF-AzXEBQFo0-2VoCSBnCAPTAvHRwwngDUQcFgk0Q4SQ@mail.gmail.com> <SN1PR0301MB1645A1F955468253B8EF4782F5710@SN1PR0301MB1645.namprd03.prod.outlook.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.3124)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrAKsWRmVeSWpSXmKPExsUixG6nrrv/lmG4wbN5ahbfv/UwWxyZcpfV YtrWqawWXyc0sVos3XmP1aJhZ77F5flFFnunfWKxOPn2FZsDp8fEtx9ZPHbOusvusXjTfjaP JUt+Mnm07vjL7jFtUabHmmkzWALYo7hsUlJzMstSi/TtErgyuh9dYCo408pYce9+A1sD48Li LkZODgkBE4kDf48xdzFycQgJtDFJvLz5nhHC2cgocW/JZVYIZw2TxJHj51hAWpgFEiRuv1oI ZvMK6ElsWv+WCcQWFgiTaPx9E8xmE1CVmL6mBczmFEiUOHr8OzuIzQIUv/pzL9hQZoEvTBKz p/0EcjiABllJzNwlCLFsNpPEvgWTWUEaRAR0JB5f/MYGcausxJOTi1gmMPLPQnLHLCR3QMS1 JZYtfM0MYWtK7O9ezoIpriHR+W0i6wJGtlWMsim5Vbq5iZk5xanJusXJiXl5qUW6Znq5mSV6 qSmlmxjBEeWivIPxZZ/3IUYBDkYlHt4dXIbhQqyJZcWVuYcYJTmYlER5BacAhfiS8lMqMxKL M+KLSnNSiw8xSnAwK4nwRl4GyvGmJFZWpRblw6SkOViUxHkZGRgYhATSE0tSs1NTC1KLYLIy HBxKEryzbgI1ChalpqdWpGXmlCCkmTg4QYbzAA2fC1LDW1yQmFucmQ6RP8WoKCXOWwWSEABJ ZJTmwfWCEp5j8YnmV4ziQK8I874AqeIBJku47ldAg5mABsux6YMMLklESEk1MHbKrGzb2PNJ U1ksaobdPsN/eyumVbuazbrUrBL/+lRpdVS32ovXc5Jm55idehif/WTithVvopkNPGWOrDLM lGy89ezlhMzrGpXrcj+9bms5FbmgVPfeway3gs9f3dp7ntNYaof+tXBDx8jXdzMvHr8x92b3 73gRcc8s+8QGI72lxyRPWtx7+02JpTgj0VCLuag4EQCP/Uo5UwMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/JnBx3y8eSxLzaHBx8Q6r1wYOU2A>
Cc: "ace@ietf.org" <ace@ietf.org>, "<oauth@ietf.org>" <oauth@ietf.org>, cose <cose@ietf.org>
Subject: Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2016 12:57:41 -0000
You’re missing my original complaint: Until this token can be directly encoded into web technologies, like HTTP headers and HTML pages, then it has no business being called a “Web” anything. As it is, it’s a binary encoding that would need an additional wrapper, like base64url perhaps, to be placed into web spaces. It can be used in CoAP and native CBOR structures as-is, which is what it’s designed to do. The “web” part of JWT is very important. A JWT can be used, as-is, in any part of an HTTP message: headers, query, form, etc. It can also be encoded as a string in other data structures in just about any language without any additional transformation, including HTML, XML, and JSON. This makes the JWT very “webby”, and this is a feature set that this new token doesn’t share. Ergo, it has no business being called a “web” token regardless of its heritage. Both CBOR Token and COSE Token are fine with me. — Justin > On May 10, 2016, at 3:50 AM, Mike Jones <Michael.Jones@microsoft.com> wrote: > > I also feel strongly that the name should remain CBOR Web Token. CWT is a beneficiary of the intellectual and deployment heritage from the Simple Web Token (SWT) and JSON Web Token (JWT). CWT is intentionally parallel to JWT. The name should stay parallel as well. > > The “Web” part of the “CBOR Web Token” name can be taken as a reference to the Web of Things (see https://en.wikipedia.org/wiki/Web_of_Things <https://en.wikipedia.org/wiki/Web_of_Things>). As Erik correctly points out JSON is not the only data representation that makes things in the Web and the Web of Things. > > -- Mike > <> > From: Ace [mailto:ace-bounces@ietf.org] On Behalf Of Erik Wahlström > Sent: Tuesday, May 10, 2016 1:44 AM > To: Justin Richer <jricher@mit.edu> > Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>; Kepeng Li <kepeng.lkp@alibaba-inc.com>; ace@ietf.org; Carsten Bormann <cabo@tzi.org>; Hannes Tschofenig <hannes.tschofenig@gmx.net>; <oauth@ietf.org> <oauth@ietf.org>; cose <cose@ietf.org> > Subject: Re: [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00 > > Or keep the CBOR Web Token (CWT) for two major reasons: > - To show the very close relationship to JWT. It relies heavily on JWT and it's iana registry. It is essentially a JWT but in CBOR/COSE instead of JSON/JOSE. > - I would not say that JWT is the only format that works for the web, and it's even used in other, non-traditional, web protocols. That means I don't have a problem with the W in CWT at all. Why would JSON be the only web protocol? > > Then we also have one smaller (a lot smaller) reason, it's the fact that it can be called "cot" just like JWT is called a "jot" and I figured that our "cozy chairs" would very much like that fact because then it's essentially a "cozy cot" :) > > / Erik > > > On Tue, May 10, 2016 at 2:49 AM, Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> wrote: > We can also call it the “COSE Token”. As a chair of the COSE working group, I’m fine with that amount of co-branding. > > — Justin > > > On May 9, 2016, at 9:31 AM, Carsten Bormann <cabo@tzi.org <mailto:cabo@tzi.org>> wrote: > > > >> draft-ietf-ace-cbor-token-00.txt; > > > > For the record, I do not think that ACE has a claim on the term "CBOR > > Token". While the term token is not used in RFC 7049, there are many > > tokens that could be expressed in CBOR or be used in applying CBOR to a > > problem. > > > > ACE CBOR Token is fine, though. > > (Or, better, CBOR ACE Token, CAT.) > > > > Grüße, Carsten > > > > _______________________________________________ > > COSE mailing list > > COSE@ietf.org <mailto:COSE@ietf.org> > > https://www.ietf.org/mailman/listinfo/cose <https://www.ietf.org/mailman/listinfo/cose> > > _______________________________________________ > Ace mailing list > Ace@ietf.org <mailto:Ace@ietf.org> > https://www.ietf.org/mailman/listinfo/ace <https://www.ietf.org/mailman/listinfo/ace>
- [OAUTH-WG] Call for adoption for draft-wahlstroem… Kepeng Li
- Re: [OAUTH-WG] Call for adoption for draft-wahlst… Mike Jones
- Re: [OAUTH-WG] [Ace] Call for adoption for draft-… Samuel Erdtman
- Re: [OAUTH-WG] [Ace] Call for adoption for draft-… Erik Wahlström
- Re: [OAUTH-WG] [COSE] [Ace] Call for adoption for… Justin Richer
- Re: [OAUTH-WG] [Ace] Call for adoption for draft-… Kepeng Li
- Re: [OAUTH-WG] [Ace] Call for adoption for draft-… Carsten Bormann
- Re: [OAUTH-WG] [COSE] [Ace] Call for adoption for… Justin Richer
- Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for… Erik Wahlström
- Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for… Mike Jones
- Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for… Justin Richer
- Re: [OAUTH-WG] [COSE] [Ace] Call for adoption for… Phil Hunt (IDM)
- Re: [OAUTH-WG] [COSE] [Ace] Call for adoption for… Justin Richer
- Re: [OAUTH-WG] [Ace] [COSE] Call for adoption for… Erik Wahlström