IETF Logo Mail Archive

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-access-token-jwt-03.txt

Brian Campbell <bcampbell@pingidentity.com> Wed, 18 December 2019 21:30 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05FC1208A8 for <oauth@ietfa.amsl.com>; Wed, 18 Dec 2019 13:30:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CaC8xUZu8JbI for <oauth@ietfa.amsl.com>; Wed, 18 Dec 2019 13:30:46 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33470120836 for <oauth@ietf.org>; Wed, 18 Dec 2019 13:30:46 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id u71so3779391lje.11 for <oauth@ietf.org>; Wed, 18 Dec 2019 13:30:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rCdb0jcCQlF/Y13RWSefGx7aBb8lTyukzZlhz73WUn8=; b=AwFd5rm4viHrL9Magk5m3+y52kYwipwsdNHy3Sskh6Fb6zd6gFBMSqUABf8JsOAogr eWlJGwnSkJO93gfQbckJYrf9uNVnOW60eAsRzrbbJPgQ3C+JuEDaK+pXu0FojQXH3WG6 WOaWPn9w9qowczE+SjQjhVXrK9zTRkX+uUJJZnQFJK2pXnhMGKemR9Jy2hWZwaFFD8ho dhPXg05DNGczn6nZ692NEiB5OVe0US8E4sB5ErSLAQDGtkWGx8Cn0K4Ly5wF5GtYhXUi WWeoswmymqD3gm4Mq8Wp+5O6d0g3yB2zmfuMRppvoYCx8/35DZG0o2jbs727LUPtfHc+ Kjdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rCdb0jcCQlF/Y13RWSefGx7aBb8lTyukzZlhz73WUn8=; b=XdyGYRtEFt3Pra2qqpdoitAE5Yij7RrzRtQfl/gM78s7pJ/c2pOseCFCSmXHquAY1N arzucWVwaR68Kd8Sdmcl9LxacVkiv1qmKzU/MDnEdR3dUQrWz6vCMThNK/LKvHoJ/NxC waFqpnH+DqDlEHekVTGcb4Wk3rbLtiK2o7i72LtBg9QLbzqz1IUsU+PHCTKSyb6ltXp2 3ON4q8fu6ittpJYBMP9udRGLSgdyar9X8PYnViAAWa56OKOUe/mWRHDGnpmUiOjog6ot h+GZ3GzhuFjO5kSQ9vmd8uQAblPkGFWRq5y4CK3vykPe7mMkZmVHnd8rallC4GJVVfzo 2h2w==
X-Gm-Message-State: APjAAAXpv6FhrjDoBQR38k/8/qdJNTZCXjN9THJApyUKtbzZMAQzuhg3 JKOmKNWDxGfpZ3MT6yT/aJT688szKTYebk0Is+2g9X4aKKD0ffqVQ6pyHi3ICxwL1oXfI5cPlXb ZteGnq3ZdCWUsMw==
X-Google-Smtp-Source: APXvYqy/FXmPw1mZAwWmYKlm15hpL2LSbyzcLz2rfZm/ncH5EmP4WR6ZwlzFvMD0rksN2a58Tlypf96LNQs4igOlmuI=
X-Received: by 2002:a2e:7005:: with SMTP id l5mr3499284ljc.230.1576704644459; Wed, 18 Dec 2019 13:30:44 -0800 (PST)
MIME-Version: 1.0
References: <157653653318.24509.15075582637514649078@ietfa.amsl.com> <CAO_FVe4jYtrCiGAFSKQo2UF2WDCu8Yf8ww9_biMoW4TJPQ2Qpw@mail.gmail.com> <AE9BAC29-50B0-4DAD-B27D-02EC803537A9@amazon.com> <CAO_FVe7=+G+Zc8VHbr=3Zt9w9v-1G6njRC-qPJFpwKMjBrY1Dg@mail.gmail.com> <CAO_FVe6Y-vaw_jVv9GUj0wkuOFXO9Lvd-Uq2HU87NQQ=SfFCnA@mail.gmail.com>
In-Reply-To: <CAO_FVe6Y-vaw_jVv9GUj0wkuOFXO9Lvd-Uq2HU87NQQ=SfFCnA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 18 Dec 2019 14:30:18 -0700
Message-ID: <CA+k3eCQA8AezSrASAUG1r6YCGLYcc_t3m9g5k+0iH78z4=ynuA@mail.gmail.com>
To: Vittorio Bertocci <Vittorio=40auth0.com@dmarc.ietf.org>
Cc: "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>, IETF oauth WG <oauth@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003fcd99059a0128e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/MUbrVY2zkXND0twyEcI13Q_1Tog>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-access-token-jwt-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 21:30:48 -0000

On Mon, Dec 16, 2019 at 10:31 PM Vittorio Bertocci <Vittorio=
40auth0.com@dmarc.ietf.org> wrote:

> Re: aliases, I see where the confusion is coming from!
> I updated the request section, but the session 2.2 data structure still
> mentions the aliases. That should be cleaned up as well.
> In any case the intent was always to only allow a singe resource per AT,
> the alias list was only for helping in cases where an AS identifies the
> same resource thru multiple IDs and the actual aud value depends on what ID
> the client requested. However we discussed this with Brian and he convinced
> me that it was just too ambiguous- your remark reinforces that impression.
> I’ll clean up 2.2 and eliminate references to aliases from there as well.
> Thanks!
>

Yes, please clean up sec 2.2.

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.23.0 | Report a Bug | By Email