IETF Logo Mail Archive

[OAUTH-WG] Using Referred Token Binding ID for Token Binding of Access Tokens

Mike Jones <Michael.Jones@microsoft.com> Tue, 20 September 2016 12:16 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6309612B2DD for <oauth@ietfa.amsl.com>; Tue, 20 Sep 2016 05:16:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0URD64WwFWE for <oauth@ietfa.amsl.com>; Tue, 20 Sep 2016 05:16:56 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0120.outbound.protection.outlook.com [104.47.37.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 923E712B2DC for <oauth@ietf.org>; Tue, 20 Sep 2016 05:16:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=55/GVMyuO9+t4LMTDgc1QljMeI4Ovxp0Nkl2dZtINaQ=; b=Xhe3b2/rwZeuLT5r3UIk2qmUC9zOC46aa2jKki/V5DdtWnHRQuk77xS53F1/kK+T6sRAgF9gRRxYP6/5nU/jUBgdI7dqAmMv5Lc5plt3F3B7VXXFwwZgZm4WSxtYibgHAh2NtLaBD95Kl3VcHfCY34i1RAwGDXmQOH26vdcckcs=
Received: from CO2PR03MB2358.namprd03.prod.outlook.com (10.166.93.18) by CO2PR03MB2358.namprd03.prod.outlook.com (10.166.93.18) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.599.9; Tue, 20 Sep 2016 12:16:54 +0000
Received: from CO2PR03MB2358.namprd03.prod.outlook.com ([10.166.93.18]) by CO2PR03MB2358.namprd03.prod.outlook.com ([10.166.93.18]) with mapi id 15.01.0599.016; Tue, 20 Sep 2016 12:16:54 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Using Referred Token Binding ID for Token Binding of Access Tokens
Thread-Index: AdITLN3AvEZSb1qWQgWbF/NlQqhekw==
Date: Tue, 20 Sep 2016 12:16:54 +0000
Message-ID: <CO2PR03MB2358D7F80F3AB286A38082F6F5F70@CO2PR03MB2358.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [62.28.231.86]
x-ms-office365-filtering-correlation-id: a4292c66-1beb-48cb-eee0-08d3e15002a8
x-microsoft-exchange-diagnostics: 1; CO2PR03MB2358; 6:P/ZvNfXRE7Attgr8KMaOJeP5vtGVg+HAQxQx27+6q9mFl2dZnwFNRqOX27u7upVnoc2RVoobKTyyu2QHOJ6Ew/wdP8yo04iXMBTIdh7RscVwUS5RggqRpbzpiTm8pR/+94RBSuihsr0w5qym3/OTuPQDle394coty5lA8LqacMQUiUxetMwDVFKfzTfuYLKBP7yv0BkbRwePCYjYWDu0huFKsIGQAO6G+0XXIyE7tOJnmRp5yaccsTMnTU2yk07gyGOaLbuPlWz6w7zJ9RqoyfLEcnDuEVccH6NI91TW0VcNqOWHyy3mf8+1Naz+iqf9A6VUcDAmlBULWPlMiSvcxg==; 5:6+t7XBYVo/RqKdI58bObBdf9kCrEVXotaxksJ+SWKRsqau0s60HOw+4lDt7/6Tk/JkipUJEJXMtVPXFTrRH7PYso/bjaLLGkuISsMRY+apRdSrtcrjHVfGy6gBbzHWKNzAMzr6e/4HVwL51Fq7MPqw==; 24:+Cxfka44/YgYSq8NR/ilVvAJMivtvX3RNsggwo90dXM03RqTuNtnTvU1jj/fmHDXbWIAb+7N5e9VLeRpwVDJBLyNmJyzN4JqXpXag/TOVD4=; 7:qrPq1XFoGdqk44R0cPs3p+4LRdjE1k4CS08s9D1icnmBCmX9prShYK6kjEBy0odgRGf9as2vx7JQKvN1vJETa6m14V93Jrz8UuRC7TscW31Sv2j65RIKxmwdw4kBNrVtbp7OpHjbuiQS1RMte/tp2wjKrMFbvIw/EEPLjx7TqG3H0kuJdfRu7sj9uGl5nybS1IWlF8Xqa/H/C4Frw/J/dudzWywjYz9XQQtMUEjNkPcePPkxigSHG6svq52xE5agqPBU0VWOjvAitZe/1a64S2A2eJ61xKOiLIGtid6pKTZXJXrric7xSHzWy4a/9IqV
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CO2PR03MB2358;
x-microsoft-antispam-prvs: <CO2PR03MB2358DC3C35838BED9FD0C65FF5F70@CO2PR03MB2358.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(31418570063057)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:CO2PR03MB2358; BCL:0; PCL:0; RULEID:; SRVR:CO2PR03MB2358;
x-forefront-prvs: 0071BFA85B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(209900001)(189002)(199003)(5005710100001)(229853001)(9686002)(10290500002)(10400500002)(2351001)(92566002)(19625215002)(50986999)(101416001)(97736004)(19617315012)(68736007)(110136003)(3660700001)(7696004)(33656002)(3280700002)(19300405004)(19580395003)(2906002)(10090500001)(450100001)(189998001)(54356999)(107886002)(11100500001)(1730700003)(8936002)(77096005)(86612001)(81156014)(81166006)(86362001)(8676002)(8990500004)(66066001)(76576001)(2900100001)(87936001)(106356001)(6116002)(586003)(3846002)(790700001)(102836003)(7906003)(5002640100001)(7846002)(7736002)(5630700001)(99286002)(16236675004)(15975445007)(2501003)(5640700001)(105586002)(122556002)(5660300001)(74316002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR03MB2358; H:CO2PR03MB2358.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CO2PR03MB2358D7F80F3AB286A38082F6F5F70CO2PR03MB2358namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2016 12:16:54.6380 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR03MB2358
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Oz6pPfoiEEcbL8EY-QUZ1UQpMyM>
Subject: [OAUTH-WG] Using Referred Token Binding ID for Token Binding of Access Tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2016 12:16:58 -0000

The OAuth Token Binding specification has been revised to use the Referred Token Binding ID when performing token binding of access tokens.  This was enabled by the Implementation Considerations in the Token Binding HTTPS specification being added to make it clear that Token Binding implementations will enable using the Referred Token Binding ID in this manner.  Protected Resource Metadata was also defined.

Thanks to Brian Campbell for clarifications on the differences between token binding of access tokens issued from the authorization endpoint versus those issued from the token endpoint.

The specification is available at:

*       http://tools.ietf.org/html/draft-ietf-oauth-token-binding-01

An HTML-formatted version is also available at:

*       http://self-issued.info/docs/draft-ietf-oauth-token-binding-01.html

                                                       -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1610 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email