Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-03.txt
William Mills <wmills_92105@yahoo.com> Wed, 27 February 2013 09:12 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFC721F85F5 for <oauth@ietfa.amsl.com>; Wed, 27 Feb 2013 01:12:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.318
X-Spam-Level:
X-Spam-Status: No, score=-2.318 tagged_above=-999 required=5 tests=[AWL=0.280, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMz-Xf6bk9HK for <oauth@ietfa.amsl.com>; Wed, 27 Feb 2013 01:12:56 -0800 (PST)
Received: from nm37.bullet.mail.bf1.yahoo.com (nm37.bullet.mail.bf1.yahoo.com [72.30.239.57]) by ietfa.amsl.com (Postfix) with ESMTP id B14E221F85FC for <oauth@ietf.org>; Wed, 27 Feb 2013 01:12:55 -0800 (PST)
Received: from [98.139.212.147] by nm37.bullet.mail.bf1.yahoo.com with NNFMP; 27 Feb 2013 09:12:55 -0000
Received: from [98.139.212.211] by tm4.bullet.mail.bf1.yahoo.com with NNFMP; 27 Feb 2013 09:12:55 -0000
Received: from [127.0.0.1] by omp1020.mail.bf1.yahoo.com with NNFMP; 27 Feb 2013 09:12:55 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 26450.59172.bm@omp1020.mail.bf1.yahoo.com
Received: (qmail 14502 invoked by uid 60001); 27 Feb 2013 09:12:54 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1361956374; bh=p2ZwHfjuBl1zmun2uVOdtNAuhfGD6TBBfTFP4EnuZaU=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=hs/8wmGV42lxczLviTQEfiM0tvl+eB4w6TU4+J4E3xZSSl/L7wMZxb/fSJ/cT90rff7LqbjPOWTFl1T4JAWXNO6sIlZFTgbLv6OJo6FcwtOxuxII0CBsLDrV9URqUXZVPR7ukHqFawhy6FpiroU7vjtDI3jV5tbqRM4VVcIPJbU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=45NZveOZWiAcnBD0zRrJblflQHn2rebOMGEcvzMb7TYJGDklf3o16CNZtQPk7zUlZ7kZBqFv3Hb9YKQN86LkWf4pZ/lNP4ekO7CNjSHpgkJ6DKgnnkk4S1VqZBKv/j5lKtgg1tWdoEEwu4+6IKmMo1+LZMqD2ZAmTGSsK1UwTGM=;
X-YMail-OSG: X1KNjWsVM1n6doj7Lw6rC66liX8jGGoCkn5fR.K3c2jESGK 8A2.N92wGUWIqkYo.fIup5Ye7_fNH49Ge_u2apjscYwafJ8W2ZZyRadPNsNo xUv.R0360jyLW7Kp9cRXEvto0oyjiCPc9K33SlAawWdSi4Hez6HNf.mmisG8 yLwJfLaBipa64DBdZK.mNlYyLxodJJ7ibWEOxx88OsnRgzJNlpKYcTIUJ52k o2SegfgQ6AI9DtOeYD.zt_3svpFcebzGIIBN1mFDWvUYAUM5PBQLme6UPABC Ln2.q_qiXrlRejJ3nLzMWWHG.rDgevW85PywuYGa80xXzFmvbo9LLROwPLAN 8xbBVukU4mYKRoOjF2v6XVsJTElOrFaNG1oR2UXhf3drYUcouMofNVl4UNa0 ev2xnqdFY2JHYyCGFDEed6v5oTizuWk4PBGbpOmm.i0vC.leexgupruNIPRb C7kqEdoVWeg88SM.Kg0pmxYDsYhiECwcbG87XXrAlq72OtnOiSIUZ75c0baU 93LxXG_ipBjTejFFz8KHA7wAfad5mufSJegeIb4IetXHD_R0bCRyVTq0eFOJ x
Received: from [209.131.62.115] by web31807.mail.mud.yahoo.com via HTTP; Wed, 27 Feb 2013 01:12:53 PST
X-Rocket-MIMEInfo: 001.001, SnVzdCByZWFkIHRoZSBkcmFmdCBxdWlja2x5LiDCoAoKU2luY2Ugd2UncmUgbm93IGxlYW5pbmcgb24gSldUIGRvIHdlIG5lZWQgdG8gaW5jbHVkZSB0aGUgdG9rZW4gaW4gdGhpcz8gwqBXaHkgbm90IGp1c3QgbWFrZSBhbiBhZGRpdGlvbmFsICJFbnZlbG9wZSBNQUMiIHRoaW5nIGFuZCBoYXZlIHRoZSBzaWduYXR1cmUgaW5jbHVkZSB0aGUgMyBKV1QgcGFydHMgaW4gdGhlIHNpZ25hdHVyZSBiYXNlIHN0cmluZz8gwqBUaGF0IG9iamVjdCB0aGVuIGp1c3QgYmVjb21lcyBhIEpTT04gY29udGFpbmVyIGZvciABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.135.514
References: <20130225124642.7425.65145.idtracker@ietfa.amsl.com>
Message-ID: <1361956373.9883.YahooMailNeo@web31807.mail.mud.yahoo.com>
Date: Wed, 27 Feb 2013 01:12:53 -0800
From: William Mills <wmills_92105@yahoo.com>
To: "oauth@ietf.org" <oauth@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <20130225124642.7425.65145.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-125733401-455653446-1361956373=:9883"
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 09:12:56 -0000
Just read the draft quickly. Since we're now leaning on JWT do we need to include the token in this? Why not just make an additional "Envelope MAC" thing and have the signature include the 3 JWT parts in the signature base string? That object then just becomes a JSON container for the kid, timestamp, signature method, signature etc. That thing then is a 4th base64 encoded JSON thing in the auth header. How header fields get included in the signature needs definition. Why did you kill the port number, nonce, and extension parameter out of the signature base string? The BNF appears to have no separators between values. -bill ________________________________ From: "internet-drafts@ietf.org" <internet-drafts@ietf.org> To: i-d-announce@ietf.org Cc: oauth@ietf.org Sent: Monday, February 25, 2013 4:46 AM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-03.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : OAuth 2.0 Message Authentication Code (MAC) Tokens Author(s) : Justin Richer William Mills Hannes Tschofenig Filename : draft-ietf-oauth-v2-http-mac-03.txt Pages : 26 Date : 2013-02-25 Abstract: This specification describes how to use MAC Tokens in HTTP requests to access OAuth 2.0 protected resources. An OAuth client willing to access a protected resource needs to demonstrate possession of a crytographic key by using it with a keyed message digest function to the request. The document also defines a key distribution protocol for obtaining a fresh session key. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-http-mac There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-03 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-http-mac-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-m… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Antonio Sanso
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… John Bradley
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Phil Hunt
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Sergey Beryozkin