[OAUTH-WG] Google using JTW assertions?
Brian Campbell <bcampbell@pingidentity.com> Wed, 21 March 2012 22:23 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFB8A21E804E for <oauth@ietfa.amsl.com>; Wed, 21 Mar 2012 15:23:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.662
X-Spam-Level:
X-Spam-Status: No, score=-5.662 tagged_above=-999 required=5 tests=[AWL=0.315, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L1mnyQroT6sS for <oauth@ietfa.amsl.com>; Wed, 21 Mar 2012 15:23:52 -0700 (PDT)
Received: from psmtp.com (na3sys009aog134.obsmtp.com [74.125.149.83]) by ietfa.amsl.com (Postfix) with ESMTP id C03F221E813D for <oauth@ietf.org>; Wed, 21 Mar 2012 15:23:49 -0700 (PDT)
Received: from mail-vb0-f50.google.com ([209.85.212.50]) (using TLSv1) by na3sys009aob134.postini.com ([74.125.148.12]) with SMTP ID DSNKT2pU9ffy2mL7UY7c8oDLuTtSeUQfvmeJ@postini.com; Wed, 21 Mar 2012 15:23:51 PDT
Received: by mail-vb0-f50.google.com with SMTP id l22so794444vbn.9 for <oauth@ietf.org>; Wed, 21 Mar 2012 15:23:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding:x-gm-message-state; bh=CY5obwB0bfdjR/XvDGmw4XiHUM5lii4kC/lRGAVwtfw=; b=CRer80CmR3/XR+QyDfrmA5Qyz7DdKTyJ95QnuNVrkO+4v+GZDulLiVgpO9dt+JnHVe FIpzAVupM3yCuSUTEFlP6dlVas6JpvufMI8itaiEDNMiOVK0hh0bbX4Sr/FzGPkhmwp3 Df40MSSb5R0/U1AYrkxUbqerROhmbbtxNpLZIEbRKEPQYmsq/9jbFaiu3PJQIbjBUOk5 qzPG4y3UcLptlr2c4W7t4kcmkTU6PSqMC9MXu840nXYYvq+8S+PMMPD6F6Ssq80Kyo1A fNh/t297akf7qs62vU8SkYM3c9jKxbmxPdAtEbyUmoUu66278dF37YwNhpU5ATraph5a 2Q/g==
Received: by 10.220.116.10 with SMTP id k10mr2710999vcq.25.1332368629167; Wed, 21 Mar 2012 15:23:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.171.172 with HTTP; Wed, 21 Mar 2012 15:23:18 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 21 Mar 2012 16:23:18 -0600
Message-ID: <CA+k3eCTFj96PorhY+n0h5tfe=AH4XfRTb1m0yE8jdqBPjhCqNQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkX8DwI16oYTso2ezXZlN8x6BX/79//CZybUWNQWoiCS+ClvrSAaQKsTTgQBXquxTBtxD+I
Subject: [OAUTH-WG] Google using JTW assertions?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2012 22:23:52 -0000
I noticed this post http://googledevelopers.blogspot.se/2012/03/service-accounts-have-arrived.html, via a tweet from a colleague, that mentions sending a "JWT to Google’s OAuth 2.0 Authorization Server in exchange for an access token." The post mentions compliance of draft 25 of OAuth v2 but doesn't give much more detail. I'm wondering if any Google folks on this list know if it was implemented to the http://tools.ietf.org/html/draft-ietf-oauth-assertions & http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer specs? It would be great to have some feedback one way or the other on the applicability of those documents from a real world deployment.
- [OAUTH-WG] Google using JTW assertions? Brian Campbell