IETF Logo Mail Archive

Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19

Mike Jones <Michael.Jones@microsoft.com> Wed, 23 April 2014 16:32 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61B281A0380 for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 09:32:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCOqkGnfr7gB for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 09:32:54 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0212.outbound.protection.outlook.com [207.46.163.212]) by ietfa.amsl.com (Postfix) with ESMTP id C77441A0348 for <oauth@ietf.org>; Wed, 23 Apr 2014 09:32:53 -0700 (PDT)
Received: from CH1PR03CA007.namprd03.prod.outlook.com (10.255.156.152) by BLUPR03MB437.namprd03.prod.outlook.com (10.141.78.147) with Microsoft SMTP Server (TLS) id 15.0.921.12; Wed, 23 Apr 2014 16:32:47 +0000
Received: from BY2FFO11FD008.protection.gbl (10.255.156.132) by CH1PR03CA007.outlook.office365.com (10.255.156.152) with Microsoft SMTP Server (TLS) id 15.0.921.12 via Frontend Transport; Wed, 23 Apr 2014 16:32:47 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD008.mail.protection.outlook.com (10.1.14.159) with Microsoft SMTP Server (TLS) id 15.0.929.8 via Frontend Transport; Wed, 23 Apr 2014 16:32:46 +0000
Received: from TK5EX14MBXC288.redmond.corp.microsoft.com ([169.254.3.63]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.03.0181.007; Wed, 23 Apr 2014 16:32:10 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
Thread-Index: Ac9fEZKCDboZV7WmRDqDYDMAE4ic1Q==
Date: Wed, 23 Apr 2014 16:32:09 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A191D83@TK5EX14MBXC288.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.36]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439A191D83TK5EX14MBXC288r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(438001)(377454003)(199002)(189002)(13464003)(20776003)(79102001)(80976001)(46102001)(15202345003)(2656002)(81342001)(77982001)(81542001)(84676001)(86362001)(66066001)(76482001)(33656001)(84326002)(16236675002)(80022001)(55846006)(54356999)(92726001)(97736001)(87936001)(19580395003)(512954002)(44976005)(74502001)(19580405001)(83322001)(99396002)(74662001)(19300405004)(4396001)(6806004)(92566001)(31966008)(50986999)(71186001)(2009001)(85852003)(83072002)(15975445006); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR03MB437; H:mail.microsoft.com; FPR:B4D2F635.AC32B4D8.71D3BF7B.42EFAA28.2027B; MLV:sfv; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 01901B3451
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/R9OctM9A76eFxtbfhWgl1KVFzpk
Subject: Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 16:32:56 -0000

Replies inline...



-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, April 23, 2014 4:49 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19



Doing my shepherd write-up I had a few minor questions:



* Could you move the RFC 6755 reference to the normative reference section? Reason: the IANA consideration section depends on the existence of the urn:ietf:params:oauth registry.



OK



* Could you move the JWK reference to the informative reference section?

Reason: The JWK is only used in an example and not essential to the implementation or understanding of the specification.



OK



* Would it be sufficient to reference RFC 7159 instead of the [ECMAScript] reference?



No.  There's no equivalent to Section 15.12 of ECMAScript about the lexically last member name to reference in RFC 7159.  See the usage in the first paragraph of http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-4.



* The document registers 'urn:ietf:params:oauth:token-type' and it is used in the "type" header parameter.



The text, however, states that the value can also be set to jwt. Why would someone prefer to use urn:ietf:params:oauth:token-type instead of the much shorter jwt value?



There are use cases, such as using JWTs as tokens in WS-Trust, where a URI is needed.



Ciao

Hannes



Thanks for doing this.



                                                            -- Mike

v2.23.0 | Report a Bug | By Email