Re: [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-introspection-response-01
Mike Jones <Michael.Jones@microsoft.com> Mon, 05 November 2018 06:39 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A06F12EB11 for <oauth@ietfa.amsl.com>; Sun, 4 Nov 2018 22:39:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.471
X-Spam-Level:
X-Spam-Status: No, score=-2.471 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFkzmJwapVFV for <oauth@ietfa.amsl.com>; Sun, 4 Nov 2018 22:39:45 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on072c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe56::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 393D7128B14 for <oauth@ietf.org>; Sun, 4 Nov 2018 22:39:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FdbXD/RQ/UmI89JzZ0n3xF6oxjb5X4SDo/bdRkiYJu8=; b=IvMRYyRWBZBmaBNAvVRIytpPFkq49LszqoIWmlQ04QOAjGurFliUZe3iPfhyU2XthNxjl5VVLBsed0p2qbTeeoPrNSDrrFJZxr8SgRkbtdvDTV/SpJt3V4/N0+RHyyj0IBvL135Arc69dYaA8DYQZbEAoo2jSTp0yvGuyUeiDwc=
Received: from SN6PR00MB0304.namprd00.prod.outlook.com (52.132.117.158) by SN6PR00MB0416.namprd00.prod.outlook.com (52.132.118.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1351.0; Mon, 5 Nov 2018 06:39:41 +0000
Received: from SN6PR00MB0304.namprd00.prod.outlook.com ([fe80::7049:34d6:bb27:76a4]) by SN6PR00MB0304.namprd00.prod.outlook.com ([fe80::7049:34d6:bb27:76a4%4]) with mapi id 15.20.1350.000; Mon, 5 Nov 2018 06:39:41 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>, oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-introspection-response-01
Thread-Index: AQHUdNFn6HIT3bT5CE+WhUFo4eQ7gaVAughQ
Date: Mon, 05 Nov 2018 06:39:41 +0000
Message-ID: <SN6PR00MB03049AF113C400EA5F7033D6F5CA0@SN6PR00MB0304.namprd00.prod.outlook.com>
References: <F3FA169B-2C8B-4FB7-80B3-5F9A995A4690@lodderstedt.net>
In-Reply-To: <F3FA169B-2C8B-4FB7-80B3-5F9A995A4690@lodderstedt.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [31.133.148.145]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR00MB0416; 6:xlhGYr8f4Hg2/IG9uEudTNYPlsWwimSSOGq3w7/6XJ+ThDs7fo/oUdJjZdlzwb+Eq1HETCkvHmDY5fp/VWmkj2B9uFr0mdMoCkBOqf47tDjv40i8E6kaXSiMLZctGxhRVed4jCHiS7jPQ/zFbdK9DKqVT+eujvpRUgEHNiOV7JFgQpzFwhxdPN4okwYRPgTrVfTxduejv5pCcSNO19IK1dRYS4z+7KugsJv0I3KPqPjBFfZesexq0ziU0sw5Vv5ZRs6RzCG8Sx1ZojipHdwHyIz9NvzJZ1iSQbgZKZ/lHhK8zR5mC3TsHB8DFrAVXoEbL94CBDp8lDCVLh1PdP+EWaxHTQnZvbDq9KAEbDzUwTVOWlEHQOo4DExDH+gCe0xXIQka3VEsBI+SxZ2x5cFjIMP0lhWjFkYW22AJvJAj50miaKuRsL8mi/gya3avy0Oh5ijjCsU8GQw8xoA+Bpuzdg==; 5:ZVa/0n1l55QiODgyai+ARmito4D1bwCh+9KNpQH0PsmQlahPdnKiVkUnzIAUBMYDTzVRpvbQlYfGdQoraIar6RKJd0UbF2FurPK9IqvseHsT9tmh/3it9UwrJElZJD0fWA85HrVqoLVXU8+TdCWYueuOmVjM5YTGdjJCaIgtCDk=; 7:gAuI2Bqz3wx9QmlMyytkBMUXlfAnb4owwVmzrXVIy/ObW0IwxIZEwAg+ECL6veya/rOmMKmhjpoXknb3JMkEZWYgCtK1jAIH6hejmVx5UPib58t9ZOzh/r03X2UUpv42KF3NNZUlu5mljpo7zH6Uqw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 81a53e91-dc2f-4f7a-8f41-08d642e97742
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:SN6PR00MB0416;
x-ms-traffictypediagnostic: SN6PR00MB0416:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <SN6PR00MB04165A2E7974846B86E2B1BFF5CA0@SN6PR00MB0416.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(8220035)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(3231382)(944501410)(52105102)(2018427008)(93006095)(93001095)(3002001)(6055026)(148016)(149066)(150057)(6041310)(20161123562045)(20161123558120)(20161123560045)(20161123564045)(201703131423095)(201703061421075)(201703161042150)(6042181)(201708071742011)(7699051)(76991095); SRVR:SN6PR00MB0416; BCL:0; PCL:0; RULEID:; SRVR:SN6PR00MB0416;
x-forefront-prvs: 08476BC6EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(13464003)(51874003)(199004)(189003)(53754006)(8936002)(76176011)(7736002)(26005)(186003)(5660300001)(106356001)(99286004)(305945005)(2906002)(2900100001)(7696005)(8990500004)(86612001)(9686003)(53936002)(10090500001)(6506007)(6436002)(81166006)(81156014)(74316002)(55016002)(102836004)(53546011)(8676002)(105586002)(6246003)(25786009)(11346002)(256004)(476003)(66066001)(33656002)(71200400001)(71190400001)(110136005)(446003)(22452003)(97736004)(229853002)(486006)(68736007)(72206003)(86362001)(14454004)(3846002)(10290500003)(498600001)(6116002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR00MB0416; H:SN6PR00MB0304.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Ngcu3kVGUGweB/baj7KwvtDsWit8Yx3AimXIb5SCKmAU42PTsXTNJOT1mqzHXCSTtBcMgbkao1L6eNucTvv4qjH2YileYIoI2IQIRHIAOrkkKDRTHEkRO/3LMpxXdtFShiFX4sZJd5LKN2RBqbBnFag060mHqxvQ9iJYqQrczKZifvWOVDrH2LZy5SqGFqa815vxyi/1InqmfHLj/qqX1RU7xk7BFx3YQ3EmMhXe9fWldbxQ/LIJXL/F3MW70UzgbEvuepeUthtgeB8XUR8QOv5C4kkW6nGYfPttxaZGd9vSfmPor2U33qWWtzH8G4iQfRL3gLu/VbuOpk91N40z3l+pQOYlNovisiFzSvV6ymk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 81a53e91-dc2f-4f7a-8f41-08d642e97742
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2018 06:39:41.3746 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR00MB0416
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/r5ROgmOtJZ8wkppNY1Z2fZ0rKgA>
Subject: Re: [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-introspection-response-01
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 06:39:48 -0000
As discussed during the working group meeting, I agree with the people who spoke up saying that they believe that trying to over-generalize the JWT introspection response mechanism to cover all OAuth interactions would be reaching too far. There are differences in the characteristics of the different OAuth endpoints (authorization, token, introspection, AS metadata, dynamic registration, etc.) that would have to be accounted for, including the likelihood that different keys and algorithms would be appropriate in the different contexts, different client authentication methods would be needed, etc. Let's do one thing well. Not create something that's extra-complicated without any clear use cases for doing so. -- Mike -----Original Message----- From: OAuth <oauth-bounces@ietf.org> On Behalf Of Torsten Lodderstedt Sent: Monday, November 5, 2018 1:33 PM To: oauth <oauth@ietf.org> Subject: [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-introspection-response-01 Hi all, as mentioned during the presentation this morning, I would like to get a feeling what the working groups thinks about generalizing draft-ietf-oauth-jwt-introspection-response-01 to a mechanism supporting requesting and providing JWT responses from the different OAuth endpoints, such as token, revocation, client registration, and introspection. Please share your thoughts on the list. Thanks in advance, Torsten.
- [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-intr… Torsten Lodderstedt
- Re: [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-… Mike Jones
- Re: [OAUTH-WG] Generalizing draft-ietf-oauth-jwt-… Justin P Richer