IETF Logo Mail Archive

Re: [OAUTH-WG] exp claim ... was RE: expires_in

Ludwig Seitz <ludwig.seitz@ri.se> Wed, 19 December 2018 07:35 UTC

Return-Path: <ludwig.seitz@ri.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E59C130DEC for <oauth@ietfa.amsl.com>; Tue, 18 Dec 2018 23:35:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ZdpA21FSmVX for <oauth@ietfa.amsl.com>; Tue, 18 Dec 2018 23:35:25 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on060c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe02::60c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82B4E12426A for <oauth@ietf.org>; Tue, 18 Dec 2018 23:35:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-ri-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EJMjDjLJTcF1ZaH+SuX4Oo+0QhqDZoyisbD8iGSdoJU=; b=Wgv3sHVSjZfz1IEgvn64U/DUfrXvZjDEmKq+u0khoknE1qdSvL/dT+bm1OZ/9V+An122fhfIFvKfXBHv5Ybd4b32JMobxrVvLWYjhfZdFQsJ8LV5bOab/p3C/q9D1WKU+XU/IBp39tZFe0zet5U2KKhfYvAxGw7MRrI7iUGaQdk=
Received: from VI1P189CA0011.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:2a::24) by AM5P189MB0321.EURP189.PROD.OUTLOOK.COM (2603:10a6:206:20::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.17; Wed, 19 Dec 2018 07:35:23 +0000
Received: from HE1EUR02FT062.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::204) by VI1P189CA0011.outlook.office365.com (2603:10a6:802:2a::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.17 via Frontend Transport; Wed, 19 Dec 2018 07:35:22 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT062.mail.protection.outlook.com (10.152.11.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.1446.11 via Frontend Transport; Wed, 19 Dec 2018 07:35:22 +0000
Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Wed, 19 Dec 2018 08:35:21 +0100
To: oauth@ietf.org
References: <VI1PR0801MB2112201BE59C911D250F3148FABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <CAGBSGjov2c6Q8-oJGiX5wUF+1XutedELaA7Auykm_ognsYvb3w@mail.gmail.com>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <3ce80a08-32d8-b05e-0642-a30a1467d0aa@ri.se>
Date: Wed, 19 Dec 2018 08:35:03 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CAGBSGjov2c6Q8-oJGiX5wUF+1XutedELaA7Auykm_ognsYvb3w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(136003)(346002)(396003)(376002)(39860400002)(2980300002)(199004)(189003)(186003)(106466001)(16526019)(2486003)(23676004)(74482002)(14444005)(26005)(356004)(77096007)(44832011)(229853002)(6666004)(386003)(486006)(53936002)(86362001)(446003)(53546011)(2616005)(50466002)(126002)(476003)(11346002)(76176011)(33896004)(508600001)(336012)(65806001)(22746007)(64126003)(6246003)(36756003)(31696002)(81166006)(69596002)(40036005)(6116002)(230700001)(65826007)(3846002)(47776003)(6916009)(22756006)(104016004)(2906002)(117156002)(16576012)(31686004)(316002)(97736004)(58126008)(561944003)(5660300001)(68736007)(305945005)(7736002)(8676002)(106002)(81156014)(67846002)(65956001)(8936002)(2351001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P189MB0321; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; HE1EUR02FT062; 1:B/SYruK3K3kzwkaO4S9dggZqyH0RsyhVUUmILHY1pMxHK5qs5KfJvnbtH3IDC0ahxbghxhIR5uCy3DXikJkzdZ8J8jSH4lWOnS/Pz4/4/MpFcuB8ucV3u9V+0/J3qaYL
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 8130e12e-7b53-46d3-b4fb-08d665848891
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4608076)(2017052603328)(7153060)(7193020); SRVR:AM5P189MB0321;
X-Microsoft-Exchange-Diagnostics: 1; AM5P189MB0321; 3:G5apigngeWmIAKlL1I+4p5K4mW4JHmpi7dkx2JocV0/1qIESDtsfT7RtVhaqCSb9BkW9JzJHeWlr29zVW0Uj4X4soU+cUCEmDh4WsHGS2b49LKmSwFp/RjvvyOdI0HNxgWyeXMf57LlAL2ygz2KYgHNrTP7ztZOFX9WgOrso7oYT0fHPt0TEF8lGQdOJHACL4yubRyHnnGNj8CMlZ5MsMio7Hwdgq6JLMD4qeejeYwgmvBJ9ZGcVjW7ySeVz34JJCM4tlDei/hdNSjSEqM+U9HWGTq0ntGSyxN6e6a4MjwBcE0fxXnlVPOqaPEeRf9Tn2H3FhqRv+6IWWllHOliHkdFAOKCLVp66krc4Tfp+xYM=; 25:l/OfFYr2SR6dPdnN9Sit9fJ9B60we0a33WTJSuTzavrpipQvAb/Q156Zx0dh/3u3W64fLoPyqXKXP9eNDw8wME4XOhbxzGAuPUgJ6q68zEzIdU30PkY/LfSFFpVdIoGmY/6Lbcw6d+y8ApITVBKeXzWD/0Mdo1V+XvuAJ+dSbXI7sZ6ir8GPYzEDHac4Xqp00XnJf3TkDSPSzKLoK/aDdyVwmS6v6KNshTHFXqoxI5bSTYzXYPJ/pv4RjZViSLYvPF7acLUeAX2F8nrfVuMgAZAV6HDdv5h2PxF/aMyps26t4UgYbRFjuI4PQCXh+PF6STixfdRw18EYZ4zy4hzytQ==
X-MS-TrafficTypeDiagnostic: AM5P189MB0321:
X-Microsoft-Exchange-Diagnostics: 1; AM5P189MB0321; 31:wy8lDceSnBzp2LOHHrSEcjM189LE6r+FImcjvEJO5jdeXlm8sj9/NusbbrfLVXgT63zrC/WyKT8ZCA/g0Jv5sBba8qckMzSdNI7IjzvVvp1Tq/i+HgMBr79GhqIo/OfbmcNqN77lbXs8fjL6sHJtJYHYQvmr/VopWXKoN9vFH4M/Xnmenn9HFu5Wu9J+WVPcf0mKzmMubYXpC9dXa4ECOmSPx0v2NCGJKOYn9CdBioU=; 20:pFIC0Lv+y1CEUhGORZ+6yJupdsR3BIw7HyIk6WlN4Z/uB58YH9Na0bXNCOBLMSC4O0lcadSEje78Z1bjVxA/zBkEK3dVbbx0SqQU70MGd66uTOE3ERKereQ8ITrp3hwOWMoUKOzRJov3aNQyc4dCOU9eeCpdq1mClB7TihV3wR3ecDGpd00T5P2ciVsHhptgU8lJ3lS3YEbkdo84Ro7FDOEITmjO2e8LU4wALD28VEWp5CIwFk4HyKPqy2E9TC3r; 4:VxokyjQZdxGLSBOqKH1El8bqLUjvNVPMLWdNd1kOOMcRMj4TtGprwuqVr+IzekHiw8DshQL79jYjHiOxR5XmKaI+CiIkGLkgUJtmF6QS2DCa2Z/VJnxj+7zDinfHffI9Adj8pYfMf3K0u9PbMjwVXM60I+wdlVzUzx3tdzWOt9sGd/iluLBJQjbgJoPTIKpXVvViLVwFpbj0He++kZXl5mSbeAUgyfotNKP/yqmjKrcabR/+4OEOrZwNIgAusQyqqgE0Eyrz2ahbYqtKJvkoFw==
X-Microsoft-Antispam-PRVS: <AM5P189MB0321EA375E1066B19BD6C39682BE0@AM5P189MB0321.EURP189.PROD.OUTLOOK.COM>
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(3230021)(999002)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(3231475)(944501520)(52105112)(93006095)(93004095)(148016)(149066)(150057)(6041310)(2016111802025)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(20161123558120)(20161123564045)(20161123562045)(6043046)(201708071742011)(7699051)(76991095); SRVR:AM5P189MB0321; BCL:0; PCL:0; RULEID:; SRVR:AM5P189MB0321;
X-Forefront-PRVS: 0891BC3F3D
X-Microsoft-Exchange-Diagnostics: 1;AM5P189MB0321;23:rgBRGq3FcXBzi9AIgDjKY2bTuGpHLi2RFt2fpYCDcsaZhLNBdT0TuDzUQQhXr4v9yYwgMgVdJtCFXkfLQch6ItSmftzpr6kH6O11jXC7rnK8NZmuIaAH/LzMxpeQob2VySOgjkZy/KRJei+jCSbfe8ACuls1unLomCIkKWhna6wIZ/3jHik77+2XQsu9ydSqhC4A9MFzW4Gl0zIYPOFyc8vzMVKE1GuHZuX2BXjg1r4MjCEa2FhMl69hsU2QPhcliHl30/FSU9lpaxIRMdTyE2j7LGc4OSd/WtZU7u4fro+qWeKnupx2lj/Z/vHStVJWTOpzMBOH9wt1MuQLFyRn9l39oxnxKMbzk3qj1Dr7wxAxQ6Vrh7VHzLDtjKxYtwcmKcm6WG4e/kKbBWGXnXBB2uwg9cp6UEpUAEXuMe/yEWGtKg16N2ZYNOtnd5vf701qFsyLGP2NTkroz2DPIWsMFEa9hKWz0FHNj186I/dqKQLBD+JWOz3HhiHj0rgwwtarv6apomcdd4mY95K6V0SAdaxRe7jC5HGX9WeFWb8+X+7Iu7jq5C2ZrJkdm6HpSFVy9JIhhc9GW9tGEGYXMS5Q0v2d2aLsodD5tWBe4xwXuTsFCtyVNNM82Y75csZcBbI0LKZxA4aERsBMs5ZPXeFQcO6DrXbjn1cdjpTB9m3Ic+z6LJWuXVNVGM3/XwXmZ4Spuf49N6EjcaVABYrbbHuFR8XBJwLGHGT89FnrK128jliPo738NgkBExFM3b3heo4gKYn5+lY46Os64CO6cvedbALtQT4d/w+79gufHlwkdf5GXXSpfMtXhhHLThyELu/031AU5oEv2fyZ4BdzD7CYyKxcHduYoSUMBtcaU7jsdO+6/uE+WFW89KMrZINEkXnc0/xfjQ5zMFaf0d59sb8r+CqDhZadaraOLQ5D6rIoN9+KgJGFDsLEKD5i7bf+R71ZkICSEQK/G0/K1YnOInJxcJikVXBZBi+/iO60PzFYWdwCDy/jyPcNY7pIMfQUIshs3o44sc3y+RzCZDydG9Hles9tmM1mWx0Sg/StlpvVB5l+YhxpdvZgyeGVd1eXvsCxUiTW7cqVO5l2csoWTgJnPncvtzIzrN4eJfm0Uv94cdKAQLnJUasIx0Q0eiciDLlit/yRS1z1gch5zSpi7FofLTpH96vbtE1x+KSidIQb1mbO9ymYuM0ihflFI5dDg6b6/PZP4Man+PpOl6rbKFqpLUr3IgOwBcVDS6Iy3Cwtb198DTOLqkAiyKVlvfyb08Kn1MHGMOy2KujHaEhWnogrE16xPs7x+MkxKmoNsLCalLvsUqDlQrusqv8QBjUK11VEIuejmofEz7Abuvr5nPt+hVlKhs3M4RZTnvpRU0Yu6sLCCMuDW+ZXHzJVC6DORpjVHJFh/xq24/mUrL5XSlpbbiORTEBqQDCOiz7okG6k9rNYtDbVpg5KiG3ENgo43PA0xzl36vyAgN42dCR1NiroFARGDbsY7Rf/zJ4SyChf9eM4zR+yjby/o8M2WBT7ieSO4KH1PJHvtTqMyd1jyVtqWNUY+xEVbxtYlWU7AVo2VII=
X-Microsoft-Antispam-Message-Info: V4P3cp0iSQKOZav86eONUAwG8BewWRzPD+xdQyX7YErV/4R6d6b7h0z+/SkjsEQe0U+LuVbwFQXiBASvE9TvxedyPqA19+0Q4rqUvZo8CHNDj9KgLEbiUm8GdIzZOlzfdCYwYoF01xBD8bq5UA/DcZM/VW7Mkzxqc2mWFX01+MkH9doxfXAwjUAk8vScvdpsI148G/xYt08ahhmsQMvwpeUpzu06320ojX9zR4U5dVE1PnZ63vnlg/EbaKh+JTcABfBTFrsvx2yutesQ63N6wDHkGFH5Ly8cPhvRmb/AOFz0quJw7laux73X6z4IV1nH
X-Microsoft-Exchange-Diagnostics: 1; AM5P189MB0321; 6:ewC9zserO+GFabMWwWNDDeuje3RUh7T+lGMxAywsSi1LzZzJevUarNNFlIHQ/zbBf0M5sIscbux4CqpYFhxwetF/cbI+xsmu0EpgRJUwiouya1VDaoVjzv5qjTAi3vLQc6R2km6oRL8jgqfeZXCmj5G8fGX6qmF+pTCo05rHo3ZO2YXqAPxRNyTvP/Xs8owk7c/iuAZE6SJ4tJfLNso8QoMrspj06xSc2FxcSJ9RFpGfaYiW/fmhqP4SRNXTDolHOnkIOTFBB002DTnm4lToue5rGHkDFsPVIe09BvrTlxyvI3vGDX+cw8g6GcjEyb0djdYaykurDWytskAp65+dbiF85DniO1yEq/hFSbTp5jEyGqF+tHb3Qnj0LRwjmO4vb2vrlmDCPK5p6YhL6iv+0Fhm582z6Kb4Nm5+ILDJUR18WSEcgc1MHpQh1UFrejnMwHJomJElbbqFpAibDetyQg==; 5:MeS+BjtJ0aU2GQ25OOezYzFoUL6xNEWAbgWVm2tmtYVMDb2VZKFuQldp6Su/+fUwvGbwNnRP7mb/5Y4+s+8fLo7+I4k6UIkjjYgT4OvDSfgTpIcB3eRepJ87esOGElhVhSSbhbHBl1LdxtwP/I33ivvu8vHNA1jygJGDsLZZjZ0=; 7:TS8dVA+wF+XBCpBodiuqwG6RtIZmX6VbXk0736Fm8Rq7o7zEyfrDS7cpduN8mIIHwDxSu+Vlo67EEf6yGErHD9tFEJqUdfWQoD/jGe2PLMNSLEuDEuqqatAPnwHAQGBGL6d/p+h4XJFhJ/FniCPLTQ==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2018 07:35:22.0061 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8130e12e-7b53-46d3-b4fb-08d665848891
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P189MB0321
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/U6xMDiMlIzoLw2xTpj1Zx019FJk>
Subject: Re: [OAUTH-WG] exp claim ... was RE: expires_in
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 07:35:29 -0000

On 18/12/2018 17:06, Aaron Parecki wrote:
> The "exp" claim is an implementation detail of one type of access token, 
> but obviously doesn't have any meaning to someone using non-JWT tokens. 
> Since not everyone is using JWT access tokens, it seems strange to have 
> a mention of a JWT-specific detail.
> 
> That said, it sounds like the proposal is to recommend access tokens 
> always have an expiration date? In that case, is it also important that 
> the expiration date be communicated to the client?
> 

The original context was from the ACE WG. In ACE we use pop-tokens 
exclusively and it is important in some usecases that the client no 
longer uses the pop-key material when the token has expired.

/Ludwig


-- 
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51

v2.23.0 | Report a Bug | By Email