[OAUTH-WG] Re: RFC 9068
Justin Richer <jricher@mit.edu> Thu, 10 October 2024 14:27 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43817C14F686 for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 07:27:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.607
X-Spam-Level:
X-Spam-Status: No, score=-1.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, SUBJ_ALL_CAPS=0.5, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcUK85-Gfq0a for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 07:27:45 -0700 (PDT)
Received: from DM5PR21CU001.outbound.protection.outlook.com (mail-centralusazon11021110.outbound.protection.outlook.com [52.101.62.110]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33507C14F5EA for <oauth@ietf.org>; Thu, 10 Oct 2024 07:27:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dLHKMLMBNfzgt+zAzOvLtZpDdbKM5ONT+1E+0Hmsg+QjrV+TyjtYXJOcmk0dhKOwoQv/M7ZSjFtOaGusbhPjBAXg2h5qziascfQ4v3hoXnG2WuBr6lYdYKO7dxLqESUsisgq3BS3U1WBk+wihTHUkONM8MzTTSHo7LFwtx9DkDr5w+RZ7ieH32I4I54n1ofcix72nrZakYPQHDulRJI6CIPV0R8VWjkx2bzP5+rRDQ5CC8AHks60NghAlkqy8ZIWUzE48Am/W/+tX8rwz+xqaShAjtrIAikJ6fM4itYWEZ7O0faL1mBYW774XMbB11ULvUXJl8k1UYByBFcb51eJIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sh4b/Ky6u497yWvu5MwrV5Sxqj3zwBwBMtpfZ6GQl34=; b=DDWTOJQdVZKlGdUC2t34QC6y77YokWIR3Pqm+NobGlh7D5Y2A2oMjhpmPRfv4gTgfwoQFqLFeLNCAy7KQzD+f7tX/a3NnHqbnrNDpywAYGAACP4CZgIjTcQce1WfVWtAM8ILQPZDPju1zQqFxydPzrJxf3R1MmQgZqkpBWpNkIkoG3/26RtsZqA69QMmYCBuKmcuMRM8T0GPA/ymICwahte0gG/qC2tb+d8VxN8/qo5uP8xZbEHVQvg2biU1CHBOXnu10UnTcSpySMJypPuWgTxyNCKbA19+7DjiUHeVHOLSKrX5kAuGmorMrZUDTgJqS+Q3Fzt31XWFLcLYtgZlww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sh4b/Ky6u497yWvu5MwrV5Sxqj3zwBwBMtpfZ6GQl34=; b=dpvWW0MVsDZHptTeitw/jBLRW4mMKD9/pl87RPKpjqGQNg7lwm5e1XvaeIihjWnmsK3C9Ghcq/P+x9XGvG5a7Yh/plHIbEXF8ZJrSqmufBzC1ouUiyxLQRG2AcSzd+XWp1eocONOkJTixRXoGeW7BZzyUErA7slAgmlzH5WvMfE=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SA0PR01MB6217.prod.exchangelabs.com (2603:10b6:806:db::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.34; Thu, 10 Oct 2024 14:27:42 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::e7d6:999:270f:a820%6]) with mapi id 15.20.7982.033; Thu, 10 Oct 2024 14:27:42 +0000
From: Justin Richer <jricher@mit.edu>
To: Pierce Gorman <Pierce.Gorman@numeracle.com>
Thread-Topic: [OAUTH-WG] RFC 9068
Thread-Index: AQHbGyCQ8mHH2VZwm0aGF/cttqjr0A==
Date: Thu, 10 Oct 2024 14:27:42 +0000
Message-ID: <720B71CB-06DE-4F42-95E6-CDF3CED1C4AE@mit.edu>
References: <DM4PR15MB5503161F3F1BB3A66F53264F8D7E2@DM4PR15MB5503.namprd15.prod.outlook.com> <62AD7B59-29FD-4829-B744-D60AB0592D86@mit.edu> <A1547D2F-FE42-431E-B9A6-6754541F7C15@mit.edu> <CH3PR13MB6747D2A65CF5B995C86FC2F5E1782@CH3PR13MB6747.namprd13.prod.outlook.com>
In-Reply-To: <CH3PR13MB6747D2A65CF5B995C86FC2F5E1782@CH3PR13MB6747.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SA0PR01MB6217:EE_
x-ms-office365-filtering-correlation-id: 79cb1c37-ee05-4a36-bf93-08dce937b36b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|366016|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: ZHhSdLsKLaKlZ/WHjN6Lbp2rJePgdzGEO/i0CL9BHSmw9Ft9RbqezjvVqThg8yM7vd9MtdOkBW+mXghe1DC6QbGoHHTnoizv1l+r2Zgle6cqIh5+3oZV0ylZDKQYRr5rog16yJUxBuMsCL9XphNuHLWdXdtC+dSKSQXGh6B0DhxeD1IG4gih+Y2s1aD/HoU/28XCiHqqIWNAYsLqlXGWKbfcf5ybUzr7fVpOFlA4HVJRoMJTRyJ8LquwcgbnXrvoiA4yanS0RbfRYOixtNh2B42Iiio6q373BEkcnkBiB9AKjcn534MlFjp9OrWSENeQ3Zti3sNLqQz+bbq1B9egLe7SOFAUzjds2T70Sv/KwW2tNm7xtwOYkVa+RHUrzslqLKMXhA5gUX29f1uYCovSoU8Bc4gDHgjljAhP0GRJuHs5T4XUa8OfMu1u7Yrrig6bae20ykPMNIZ+4OHl0XjCStTnWRYECBANz8YMwWQn+wGv1BFuANVRCGjCPIwnkh+0rS1DoimIBzQJ0MaNa4SzH2YHQ6qY/vPuxdKIbRdiwuM/3M30rgonzqcumH13MiQM89aAgzwQS1Ix1eTWIkPA0bRwopI+hQRd/mxIbAT0atqLexRg7A8tNhAcQky6q80BNo96sI5ZUH/s2xAZ28I7g859PaN1AxZbvkl36FOy7H8dwLs5rS5IxcZXC89nb4GZ1lRdF2HXd/cIidz1D8vWIeiXCVcNqRIhAN90jzPmpmR7NAOtiMTxSq4HQlUwYAck5m8CGrbNnI0iiU4Y2zrT7ZRxMUvmDpbmQ+gBh040g71xeev8IToHT5VJGdchBIuVNwGSeFbsXRW25elCAGxlXjydkq/tzYQapEm++9gt3WkLvp3/wgDbdoRcW8Md0o/zZB/bqTNabQudx9H+h3Nn1rgLg8mvfPHlg4LPoxFfugR/JrH7A9aUQ1/smO/iIobXzuzKM2IqMxI4l7F5YEbOIHwQzn0F7gR14cNnpkkaO+kLx+BfGsgIF9LTGgyskdr78yzjmRmvhLQhOAJNVTDuFJrZDlZIc8tVB9yz+j1MnbNKh5FEH0EGFbTcUubGSqQhs/HOIkXI/CFrl7TQ3DKVWVINz4GLLBaGGV8kT0pgdz26mY8UnH2xzG/G6U4o0d93TrEzZvqc4QN5YlX+dAXKs4kVurgCsxfi6aIDDLJ9okAcFvFAYBVh5nhPBwg930seTQJLup1Jn7gkuaERJx0rrstCIDKzvwCS5dR2sPQaDoAzY03aCcyrGanMGYIXwIAMG/gU7hFe7MdqWgNv75BwLXeaIik7WAeIPyj+Vb87TrpcSGKcjkXASK3zwIcvwsZGFd+sYI0hGCKKY7sSrnL2jw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR01MB8677.prod.exchangelabs.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0X8GZ4IJxtnSH+ZbnWlpAjKDsosf3BKkCV36Xc3k6IBww5RDzLc+NswlO3CTZncgkcu9lukLbQy2wjuM/uomjnQzFyG03fbeT2wE/nkICj1/pYbV/pNNBj+jsGRr2+CCh9kD/eIs2f5iT2ZCiJcxqYRSEZUyw9kDwMk0f0VuEhnvnN+szUI9K37NahkfB7/4DYnx4vYC7q7mKCJnFsmmodTqZSQ84Q0tFwwsscb9K5RfyPocGu4I5hAXQcOClehnZlweh++f2VmczbAC1QDpP1ZXUQTq8oa2lDCZbzbefWzpybBeCGKJJiHBVBapB9p9G7aqNgrFt3L+vi+M7WOwM1yW9fFrzsSeV+eCfw3k84LZEDYPexHKNMF6Ols9A5mlGX+BT+NsGpGp2jpZlyiTOqMfTAaDf5c8Q0mWqAbQQ7jzD01WCssh5wCXsdmlz3zArFCFowAyqaTuvRCW0ZSG6taym8WoRGe9WQcLQ3x6uPol8kipecgF79zYU/XsxrGd0rTK0JRb8G6KSyBIy72Y+rYGHvgcLxXnR+V8pPVBi+fMc5u1gBWO7r84QgTDK16lFWZf87f6brB2jhoeKQDwc/IrABAdB/NyEOJpaSCypGNC3Jp6+f0eEJ68TfTSHeWyAgDaH0MI0xfM7OgFfSjYKN6TaIZf53hrc1ppy415mexa2IKZdLxxrAVIyTgeExq7oQtIV2VXusFAMfy1R/o9QVwn+f5Vu/uUQtwUusHTGlNUlO9hjI8xGFPxqeOQnC1P+7gqBxt9kVvIpdzCZt7OJwgfaTvhC1/8mxcKf+cb7nRdxxR+yD4+nGJQ/sFILdXD/xcDd7Pm+tgGWSxeNvrAuJhG98o0TNIgBDWbsyNXaL+/euBrwKGXT6Ag/R9eF7lEp2ooPrcBgSkuHA8Nmrg+Sl1VeLP/ZiU+BrRMrSZEpel7EiGJiTt45FM2XxhpnS99VALKx0gN0RdN7WH26ZdHMsoglN93y9unjsP9oG5AapkD9Vi1MEo9CYct/JyokLlhdXkA3mZ9FRvAyWJo6EsJK9IuiguZZVS1Zjzzn4v3bxf5/g+Jj4xWwtXRYG+DXtBal+2ZIYXiANNiS+wJ9/GigDNP9rX+Wz3VzZLDIK21jfcQKXtUwQpMo+cqazF0IonWKcFDq/qYb137P1Wfk9paspswpg2GXYRANvm3WzTCYKShvifY2o/Tv+2RjbiZIzI3yjXI+pk+cGXza7jsF6D5tZqwFYbslU5CMA6lPCJebUy5jEo7DHbnk7Ho6AleXNv88om1TYcZhrwl0MjwRziWGe6zdPy1sdAzO1lp6OrsSc1fLFFvUkJq7AIBhSp+NgBJLaNyxaseX7oLb7zLmVNDRLvmNxzoWlPp5c1yg+1grrdiu3EEZcljIu42iUmmnORNT9qZ+qO+1r8B9gfPqrRyxXwpItJ4O/tE3gxR2B0ayphq9Fa1zp9BwksUda7Wz5CBEQBtFI/sFa1uC3V8Zt7Z7LO8I37qK3fxSkloqG0DCNzzLvC84UU1miC+UGEcArpBWV+zlSLTfzzxhjY87POU1f+1DLDpuOE3zwQ0c4B4urBe5OHJi7vGmGX4cYRqD3pj
Content-Type: multipart/alternative; boundary="_000_720B71CB06DE4F4295E6CDF3CED1C4AEmitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 79cb1c37-ee05-4a36-bf93-08dce937b36b
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2024 14:27:42.1960 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ksJHtnZWS8kM/dz4tx5QdlQCYzzm16xzE77XeuUu3WFh1w/fKa2oKZ/zZtGdSpzF
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR01MB6217
Message-ID-Hash: ORJCLRU5U2ZDLPXSO2MMYO6YO4JOY6O4
X-Message-ID-Hash: ORJCLRU5U2ZDLPXSO2MMYO6YO4JOY6O4
X-MailFrom: jricher@mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Lee, Matt D" <Matt.Lee=40kbslp.cloud@dmarc.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [OAUTH-WG] Re: RFC 9068
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UuhZvZHWAo9dUL8kwBykhdGKO0s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Yes, this is the path if things need to change in an RFC. But in this case, the question was about something that is already in the current RFC text that doesn’t need to change. I was trying to point out that "proposed standard" is code for the final text of that RFC. In this instance, carrying on the work really is implementing it, not changing the text in question, which was agreed with. — Justin On Oct 10, 2024, at 10:00 AM, Pierce Gorman <Pierce.Gorman@numeracle.com> wrote: It might be worth reviewing how updates or changes are made available to a completed “Proposed Standard”. In my experience I’ve seen: * Errata * An updated version noted as RFC xxxx bis (where bis is Old Latin for “repeat”) * A new Internet-Draft which, if promoted to “Proposed Standard” may obsolete or deprecate all or a portion of a previous RFC. I’m pretty sure I’ve mangled the part about “obsolete” and “deprecate” but hopefully that helps some. Pierce From: Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> Sent: Thursday, October 10, 2024 8:51 AM To: Lee, Matt D <Matt.Lee=40kbslp.cloud@dmarc.ietf.org<mailto:Matt.Lee=40kbslp.cloud@dmarc.ietf.org>> Cc: oauth@ietf.org<mailto:oauth@ietf.org> Subject: [OAUTH-WG] Re: RFC 9068 You don't often get email from jricher@mit.edu<mailto:jricher@mit.edu>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> EXTERNAL EMAIL My apologies - I just realized that I mistakenly typed "RFC6086" on the first part of the message, to be clear the entire comment is in fact about RFC9068. — Justin On Oct 10, 2024, at 9:48 AM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote: Hi Matt, RFC6086 is published and final — there is not ongoing work on that document, because it is complete. I’m sure there is also other work happening all around about profiling JWTs for specific purposes and circumstances. The wording of "Proposed Standard" can be confusing. It does not mean that the document is still in process. Instead, it speaks to the nature of organizations like the IETF: we can only really propose and describe standards, it’s the implementations that make those standards concrete in the real world. With that in mind, the best way to continue the work of RFC9068 is to implement it and advocate for others to implement it as well. — Justin On Oct 8, 2024, at 4:41 PM, Lee, Matt D <Matt.Lee=40kbslp.cloud@dmarc.ietf.org<mailto:Matt.Lee=40kbslp.cloud@dmarc.ietf.org>> wrote: First, my sincerest condolences regarding the loss of Vittorio Bertocci, someone who had an astonishing impact on the industry and community at large. I was reminded of this loss today as I was having a conversation with some peers about the optional nature of the sub claim in JWTs used in OAuth grants. After we searched for guidance we found this proposed standard from Vittorio that would move sub from optional to required, and wondered if anyone was picking this up now that he has passed. Thank you Matt Lee | KGS Enterprise Architect _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org> _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>
- [OAUTH-WG] RFC 9068 Lee, Matt D
- [OAUTH-WG] Re: RFC 9068 Justin Richer
- [OAUTH-WG] Re: RFC 9068 Justin Richer
- [OAUTH-WG] Re: RFC 9068 Pierce Gorman
- [OAUTH-WG] Re: RFC 9068 Aaron Parecki
- [OAUTH-WG] Re: RFC 9068 Justin Richer
- [OAUTH-WG] Re: RFC 9068 Lee, Matt D