IETF Logo Mail Archive

Re: [OAUTH-WG] Working Group Last Call: JSON Web Token Best Current Practices

Mike Jones <Michael.Jones@microsoft.com> Tue, 08 May 2018 07:27 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D923512D877 for <oauth@ietfa.amsl.com>; Tue, 8 May 2018 00:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFy9Or_ZYptQ for <oauth@ietfa.amsl.com>; Tue, 8 May 2018 00:26:58 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0102.outbound.protection.outlook.com [104.47.38.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A9BD12704A for <oauth@ietf.org>; Tue, 8 May 2018 00:26:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wM/9ZhHoen0xDUeT0bL4KJWEKiSXZD1INMOauUxjKUU=; b=dlsZcOu6rlYb97IiFgDHdyfCTSiiij/YVdo9QjQtGtKaPtpCtCcYJSu6xCJbENFOa/40pWGYM3Y5Sxloa33FW0VNwYue79EEF7eupuZgdChItWlocsB7PY7plvsGgLSXt9ufJ+iPRRrSZT1yCR0l7fxxNoLGGsnKOuGBa/V0iQw=
Received: from BL0PR00MB0292.namprd00.prod.outlook.com (2603:10b6:207:1e::30) by BL0PR00MB0337.namprd00.prod.outlook.com (2603:10b6:207:1f::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.789.0; Tue, 8 May 2018 07:26:50 +0000
Received: from BL0PR00MB0292.namprd00.prod.outlook.com ([fe80::84a0:cb3c:39ec:1b01]) by BL0PR00MB0292.namprd00.prod.outlook.com ([fe80::84a0:cb3c:39ec:1b01%5]) with mapi id 15.20.0788.000; Tue, 8 May 2018 07:26:50 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
CC: "oauth@ietf.org" <oauth@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>
Thread-Topic: Working Group Last Call: JSON Web Token Best Current Practices
Thread-Index: AdPVqurCFfBabyqeSkmiBPeLsGrqowQ8jdsg
Date: Tue, 08 May 2018 07:26:50 +0000
Message-ID: <BL0PR00MB02925543AF79590CC83F1208F59A0@BL0PR00MB0292.namprd00.prod.outlook.com>
References: <VI1PR0801MB21126C75C51AFC361852988BFAB00@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB21126C75C51AFC361852988BFAB00@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-05-08T07:26:48.5737142Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [50.47.80.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BL0PR00MB0337; 7:tbkdZqwbk7E1pB9GmguZNhVvyP9QxYtlrHxz9EGEaZK77ASDIWBeD/ECk1JRSFRtPokrkfSiReuMXVjlChwxEHjRXqSjHCpcovGE++r1nr0v8WWXcKv/6rYj9ysnmtw2QEzubyNYyMjLZuvcvB0zLMzbgRCAfloEGWu9NyaYxC3yoLFMU1nUa5IXfHnqX5M+WrnjU68ii2M9duev3F6mPpQo6TY9yPMGQyd6eOcIavpI1xRm9ET0WP62nq+pFFiQ; 20:bJl4X5yC04w029FBJtBAjs+H1xKSsuzBog4gHaoGV94WReaPm46BzBA4ftQzaIOsc6q3T25aQa2XsgU51Y3424Te3uNkWxic+leRsjv/fwV/YG44eofnAO86WORT5Im/pgb1W8oWnHmIW9pvRm5EJhlCqHsC5xzzhQEHRqPeoIA=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:BL0PR00MB0337;
x-ms-traffictypediagnostic: BL0PR00MB0337:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <BL0PR00MB03374A2BB059729D60E4941CF59A0@BL0PR00MB0337.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(3231254)(2018427008)(944501410)(52105095)(93006095)(93001095)(3002001)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:BL0PR00MB0337; BCL:0; PCL:0; RULEID:; SRVR:BL0PR00MB0337;
x-forefront-prvs: 0666E15D35
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(396003)(39860400002)(366004)(39380400002)(53754006)(189003)(199004)(13464003)(40434004)(966005)(4326008)(72206003)(10290500003)(8936002)(413944005)(8676002)(55016002)(9686003)(25786009)(14454004)(33656002)(6506007)(53546011)(3660700001)(2906002)(68736007)(7736002)(74316002)(97736004)(53936002)(86362001)(8990500004)(22452003)(316002)(6306002)(81166006)(81156014)(6246003)(305945005)(39060400002)(478600001)(2900100001)(10090500001)(110136005)(54906003)(486006)(229853002)(6436002)(476003)(86612001)(102836004)(76176011)(52396003)(5890100001)(5250100002)(11346002)(446003)(7696005)(99286004)(106356001)(5660300001)(26005)(105586002)(59450400001)(66066001)(6346003)(6116002)(3846002)(186003)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR00MB0337; H:BL0PR00MB0292.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: /qxJ/gvPr3gBeQf+thdeFEalYQH2G68LpCIDKXL10ViOhkJa3MVw240Upr/QLH3VctnMX/jNxv3Aax2MohnfwGWsTnNYSWnFTJdDndJ/ZCxBHdOMm0HdYzENafWqQHpBw5Rm6k9eFCZLG7P3qVFQfgNzc7DFMzYgSdUM/crS7/QYAMpevNG+yLo/e+X6qx29
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 8b19b5cb-0a56-4c8c-bbc5-08d5b4b510e7
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b19b5cb-0a56-4c8c-bbc5-08d5b4b510e7
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2018 07:26:50.6564 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0337
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/xDjB_ctQVsUCOaJgqevIeLzbrpk>
Subject: Re: [OAUTH-WG] Working Group Last Call: JSON Web Token Best Current Practices
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 07:27:01 -0000

Dear OAuth chairs,

The editors of the JWT BCP published https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-02 to address all the WGLC feedback received and https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-03 to add an acknowledgement.  Given that the WGLC expired 1.5 weeks ago and all the comments have been addressed, the editors believe that it's time to request publication.  Could you please take the necessary chair actions to do so?

I know that I'm personally finding more and more circumstances in which I'm referring people to content in this draft BCP and so it seems to me that it would be useful to get it published soon as a real BCP.

				Thanks again,
				-- Mike

P.S.  Thanks again to Kathleen for urging us to create this BCP, based on the increasingly widespread use of JWT within the IETF!

-----Original Message-----
From: OAuth <oauth-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Monday, April 16, 2018 10:49 AM
To: oauth <oauth@ietf.org>
Subject: [OAUTH-WG] Working Group Last Call: JSON Web Token Best Current Practices

Hi all,

this is a last call for comments on
https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-01

Please have your comments in no later than April 30th.

Do remember to send a note in if you have read the document and have no other comments other than "its ready to go" - we need those as much as we need "I found a problem".

Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email