IETF Logo Mail Archive

Re: [OAUTH-WG] [EXT] Re: Fw: New Version Notification for draft-burgin-jenkins-identity-chaining-00.txt

"Dr. Kelley W Burgin" <kburgin@mitre.org> Fri, 11 November 2022 10:28 UTC

Return-Path: <kburgin@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47BDDC14F74E for <oauth@ietfa.amsl.com>; Fri, 11 Nov 2022 02:28:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-8vA9wr7Cfu for <oauth@ietfa.amsl.com>; Fri, 11 Nov 2022 02:28:17 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54CA9C14F72A for <oauth@ietf.org>; Fri, 11 Nov 2022 02:28:17 -0800 (PST)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 8F4CA13A1F4; Fri, 11 Nov 2022 05:28:16 -0500 (EST)
Received: from smtpxrhmv1.mitre.org (unknown [192.52.194.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtpvmsrv1.mitre.org (Postfix) with ESMTPS id 1F87113A177; Fri, 11 Nov 2022 05:28:16 -0500 (EST)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02lp2108.outbound.protection.outlook.com [104.47.64.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpxrhmv1.mitre.org (Postfix) with ESMTPS id 01D80413DC7; Fri, 11 Nov 2022 05:28:15 -0500 (EST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zpuk+vgD10jVRnI/7Yg5tOFqWEZxYpsD7to0q9k81h+uyJncIerq+spbYaPx9G7YW1bRUTkTzkKPY6THuX1JWPlFMx2fzQTrz8cHk/NPhfYXWzv8rsivY9Qi/g2xTM1k4MM+Ak7DixX6CNE/VBpvL6tiixysV8/0MOE7TEUYPs3EGFt5xhlxXEbalzaDJLygqVePnfvf9PO/uQ3kbxnsLGtJY9mFZ0OjEREo0KyuzuzqegocJeW19HAtX+sUZgW/icZmmEAZfa8LD2b0i6snn3PbQKCEk1xTDjPV/JBALpUrsmbSrXpi9cZTuKpcBdwhav72k0ml73Z3NHv3c3LsTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g9/innbUMoBjgZS9zFAWTSOarejpa7pdiBQiarIx+XQ=; b=d60XDy+3Nu7Lusq7Ye+th0Ku6CXmv1DLIw4bydRZIETEA4iKqeEgcD/orDVfY+wW0E6JaqoD+tiGBp0pO1JwSmhX9HoyfPt7nx8F3tByAioYtMN2gfRX4tvQMmtswXF4X+6aVUyLxLeCjG4QiIqijomJO9b88Y6B+kBhR7w3cLD7LoRp4EDCgLsFXkmzqSw0BRQpBKSyPyv3FdG/OsjodKwzVwBdG4ePCzBbltxdFhYhaHlTHwMImVz+nfrKDth+x0khzTFeO+0cH+Lbkfm32NAyf8Ln2bRdsUKsXd29OGQWfktcib2nEDnK7J6jGEt5a63haqKMMxwCJaqBudtPJw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mitre.org; dmarc=pass action=none header.from=mitre.org; dkim=pass header.d=mitre.org; arc=none
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by DM8PR09MB7111.namprd09.prod.outlook.com (2603:10b6:5:2f3::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5813.13; Fri, 11 Nov 2022 10:28:14 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::fe6:8087:3dd3:1580]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::fe6:8087:3dd3:1580%8]) with mapi id 15.20.5813.013; Fri, 11 Nov 2022 10:28:14 +0000
From: "Dr. Kelley W Burgin" <kburgin@mitre.org>
To: Warren Parad <wparad@rhosys.ch>
CC: Atul Tulshibagwale <atul@sgnl.ai>, "mjjenki@cyber.nsa.gov" <mjjenki@cyber.nsa.gov>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [EXT] Re: [OAUTH-WG] Fw: New Version Notification for draft-burgin-jenkins-identity-chaining-00.txt
Thread-Index: AQHY9bOpZ8g6+xLQ802dcV1rP1VLF645fZKAgAADWgCAAARHgA==
Date: Fri, 11 Nov 2022 10:28:14 +0000
Message-ID: <649D71C6-66ED-498C-A6C8-C9E4D7C04B5E@mitre.org>
References: <166790961605.43001.603996451360763124@ietfa.amsl.com> <MN2PR09MB47459378B9DF22CD74580FE9F33E9@MN2PR09MB4745.namprd09.prod.outlook.com> <CAJot-L0Eo56GVdD08R9t5AAeAgDCP_0oEStUs3Mg08E9BTVe7Q@mail.gmail.com> <614_1668160491_636E1BEA_614_138_1_CANtBS9d=quZZAouJgJS1rr_a5mOmS_79Z1XTypwu_nE_1in4Rw@mail.gmail.com> <486EB263-BC0D-4BAE-A581-4F2E4ED51238@mitre.org> <CAJot-L0+d_bG8scpiHur5VHt_cDiPjJFbW6YrH1vyED+2K6iUw@mail.gmail.com>
In-Reply-To: <CAJot-L0+d_bG8scpiHur5VHt_cDiPjJFbW6YrH1vyED+2K6iUw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.66.22102801
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mitre.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR09MB8142:EE_|DM8PR09MB7111:EE_
x-ms-office365-filtering-correlation-id: 4270ca78-2263-472a-b6af-08dac3cf70e2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vfeza5Xm4qaX8INhUM1dLxm20vZLGvYa/1OTdcd9H3bqlmTVOGYXru7HIw32oXOaKrvHqoMbdgv0UUztpyxTmWxpGTu+aVNuENgPXZ3YgFJXN2sgxjCO77TjLjtp0tVVjbXidrBVCGZaJ++xTALioz4PgrIqSbsZNSeJjztxGFa20uqC8cBFE7JOD4uI7IbUZSMK43kEdO6zcedU4VlDduPeqrkXu9kizTL5eH94/qST2l7JkcXdmFwMf3u/oWMW42ndnxTIt5wLtynxGVLPSSwdlGF81M8quwKxiEmZl5tmik7MwhE6FbAnwCz5Gs05qPfRxyJa/ZLDZ66R8D2tGz/F8sqMcMUX5qEPtZpaUp6x7zmreTIPfU8r7VohV8tsDlOm/UcsogzS7uZtwlboSQ5z86U6XjpVDpEpZNJHeNS4NulDC6pWsTSl180liHr3p5A3TLK9pU8tZiD88yfs/k+RJ+1rhmY3SIFdaap6m7ygIVzzDM2AgVwuqtFQ1mOBiWf0baczcLdEy1BFoYmqRghexgOlXEGPN4l4/7HFN+VXgrjCkXchVpcnhUshjUv9N1jQ5vqLipB4ti85ccvhq68xed8PiOl3ppQOBCALTTvFMQavr2lXUPKaQzUEocgnyaOjiz1/mpt9uhCCbOtADV/CUtjqIzpIK7VcpytU1HBwX62e82mBsXA8m+ruHTqxlki9JWcDhwYztQIEomxGhMHqEVIUm6G1+xeWkLjqSYRyzAsnI0WxQiQkk0cGV2ONuSbFAm+UHGrwSnFW1Som8q6J383hWLi/iwrbiLfmYnILwp6emD2ZZGWjlY8UHWAh50RZC/VIiRNPJZJ0beO+MYpNbyDtn7CJpbNgfQCMC45bzoBLsE8xt+rtBbQwXtMO
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(366004)(451199015)(36756003)(33656002)(38070700005)(86362001)(66556008)(15650500001)(2906002)(66574015)(5660300002)(186003)(26005)(83380400001)(6512007)(53546011)(166002)(122000001)(38100700002)(2616005)(91956017)(8936002)(76116006)(66476007)(8676002)(66946007)(66446008)(64756008)(6506007)(71200400001)(966005)(6916009)(6486002)(54906003)(4326008)(498600001)(45080400002)(73022008)(41612003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eVzcGhTYIg/l2gdhpQsS3R9sHkys80AvSVHLCdukkZg4V7aAg4TnPHwr52u3CqYxw+3Kbnk40UA99hWILbdHCKaehCqm3Jzx7EVO+x0cx3KogYhdidofXB0Cx5IONzHbkvhKWVyjRatuSx83v69uN+DbxdAA6Tqm5kpxd67zfmn366hRox13QBzLIF2WkbaAGmT2Xb+pWRfYpVZhbbkU1Y+Rhep1CqsglT4GGN4hUnN/UwuuOV++NJw7HCOVEHMlgaXte/Gp9mcCeUYIj7+0tK0zKUBVbXENBTrpt1VTUSIw4CpoUcqr4a8CzLk6q4ueIswULe/svq/asa53C3YNXSqKqWNfTgrT18Pjm3rXMQ0zNZ5qG5YhIrF44OP1okkXb3THPj0Bj6/1spo9sPeYjJQQ49MxCjZKLdv324m4MFG5+btyK/1z7gtvTB1YI599PunHH/Hol0MtoUyyDrdNpqBgEcuSMj5mm28w9EWVPkKD94RmJ9hKPZqOQV1HX3LuHyrVe6UPcxJxtfuUuN9yWxn1o9f3YqGEuYsTgOtNd8W4muRfpNS1fWDuBK8j7WRx2lcZOW+oGxtpRc610MFblz/iOLcpmnty/W93YpejAi7gP/ejr2+EK4ZNpun9xvq5VCCQnGO46g3dFOLon747QjnksH3x6bg3BHdQ/5d41zKK6FbaSPXoqWxuX6KjLcHnMMNnrEaIsnRsAgVu7KebVzCwVijqOoO/G5NADdO1WB1pxyeI186v9GmjvWU+6lDeiOQWE4GMu7obNL7Acc1yQBhvZ14H7GKwIS2PX6DZhSfj/h1S2iBstqWIEGHE85QU6Hk0+uuaD+jdOCtluBzuqO3LONOti6YFJqitnYjCn7LUTyp6qRRFT45oNHWJsOn0JhN3PFdDqttlnk166VfxLieb67U3aTVXG7XietLKNPWFhERrNPJfLVh54ywFs8raUqz0KhalQ3QlSpGcYWQaQeAXAJPf1SRHHUNPctwmLNJv6vww8UVDBtNI78tumm/f6f9g9Jbuz2jgnVhsy0EeceafnM5j1vrqwoX0GM9h9RTbJcP6dJSguJl6n+qPoNpkXWGxHeNVpbywpyMRK7OqdGS2JXM7/Leo9y4VotZ5WOQVaF+u1jS/9eWBCpzDBP+DlZNvn8gTaL7YS9nRmnezhU8PvnQWivRfugnga8cCaqk9G6hO6Axcf7P43MzIo1qH87BnBS9LrMukCm4IByhrzfqrQLJ0wR2+OVTLN9twklg/9eYGjBtFVkrMVXdSAFFKN03Ez3LoyoNJrQi+yEzWTkdF863UKDRKSi+FxHFa9s0/Kl8nO+Xx5b37lgB3YGPeBpfaIL3CgYL7KFpSWAoyEXtSyqor5+LNnUzhrFBt+td18pk3ugRm8u0V1jTNQ8c72bNjBuiJjIuTlPBeyNGlHShwcS9F3m27qjOgzOst08z9CHX0EPIOXa/dhV1p2anzW2VFkPKMZxxahBn8XB4j+TYe30xsMCl1uIhob8reUQkn04q2AnChn5dJaPXbHpcBu7W3Kh4ljWcijlJiCCJ5sLtFP6RlGd2gfBjf0ZZeOovYmnpg6j/4vBl37wvDASRo
Content-Type: multipart/alternative; boundary="_000_649D71C666ED498CA6C8C9E4D7C04B5Emitreorg_"
MIME-Version: 1.0
X-OriginatorOrg: mitre.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4270ca78-2263-472a-b6af-08dac3cf70e2
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Nov 2022 10:28:14.5288 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR09MB7111
X-MITRE: 8GQsMWxq66rxk57w
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:to:cc:subject:date:message-id:references:in-reply-to:content-type:mime-version; s=9Gie6rD9; bh=g9/innbUMoBjgZS9zFAWTSOarejpa7pdiBQiarIx+XQ=; b=Gt5Ih1rcYyAG9L3DtOEUsj4Fyqxf19MB+L2EbDuoKjnw3uAaRfkOFxVuwPLZtOb+ov9KAn2CgMpvHtLPHf4ugnzICVSvsh1buqxw0xFVBZRxfAjOy4e+/dwaEVzQO+CuaRFUfaZxEpIxtanVPRrm4R++DwoG5k9oCxxLR6otUlw=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Xd95DiL3Zilr12inOonRnircBn4>
Subject: Re: [OAUTH-WG] [EXT] Re: Fw: New Version Notification for draft-burgin-jenkins-identity-chaining-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 10:28:21 -0000

1. My understanding from Rifaat’s talk this week is that the token returned from token exchange contains the previous token in the “tokens” claim. So, if the process is iterated, the final token would have all previous tokens embedded in it.
2. Our solution only requires the final PR to process top level claims, whereas the embedded token solution requires the final PR to view all nested tokens to retrieve the identity chain of the participants involved.

From: Warren Parad <wparad@rhosys.ch>
Date: Friday, November 11, 2022 at 10:13 AM
To: "Dr. Kelley W Burgin" <kburgin@mitre.org>
Cc: Atul Tulshibagwale <atul@sgnl.ai>, "mjjenki@cyber.nsa.gov" <mjjenki@cyber.nsa.gov>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [EXT] Re: [OAUTH-WG] Fw: New Version Notification for draft-burgin-jenkins-identity-chaining-00.txt

Does it? That's not what I read from the nested jwt draft. If you could point out where it requires either of those to be true I think it would help the draft authors consider your additional use case.

On Fri, Nov 11, 2022 at 11:01 AM Dr. Kelley W Burgin <kburgin@mitre.org<mailto:kburgin@mitre.org>> wrote:
Thanks Atul.

Warren,

We see the following two benefits of our solution over embedded tokens:

1. Iterated calls (say PR1 needs to access PR2 needs to access … needs to access PR5, all in different trust domains) do not result in a large final token as they would with embedded tokens
2. Our solution puts the burden of adding additional logic in the AS instead of the PRs as embedded tokens would do.

Kelley

From: Atul Tulshibagwale <atul@sgnl.ai<mailto:atul@sgnl.ai>>
Date: Friday, November 11, 2022 at 9:54 AM
To: Warren Parad <wparad=40rhosys.ch@dmarc.ietf.org<mailto:40rhosys.ch@dmarc.ietf.org>>, "Dr. Kelley W Burgin" <kburgin@mitre.org<mailto:kburgin@mitre.org>>
Cc: "mjjenki@cyber.nsa.gov<mailto:mjjenki@cyber.nsa.gov>" <mjjenki=40cyber.nsa.gov@dmarc.ietf.org<mailto:40cyber.nsa.gov@dmarc.ietf.org>>, "oauth@ietf.org<mailto:oauth@ietf.org>" <oauth@ietf.org<mailto:oauth@ietf.org>>
Subject: [EXT] Re: [OAUTH-WG] Fw: New Version Notification for draft-burgin-jenkins-identity-chaining-00.txt

+Dr. Kelley W Burgin<mailto:kburgin@mitre.org>
Hi, Kelley would like to respond, so I'm copying him here (he only has the digest of the day)

On Wed, Nov 9, 2022 at 11:08 AM Warren Parad <wparad=40rhosys.ch@dmarc.ietf.org<mailto:40rhosys.ch@dmarc.ietf.org>> wrote:
I think it would be confusing for implementers to have to figure out the difference between this implementation and https://datatracker.ietf.org/doc/html/draft-yusef-oauth-nested-jwt. This previous one looks to add the exact same information but seems to have a more robust encapsulation mechanism.

On Wed, Nov 9, 2022 at 10:51 AM mjjenki@cyber.nsa.gov<mailto:mjjenki@cyber.nsa.gov> <mjjenki=40cyber.nsa.gov@dmarc.ietf.org<mailto:40cyber.nsa.gov@dmarc.ietf.org>> wrote:
Kelley and I have posted a draft to describe what we are trying to accomplish within the Fine-Grained Authorization sub-group.

Mike Jenkins
NSA-CCSS
________________________________
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Sent: Tuesday, November 8, 2022 7:13 AM
To: Kelley Burgin <kelley.burgin@gmail.com<mailto:kelley.burgin@gmail.com>>; Michael Jenkins (GOV) <mjjenki@cyber.nsa.gov<mailto:mjjenki@cyber.nsa.gov>>; Michael Jenkins (GOV) <mjjenki@cyber.nsa.gov<mailto:mjjenki@cyber.nsa.gov>>
Subject: New Version Notification for draft-burgin-jenkins-identity-chaining-00.txt


A new version of I-D, draft-burgin-jenkins-identity-chaining-00.txt
has been successfully submitted by Mike Jenkins and posted to the
IETF repository.

Name:           draft-burgin-jenkins-identity-chaining
Revision:       00
Title:          OAuth Identity Chaining
Document date:  2022-11-08
Group:          Individual Submission
Pages:          7
URL:            https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-burgin-jenkins-identity-chaining-00.txt&amp;data=05%7C01%7Cmjjenki%40cyber.nsa.gov%7Cda6b9b2940184949b7ad08dac182bfa2%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C638035064561336774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=bhueo%2BvPkNBZmY5k7jAurvtu29btVjewGiNEsphI33Q%3D&amp;reserved=0
Status:         https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-burgin-jenkins-identity-chaining%2F&amp;data=05%7C01%7Cmjjenki%40cyber.nsa.gov%7Cda6b9b2940184949b7ad08dac182bfa2%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C638035064561336774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=X%2BimOqs3Vwyw9ckZ64dBJ2fvVotkdT5o10IFZ6zjqhY%3D&amp;reserved=0
Html:           https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-burgin-jenkins-identity-chaining-00.html&amp;data=05%7C01%7Cmjjenki%40cyber.nsa.gov%7Cda6b9b2940184949b7ad08dac182bfa2%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C638035064561336774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=tHYIgMY6dYUJp0%2FjD9Fyu7dMdWHZSIUMv9YYzdZOI0g%3D&amp;reserved=0
Htmlized:       https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-burgin-jenkins-identity-chaining&amp;data=05%7C01%7Cmjjenki%40cyber.nsa.gov%7Cda6b9b2940184949b7ad08dac182bfa2%7Cd61e9a6ffc164f848a3e6eeff33e136b%7C0%7C0%7C638035064561336774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=nUdyXxQm1Q4K%2FKYF6ROhhU1vmCnCBa5RTSM7U6BMks0%3D&amp;reserved=0


Abstract:
   This specification defines a new OAuth claim that allows a proxying
   OAuth client to pass identity information for a different OAuth
   client to an OAuth authorization server during a token request.  The
   authorization server uses this additional identity information when
   populating the "client_id" and "cnf" fields of the returned access
   token instead of the identity information about the proxying client
   requesting the token.




The IETF Secretariat
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email