[OAUTH-WG] About JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

Nikos Fotiou <fotiou@aueb.gr> Thu, 01 April 2021 19:11 UTC

Return-Path: <fotiou@aueb.gr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2B133A1F86 for <oauth@ietfa.amsl.com>; Thu, 1 Apr 2021 12:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aueb.gr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_wu--A3zIA5 for <oauth@ietfa.amsl.com>; Thu, 1 Apr 2021 12:11:13 -0700 (PDT)
Received: from blade-b3-vm-relay.servers.aueb.gr (blade-b3-vm-relay.servers.aueb.gr [195.251.255.106]) by ietfa.amsl.com (Postfix) with ESMTP id E79583A1F7F for <oauth@ietf.org>; Thu, 1 Apr 2021 12:11:12 -0700 (PDT)
Received: from blade-a1-vm-smtp.servers.aueb.gr (blade-a1-vm-smtp.servers.aueb.gr [195.251.255.217]) by blade-b3-vm-relay.servers.aueb.gr (Postfix) with ESMTP id 1CFE7B45 for <oauth@ietf.org>; Thu, 1 Apr 2021 22:11:09 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aueb.gr; s=201901; t=1617304269; bh=qGRkn++ASj4svbleyg+fMmaDx8j3KBiu0LGH/Jt/5R8=; h=From:Subject:Date:To:From; b=jD8ne/goRglmgf6gSv+UF6/PqWjMW4bNsdqtJQJlKHl+G0czwQa4JcMJ1VW0kuad7 qUgcpYYBam2g5QIx3FFacI8lgjdCcOFxujfbks7TiXSZGlESbeKGkbXXDWVapzpPdh XgfxTl2pDoTcted6wHIACvfA+d6aBZUAqzcZfPnvoLjtXktNu056u1Msl4M7Q96H0h JjQxqHuuqr2Q8EfAQK2jUgYexhya0RNJvjZV+gBerOqLmKlY1YmzmUZ9/rDnP9SNHk 5SVAWFc/6TD2msWoIyDeB7mHyK8pFaw2oEYB9IQoG6tiRmA9HL4JYoMAKyVKKvV1cD nXEyL6+aM+yfQ==
Received: from [192.168.1.30] (athedsl-238333.home.otenet.gr [85.74.250.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: fotiou) by blade-a1-vm-smtp.servers.aueb.gr (Postfix) with ESMTPSA id EC4A8734 for <oauth@ietf.org>; Thu, 1 Apr 2021 22:11:08 +0300 (EEST)
From: Nikos Fotiou <fotiou@aueb.gr>
Content-Type: multipart/signed; boundary="Apple-Mail=_6EC31ECB-C477-471A-B4FD-C568A7F2FA9E"; protocol="application/pkcs7-signature"; micalg="sha-256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
Message-Id: <42E6041E-9F06-4276-A3D0-63C7FE18A335@aueb.gr>
Date: Thu, 01 Apr 2021 22:11:07 +0300
To: oauth <oauth@ietf.org>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Zz6e8VLUwpbweeQvzC9XbKfXIvM>
Subject: [OAUTH-WG] About JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 19:11:20 -0000

Hi,
By reading this draft (https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-05) I got the impression that it implies using JWTs as bearer tokens, e.g., it does consider any of the semantics defined in RFC7800. Is this correct? If yes what was the rational behind this design choice?

Thanks a lot,
Nikos

--
Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr