Re: [OAUTH-WG] JWT Destination Claim
Mike Jones <Michael.Jones@microsoft.com> Wed, 25 March 2015 19:16 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B456D1B2BC9 for <oauth@ietfa.amsl.com>; Wed, 25 Mar 2015 12:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XapVcWrKemVO for <oauth@ietfa.amsl.com>; Wed, 25 Mar 2015 12:16:31 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0124.outbound.protection.outlook.com [65.55.169.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 779BE1B2BA0 for <oauth@ietf.org>; Wed, 25 Mar 2015 12:16:31 -0700 (PDT)
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB443.namprd03.prod.outlook.com (10.141.141.152) with Microsoft SMTP Server (TLS) id 15.1.125.14; Wed, 25 Mar 2015 19:16:29 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0125.002; Wed, 25 Mar 2015 19:16:29 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] JWT Destination Claim
Thread-Index: AQHQZy8UtPGlm/S3A0OWCF3lW8DO0p0tkXxw
Date: Wed, 25 Mar 2015 19:16:29 +0000
Message-ID: <BY2PR03MB442687E4C3862894786536FF50B0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <CA+k3eCTYjMeY7=xcWjOTfs0bGtZaMpCgynmS3hP9BrKmUHZXSg@mail.gmail.com>
In-Reply-To: <CA+k3eCTYjMeY7=xcWjOTfs0bGtZaMpCgynmS3hP9BrKmUHZXSg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:67c:370:136:254b:a821:d660:543a]
authentication-results: pingidentity.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB443;
x-microsoft-antispam-prvs: <BY2PR03MB44300CCC9281343653B3BD0F50B0@BY2PR03MB443.namprd03.prod.outlook.com>
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(52604005)(377454003)(16236675004)(19300405004)(46102003)(2656002)(86612001)(33656002)(2950100001)(76576001)(107886001)(74316001)(106116001)(19617315012)(19625215002)(2900100001)(77156002)(15975445007)(87936001)(99286002)(50986999)(92566002)(86362001)(77096005)(76176999)(19580395003)(19580405001)(54356999)(19609705001)(122556002)(40100003)(102836002)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB443; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(5002010); SRVR:BY2PR03MB443; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB443;
x-forefront-prvs: 052670E5A4
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB442687E4C3862894786536FF50B0BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2015 19:16:29.1638 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB443
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/_Mabu6WtXX6pRxF7Ztvl01-MBRI>
Subject: Re: [OAUTH-WG] JWT Destination Claim
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 19:16:33 -0000
Thanks for posting this, Brian. To get it down on the list, I’ll repeat my comment made in person that just as “aud” used to be single-valued and ended up being multi-valued, I suspect some applications would require the same thing of “dst” – at least when “aud” and “dst” are different. And even if “dst” becomes multi-valued, it’s OK for particular applications to require that it be single-valued in their usage.
-- Mike
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Campbell
Sent: Wednesday, March 25, 2015 2:08 PM
To: oauth
Subject: [OAUTH-WG] JWT Destination Claim
Here are the slides that I rushed though at the end of the Dallas meeting:
https://www.ietf.org/proceedings/92/slides/slides-92-oauth-1.pdf
And the -00 draft:
http://tools.ietf.org/html/draft-campbell-oauth-dst4jwt-00
In an informal discussion earlier this week John B. suggested that some additional thinking and/or clarification is needed with regard to what parts of the URI to include and check. Particularly with respect to query and fragment. And he's probably right.
- [OAUTH-WG] JWT Destination Claim Brian Campbell
- Re: [OAUTH-WG] JWT Destination Claim Mike Jones
- Re: [OAUTH-WG] JWT Destination Claim Brian Campbell
- Re: [OAUTH-WG] JWT Destination Claim Anthony Nadalin
- Re: [OAUTH-WG] JWT Destination Claim Brian Campbell