Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"
Mark Dobrinic <mdobrinic@cozmanova.com> Fri, 20 July 2018 15:47 UTC
Return-Path: <mdobrinic@cozmanova.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 991541310C1 for <oauth@ietfa.amsl.com>; Fri, 20 Jul 2018 08:47:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYKKBG-DBr34 for <oauth@ietfa.amsl.com>; Fri, 20 Jul 2018 08:47:36 -0700 (PDT)
Received: from lb3-smtp-cloud8.xs4all.net (lb3-smtp-cloud8.xs4all.net [194.109.24.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28D5B130E02 for <oauth@ietf.org>; Fri, 20 Jul 2018 08:47:35 -0700 (PDT)
Received: from speedyM.local ([IPv6:2a02:a446:bd2c:1:70ff:cc25:1c6c:726a]) by smtp-cloud8.xs4all.net with ESMTPA id gXcwfupAmoj71gXcyfBG2H; Fri, 20 Jul 2018 17:47:34 +0200
To: Phil Hunt <phil.hunt@oracle.com>, Rob Otto <robotto=40pingidentity.com@dmarc.ietf.org>
Cc: oauth <oauth@ietf.org>
References: <CAGL6epJQ7qrdTv+RrNhuJ_GqKHzFRV=YDA1aswtTiE9NmK6LjQ@mail.gmail.com> <CAAP42hAusd1vyAGFHTQ46FuODXFrUjEg6BaL7m3th25gy5RC=g@mail.gmail.com> <CA+k3eCQvb2D5NaDeSK1Fys2c8Sam46h2Q5FkpyVxM4Puo1VDdQ@mail.gmail.com> <CABh6VRHkwY-AUVmGPU3VM76a5p8--Gn=iCRmAzsKn-DcghXaLw@mail.gmail.com> <E25B09C9-936A-4CD6-B446-051804564C7B@oracle.com>
From: Mark Dobrinic <mdobrinic@cozmanova.com>
Openpgp: preference=signencrypt
Autocrypt: addr=mdobrinic@cozmanova.com; prefer-encrypt=mutual; keydata= xsFNBFnEuoUBEADAZzzoEAf+nZ7T/UPgTXTgQOxfC8Htnkn07pJ84ee4z1qtF+xSHXJPhXJj g6VhJC5+GqP0yXuAIDx0nqLHoyrydvR+2KRNs9OBAejBMdqum7bX8Ql84jj5UvMzJSrQFSr8 15i2g2tVR2+wVSQI9RwvbsAGWChQfOigjwZiICHd90r9EaM/SpWHkyLYvIJwvbOD726jmRAU /FUu4CX06PYK1A5NkWrjD3Y7+fvPgrV5DjgQci/W+WgVkrIJdW3PHlkBW81u43WTBBAhEWLa RkoYr/Kvt5y+KTP6oGVppvJ9B58oa3W2W6BhGHSa5vIlFQC+zRzUO5iiTNDmwGsrNBR9wcKc E7OopYBlgstz/fJW4+XAwJSUGaN/tTkc1XFuBw4bzTYwTTYLk8ur0+LNSTKP0Hi5LJ5iwS44 oAqplJGUBqMRQtcWKLGW1By/t6kWV9rf+NdCn9FaN+MRmWEtU5/KDYQspSXWbdPPbhE/somV vk7txHS1Q5Pfe8RyAIJ5W6YblhfD9nm7s+o/qIVjLmlZHMeB7f2bqa0GpQMGZswLCiGTlNa+ dCQwMqBaXWCtE5JB9qgnb1+HhJSPhevb4NAqy+Bpx/DUUXsUCyVHbB4ZJT83BzEuiVaJBXuV 4aYATmeQ3vSOHQhdgSbvjaYOhpcUekjCLV/0xFPkSGk37ThQtwARAQABzSdNYXJrIERvYnJp bmljIDxtZG9icmluaWNAY296bWFub3ZhLmNvbT7CwZQEEwEIAD4WIQQWQdwtTBz/Q2zpHSvZ X2lHE9zaFgUCWcS6hQIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDZX2lH E9zaFpTHD/9jwrgTBrGGRAnOtQ3p1lBiJI2vZfqKi6ZqNtggMMmM3RifMQbxCFrII3QjyTDB ZxHTLQWctBMCbA3F8VvUjvSqH444sBDGv2TVyILIjMSqKXoiKNhSYcEvUTOOfU87ouuNW0F/ tRg7irhypHUXUyZbF04gbdmWfQwllVinaoR30meO9Vk1gthFpbNsjqnXpLbPzacSVYwQJxc6 8xaW5djbOXAVwgVMq27p/IN7lYva8S2/WC81BvjGNF4pohHDu3DIdYhtQAh+PKRbTsZErlk0 GcVoTSs71l5A9QC7JgVK5MagzHcCzGDqtDZFfOfXFFpSi6obF0/W1XDNSz3TPlJyJMvn0N1V BS/TRAzGO59apiagcd5Z4nCcheOAFhPELclW7dggtCG5bCTU1G/+mMOVo7HZaD9LI0/ETqdv 8UZetXNSDR93UlUqEBUBHY73FL4ZqIsM+4I01IgMidumB2yBieMonONYabAKw3/x7J74CejL 7FglultGVpRoI8BUEtT5Kc7zZi3kxCNArLTiS0M1MTJKaNNY3qsIZy/N1Y3sdAOSuPKo8178 bzNKO9or14LTKV9RpyGDLu5XLf1OMdcESIOL2gfyaMlRtrjjtqL1EyTWYWOYuyRx8YIMUkPq RhFnwmgCsIqJ9waAukM6h5aTmBvsidQeOKMimBjF1Cqx1s7BTQRZxLqFARAAuo3PVWUs1jih vsQnx7FxJaXWc3EGxYq5JT1bzhXdnEMbD7E9UIRIrV1fh2GQVacx+jmfe+zC53ADMSLPxkGb 7E/MliQN07B4BCfk1yHEmNioo8FBfEj2KKcKgFIBp13ELzCsEL2kyWN+OvHNXWftfUXcUXuH m2veI5KyFTXz2m4xk/MxsPvTqf86MeugnmamiNoH1N5VLeX/UlXv3y2gm3pAeb0999tFnVIq TjwwQEAMvS4e1tZC/YsfB2epA49f+zDsTIBykmWfqdKDABzElIbZoSOHoqJIfIDsTgJnmJhw /Xi8TydKWtf2rmDaldcMgPv7mGmVgglGjdDEHk4gd79VcVXNP/0KfP2uEfubZrqJmKgYQDJZ 8CwWgpRaIy2SlUNqMsyh2x284R3FtUoL08PdP48MIGPX+bBbOorM+mJ68EoNcy9eJbRP/MBH 2qHJpSaq2CTS8z8PlTaZKhEq7MJiTirrxzr6k+uk03G5i271mUcpGZlCCwWJQisvfoFOwEqc UEi9pXW3tA6D9yagq6dPgy0OwheAEeNwiFduk1H5EtKLWuWHo+fcgjWdmv4+oF5icdY6EfYh 7yovI8sn5gJU9oDRRMoVG0UpeHxxO2XCmOa7TP8wm4C6xUxIssYGe5FRXX1weCTWUhJYQiS+ KHQwhR7DwK+TkguOfwXWxTkAEQEAAcLBfAQYAQgAJhYhBBZB3C1MHP9DbOkdK9lfaUcT3NoW BQJZxLqFAhsMBQkJZgGAAAoJENlfaUcT3NoW9/oQAIAI6SBsVZYS6gKxctZ1/pVuakj3GiDn LVNT+iAgaXyyRF8VorW1xJLHq07ZPubzYy/TqkMlwqdOlVQtFg+fwRuOSF7Gqt8Qsay0rU6Y tS7y7zojhcqtIRQA1MrhCPUMv3itKXt4pt0Ky3syoRRmiudFLhUdEcNB0aWb1udRf0kI4408 dpcZXcgbkoQe4ZN4P8SuUFSHpySUAEyZdXceQtehsdN43oApQBDnj5JDeBelbWnduZ4kBOax /3CWrG3CTOrrhwuiJx/VXAbq388U3aN6rurCKb/UAX81yZHVjZ5wiUkTjGdfXZFf+9rO5Dck M+jsVgB92jXPDaGxBRqVpRQlalgjUVEzEy5uevLp6sEjP4gFeHvSo9QwiIqgnRIANKfqf+au DSoeIHDazbHfYMmeIr4bEz3pCcT7pFliG+E5QnUfHUu/Bw55VCU4+9Yw9nmPkXI/RZOJRbTS O1DysaP/GF3U9rgO/st67YgZDUYO7L/d5eYHuCC9ukVOM3ALgjWryIHWV2knvV7dfgVPz3r+ zF9t3uK37cE38vgv0bdoZ+NBZwXF4+CK2wGN3wCErUz7vOnoBR1Osph4nm/qwXlXv6mxY3XK mUNYwLxQn7Lfau0t+6/SsC/6va13rSOc43vXI/Cqtkzwzkysg/phmZDr8HLpaboGOWZkWPUF 4I+B
Message-ID: <670e70fd-d494-9153-9b41-5cab0eab0dd0@cozmanova.com>
Date: Fri, 20 Jul 2018 17:47:30 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <E25B09C9-936A-4CD6-B446-051804564C7B@oracle.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfNE0d0t1Y6PgeajyKkE8H/NrXGrccuIp/J0MSXUu56TxaPaJ592XTIXjrzJXrkfnFMjRwaan/W5uIfKE1frcTntBoRSOm+AyWt06nrFF+FcCPwUgSIMl M0hGCXS9kMsKH067uJe/Kbk7n0mpCYJEwOAIxsKfYcjujCG87V9po7th6mzlQpKD8FQenSaDFYX0RpUT5+0S7ZUlZ5R1Sv/kgHYH+0CJD1mEqAx25nywGcnq F3ibUoLPvdO/YXDaW2FSc1Ew1NXCNKBCe3otG4lENl8Fcn9rFB9aZHhhKR5xFCNNOmhd9Y7apPD7otjG+hfJFA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_zT2j35ZQo2y-d2lOOWMxcr__EE>
Subject: Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 15:47:41 -0000
I +1 this, but at the same time, I'm wondering what happened with the argument that this should be solved by Token Exchange instead of Introspect? Cheers! Mark On 20/07/18 17:39, Phil Hunt wrote: > +1 adoption > > I have always been concerned about clients doing introspection. Use of > jwt helps because responses further restricted rather than less (jwe). > > Phil > > On Jul 20, 2018, at 7:25 AM, Rob Otto > <robotto=40pingidentity.com@dmarc.ietf.org > <mailto:robotto=40pingidentity.com@dmarc.ietf.org>> wrote: > >> I support this as well >> >> On Fri, 20 Jul 2018 at 15:22, Brian Campbell >> <bcampbell=40pingidentity.com@dmarc.ietf.org >> <mailto:40pingidentity.com@dmarc.ietf.org>> wrote: >> >> +1 >> >> On Thu, Jul 19, 2018 at 1:51 PM, William Denniss >> <wdenniss=40google.com@dmarc.ietf.org >> <mailto:wdenniss=40google.com@dmarc..ietf.org>> wrote: >> >> I support adoption of this document by the working group. >> >> >> On Thu, Jul 19, 2018 at 10:43 AM, Rifaat Shekh-Yusef >> <rifaat.ietf@gmail.com <mailto:rifaat.ietf@gmail.com>> wrote: >> >> Hi all, >> >> This is the call for adoption of the 'JWT Response for >> OAuth Token Introspection' document following the >> presentation by Torsten at the Montreal IETF meeting where >> we didn't have a chance to do a call for adoption in the >> meeting itself. >> >> Here is presentation by Torsten: >> https://datatracker.ietf.org/meeting/102/materials/slides-102-oauth-sessa-jwt-response-for-oauth-token-introspection-00 >> >> Here is the document: >> https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-01 >> >> Please let us know by August 2nd whether you accept / >> object to the adoption of this document as a starting >> point for work in the OAuth working group. >> >> Regards, >> Hannes & Rifaat >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> /CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). >> Any review, use, distribution or disclosure by others is strictly >> prohibited... If you have received this communication in error, >> please notify the sender immediately by e-mail and delete the >> message and any file attachments from your computer. Thank >> you./_______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> -- >> <https://www.pingidentity.com>Ping Identity >> <https://www.pingidentity.com> >> Rob Otto >> EMEA Field CTO/Solutions Architect >> robertotto@pingidentity.com <mailto:robertotto@pingidentity.com> >> >> c: +44 (0) 777 135 6092 >> >> Connect with us: Glassdoor logo >> <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> >> LinkedIn logo <https://www.linkedin.com/company/21870> twitter logo >> <https://twitter.com/pingidentity> facebook logo >> <https://www.facebook.com/pingidentitypage> youtube logo >> <https://www.youtube.com/user/PingIdentityTV> Google+ logo >> <https://plus.google.com/u/0/114266977739397708540> Blog logo >> <https://www.pingidentity.com/en/blog.html> >> >> <https://www.gartner.com/doc/reprints?id=1-5423XKW&ct=180620&st=sb> >> >> /CONFIDENTIALITY NOTICE: This email may contain confidential and >> privileged material for the sole use of the intended recipient(s). Any >> review, use, distribution or disclosure by others is strictly >> prohibited.. If you have received this communication in error, please >> notify the sender immediately by e-mail and delete the message and any >> file attachments from your computer. Thank you./ >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Call for adoption of "JWT Response for… Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for adoption of "JWT Response… William Denniss
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Anthony Nadalin
- Re: [OAUTH-WG] Call for adoption of "JWT Response… John Bradley
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Hannes Tschofenig
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Brian Campbell
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Rob Otto
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Phil Hunt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Mark Dobrinic
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Filip Skokan
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Hans Zandbelt
- Re: [OAUTH-WG] Call for adoption of "JWT Response… Rifaat Shekh-Yusef