Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-03.txt

Mike Jones <> Mon, 06 July 2015 18:18 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5759C1A8706 for <>; Mon, 6 Jul 2015 11:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LKBfN5XHVM8h for <>; Mon, 6 Jul 2015 11:18:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 519851A8713 for <>; Mon, 6 Jul 2015 11:18:02 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 6 Jul 2015 18:18:00 +0000
Received: from ([]) by ([]) with mapi id 15.01.0213.000; Mon, 6 Jul 2015 18:18:00 +0000
From: Mike Jones <>
To: Nat Sakimura <>, John Bradley <>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-03.txt
Thread-Index: AQHQt/431rtX+zHoI0OmuS1pCHHqmZ3Ov1kg
Date: Mon, 6 Jul 2015 18:18:00 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;
x-originating-ip: []
x-microsoft-exchange-diagnostics: 1; BY2PR03MB441; 5:kbB8rydN4zAmmdd3GFUQOBifOCJjeWShZPtWw0uz8qkx3KQevfc5V0xNJUUCenPwx1LGbl9PJxBKcWI2HpeBvKqdLDsTqIzVblmrYyUxG/jOR9iKI2ggZd+Y00EmfIzBJ8J2empMMC8LEzcq+1baXw==; 24:SZww/ka0ve/V4o9OVecHRwH6aAqMASp9W9qwoc/3IXpE34KEvKZ2lvPqTLIwRAJv/1E+6x5O4/ApEG5LHwYdQewE27BcofU9e9E9WlfY8OE=; 20:xQ5P+1cu/I7I3uYTgkBbEfLspFemEpwkcsYW8IDaUy+Oyws68jqNCXXaPB1f4kxKWIc71focYzadFzfH/1+FPw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB441;
by2pr03mb441: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BY2PR03MB441; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB441;
x-forefront-prvs: 06290ECA9D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377424004)(377454003)(13464003)(164054003)(15975445007)(74316001)(76576001)(46102003)(77156002)(86362001)(87936001)(33656002)(19580395003)(230783001)(19580405001)(122556002)(102836002)(50986999)(2950100001)(40100003)(77096005)(2900100001)(54356999)(62966003)(86612001)(2656002)(76176999)(5002640100001)(189998001)(5003600100002)(92566002)(66066001)(106116001)(5001960100002)(99286002)(5001770100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB441;; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2015 18:18:00.3941 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB441
Archived-At: <>
Cc: "" <>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-03.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Jul 2015 18:18:04 -0000

The invalid_request_uri parameter has already been registered at by OpenID Connect Core, and so cannot be re-registered.

invalid_request_format looks like a duplicate of the already registered invalid_request_object parameter.  Please change to use the existing error name.

Please also try to reconcile invalid_request_params with existing JWS request usage already specified by OpenID Connect Core.

				-- Mike

-----Original Message-----
From: OAuth [] On Behalf Of
Sent: Monday, July 06, 2015 8:12 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : Request by JWS ver.1.0 for OAuth 2.0
        Authors         : Nat Sakimura
                          John Bradley
	Filename        : draft-ietf-oauth-jwsreq-03.txt
	Pages           : 10
	Date            : 2015-07-06

   The authorization request in OAuth 2.0 utilizes query parameter
   serialization.  This specification defines the authorization request
   using JWT serialization.  The request is sent through "request"
   parameter or by reference through "request_uri" parameter that points
   to the JWT, allowing the request to be optionally signed and

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at

Internet-Drafts are also available by anonymous FTP at:

OAuth mailing list