Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-proof-of-possession-01.txt

Mike Jones <> Thu, 29 January 2015 02:18 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C334C1A0263 for <>; Wed, 28 Jan 2015 18:18:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oiQW9ZFZ-SCM for <>; Wed, 28 Jan 2015 18:18:33 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7A8E81A19F7 for <>; Wed, 28 Jan 2015 18:18:32 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 29 Jan 2015 02:18:30 +0000
Received: from (2a01:111:f400:7c09::173) by (2a01:111:e400:2c5d::44) with Microsoft SMTP Server (TLS) id via Frontend Transport; Thu, 29 Jan 2015 02:18:30 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id via Frontend Transport; Thu, 29 Jan 2015 02:18:29 +0000
Received: from ([]) by ([]) with mapi id 14.03.0224.003; Thu, 29 Jan 2015 02:18:18 +0000
From: Mike Jones <>
To: "" <>
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-proof-of-possession-01.txt
Thread-Index: AQHQO2l2JVKWQz09SkKBEblwNwhBLZzWXC0A
Date: Thu, 29 Jan 2015 02:18:16 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=pass action=none;
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(377454003)(13464003)(377424004)(230783001)(47776003)(55846006)(15975445007)(2900100001)(2920100001)(104016003)(2501002)(1720100001)(92566002)(102836002)(77156002)(450100001)(62966003)(66066001)(2950100001)(50466002)(110136001)(2351001)(23726002)(46406003)(106466001)(86612001)(86362001)(106116001)(46102003)(6806004)(50986999)(54356999)(76176999)(107886001)(19580395003)(33656002)(2656002)(19580405001)(87936001)(97756001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB0833;; FPR:; SPF:None; MLV:sfv; LANG:en;
X-DmarcStatus-Test: Passed
X-DmarcAction-Test: None
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(3003004)(3005004); SRVR:BN3PR0301MB0833;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004); SRVR:BN3PR0301MB0833;
X-Forefront-PRVS: 0471B73328
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB0833;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jan 2015 02:18:29.8472 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB0833
Archived-At: <>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-proof-of-possession-01.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Jan 2015 02:18:35 -0000

This version updates the references to other drafts, including referencing draft-ietf-oauth-pop-architecture instead of draft-hunt-oauth-pop-architecture.

				-- Mike

-----Original Message-----
From: OAuth [] On Behalf Of
Sent: Wednesday, January 28, 2015 6:15 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-proof-of-possession-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of the IETF.

        Title           : Proof-Of-Possession Semantics for JSON Web Tokens (JWTs)
        Authors         : Michael B. Jones
                          John Bradley
                          Hannes Tschofenig
	Filename        : draft-ietf-oauth-proof-of-possession-01.txt
	Pages           : 11
	Date            : 2015-01-28

   This specification defines how to express a declaration in a JSON Web
   Token (JWT) that the presenter of the JWT possesses a particular key
   and that the recipient can cryptographically confirm proof-of-
   possession of the key by the presenter.  This property is also
   sometimes described as the presenter being a holder-of-key.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at

Internet-Drafts are also available by anonymous FTP at:

OAuth mailing list