[OAUTH-WG] Re: RFC 9068
"Lee, Matt D" <Matt.Lee@kbslp.cloud> Thu, 10 October 2024 20:22 UTC
Return-Path: <prvs=7013fc4b51=matt.lee@kbslp.cloud>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 422A9C151094 for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 13:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.591
X-Spam-Level:
X-Spam-Status: No, score=-1.591 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SUBJ_ALL_CAPS=0.5, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kbslp.cloud
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BonK_AaHNvUg for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 13:22:50 -0700 (PDT)
Received: from mx0a-00164e01.pphosted.com (mx0a-00164e01.pphosted.com [67.231.148.85]) by ietfa.amsl.com (Postfix) with ESMTP id 6C671C14F6BF for <oauth@ietf.org>; Thu, 10 Oct 2024 13:22:50 -0700 (PDT)
Received: from pps.filterd (m0048129.ppops.net [127.0.0.1]) by mx0a-00164e01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49AIqsFV030519; Thu, 10 Oct 2024 15:22:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kbslp.cloud; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=00164e01; bh=HxcPvtvt+r6N9y5BqARcssXrr uB12nkTdujnP9ZTP2I=; b=o/IM8FwFfrT1ZQfpyuIJA+737Ir687Bs+7AZsU2u1 akDULyoRGRXlQ8EHp22gCrSLkXPtJ88NYTwNSxQoKdWK0Z25RijbGI6gSL2Fp973 jMj2w+WpKNK7c+0/AXwcfOdFzsZ78RnkykT5GCeXOil06UK4MDs1BnEMenpTxAm1 vC1XzU5pOVIeJmABw2RNBrgGSOQDihaejTe4uXpalL0zfxBqQYAVZfOdgGuqvBeS vLxvvcmi2icyMSf3oigsTMF5bFfMHPCvOLHbm4ZRw7DiPGlVRU3+t9TP2XrE5rQU LeTGtaRSozxmgACESO3/XSHmiCfH4FDPGVtedMiszkpKA==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2176.outbound.protection.outlook.com [104.47.57.176]) by mx0a-00164e01.pphosted.com (PPS) with ESMTPS id 426mkgrf28-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Oct 2024 15:22:49 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GxoywgvGT5V0+ChI/FfqIFtBQZoW4ADMon78rS0yCC6uDRPcj8CmfYO/+ZbNCkQyUdWR7+Q+7bhRfHYVEgnqsEb6eVHlHzkCujdfYdd8MBIhCeIz1SRm8nl2vzRs3iTT6CEr8aauuDYDZrhkZyBH3yP7MjN/ODbpQJUGk3qYDZVr5U3dNWTpqh9hRzipFDEVlfSrMnQjmDkQ6eEozfJJ1ISZZGgWVdJeUxH97FfLvJan55Hkq7/feoCYae4fCkxChPUPddvGiY5cDP6kKjUKX8KqQNtv4CLmmnV37h0ZlP3XZqjL/6mOAmC3/UQ+F8nGWetHvbI1aDmCihnqNCCN3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HxcPvtvt+r6N9y5BqARcssXrruB12nkTdujnP9ZTP2I=; b=rW4tmGpPpa8gwbNn9fXZsUwCUe+/qLvKKISoeQtvh3/RC04fQxBZbWeaCRzFyS/wghgpkrbj3v9dtQiM4S36B6nifcfhh+KK6EWSEqLIDT5kjlYfm0ORehN2itwbNuEMTiDo5U0mBcaxMnoFvJE2SjnEG8cWGYisVqQViPUJ6d4+lZyjlEwOzFTXAHxwdw4fOZ8WKMbUcqRJeYurpBlwjE06IVX9J9azHHVZcBE3LxrH8878oWrgmk4BzkIPn/qDLGBaYHmnF2vWUOkFp5F54MNiCiYamiAE3wkN73BXiolZha76WavdPWPU30Y+i61BshYLtVRa1oZfB7QZEbVkAQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kbslp.cloud; dmarc=pass action=none header.from=kbslp.cloud; dkim=pass header.d=kbslp.cloud; arc=none
Received: from DM4PR15MB5503.namprd15.prod.outlook.com (2603:10b6:8:bc::17) by CH3PR15MB6378.namprd15.prod.outlook.com (2603:10b6:610:1b7::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8048.18; Thu, 10 Oct 2024 20:22:47 +0000
Received: from DM4PR15MB5503.namprd15.prod.outlook.com ([fe80::b648:dc0b:adf:684f]) by DM4PR15MB5503.namprd15.prod.outlook.com ([fe80::b648:dc0b:adf:684f%3]) with mapi id 15.20.8048.013; Thu, 10 Oct 2024 20:22:47 +0000
From: "Lee, Matt D" <Matt.Lee@kbslp.cloud>
To: Justin Richer <jricher@mit.edu>
Thread-Topic: [OAUTH-WG] RFC 9068
Thread-Index: AQHbGcB/55V0SnvLfEqC3lTstd9zR7KAAqaAgABt6kM=
Message-ID: <DM4PR15MB5503561D4CCBE9D647F239108D782@DM4PR15MB5503.namprd15.prod.outlook.com>
References: <DM4PR15MB5503161F3F1BB3A66F53264F8D7E2@DM4PR15MB5503.namprd15.prod.outlook.com> <62AD7B59-29FD-4829-B744-D60AB0592D86@mit.edu>
In-Reply-To: <62AD7B59-29FD-4829-B744-D60AB0592D86@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR15MB5503:EE_|CH3PR15MB6378:EE_
x-ms-office365-filtering-correlation-id: 68f7c9a3-8ed5-4fe8-bbf2-08dce9694e17
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: ZUCGBkqy14dACqhLOhC6NWKu2DvKeT1kAlt5onCDJMCC1Er2+0BfqjXwdOQXq96hEUTQOHc57B+rEQ6KE0GZbnEIy/ubPqs4ur9JywCBg0tuWzb1mYxnPPiFiYiUKt9nR4WcyB32zbMt/fUdeoNrE6OLEx+jLNjN7Ej+ZK7KtZjthDd9tYtgP8pjW1XN5XWzd7ronnBeEC4v+D5gHH6LZXNEKelIZHdKDzlyf7WLQMtMr1M4qV8GcehkyRZC1lmNKga9iG+xkRdwhgdzWqAVg5Wo0tiXei2tdOtmBSJp7k/vYi8mkIYXAJHo4MqeKdQ7tZpdOH3LgcongT8QTqycf8J8uhhhguieZcF8ah7TpLDgzkEGZjwVEOGtbXYNJCVcTWXqJCKCK8ryav2n/A56CZFU785F2B97uqHXlPnfapmJ6O9NMu59fbPHpyCmn8CduN9JJ91fRKquv3U6P4/TdJRgmRKl6tKfo9Mv0G8bm52pER84AlzN/vRfgpnQ7L+hliZriv+0NJGYUplC6j32LBqApr87wbxhzwa/ob/+/h8vhVMF3N0bhDA7OdTYKyX0j0NDydOOAcn3gX1pUhianzC8P4VjG+4p4As2BhqsP5GLDBWfes8cS6YHPzUeHe2fxkx0V1TIZzyQs8zsnvEToYu+oqgpV+7e4vHLoqXLTHOmdfuimCjugH9CiJewq9zwuWWQ176Ae8fpE2Ojtdx04aH6CmrLDaRF4JmeWF+9OvCt/bzXanf+wIFmnbrrxzlOjRPzH76dVCfSO2kzuAYgAqp8XLnp+1uDjzn8m1tdP44PEDR5PfRaJ72iFObthSY+WBRZW3fFaYOqu9xRFki8BEQII8F9gkWneoOqynONd1q/dZwUQk1LN1tel4vuKrL0d6VyaiYSVfhddiqaXzHxrL9inDYVD5ZuvoLua1pkJYa7/HTwKVEkIxCYo8nGqFcna9inOqRUUDrj0+F7a1+X8n/CayTik/xNIt1M3UsWRt5/HTBJGIFV9hlKUdZhXKbwUTV66p9i/N6oPtDrhh+S0eidMuqlwLd0YmWD4sXBOXCec/t789cje6HhABMPDgBRSyif+GaiPxIOoHDmQxeh4c3AqbDGzlQE5YBIuTqeF0NlHAVv5og/xdNOQ2vEE1GSSNkT8LjkYt7CFvRYvzmbGHMrRo2VCONy2n/pNJGJpz7GOlxEPKfjP9wZo9ebweh3cJaGBafgmYAehsq6i3uutDUq59I4TdV3qqPeukqtpgMv0yXSqkGa8r2ReqcrdGoRwM+McfjaLOBQe4oo9iS4UdJtcC2uJ2wzc7EZL2Rm3yIx/sBVZMp07zszLVmWGS+ULhY+AF70qaD11VkJiQAXrw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR15MB5503.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: saqHyC5CxJJfnxKwWZoTs2hx4bPPBHwpGRQ96y0IGU4gkMVTXPup6Kt5mCO7ng2voXrQR+SXXjMo1XK57MsOOzKt5HVVIBw29wYgtTXZDycdJq4tysP2CTJJdD0b8mQWHsrf8qF6og39WUJRBSEdNxoMFZWUEtLOUqJyYPY+n9ouwBVch4B4Vx9Mt2OTV+WEd7Bv6wGsBs0DLty7ZnOAmYVSajAV+HH0zTft9jw/icPnlHFgNeITt4hZhY40jE9reTsI/ABDryZjBBUSZsY+h0mdreOR6VW2lx1Q99lI2FMEN5BYPcufoOHAftH0q2BcLz9+3FPbtMG4wnHyM6bDeBvEeVU7jYsiWzCaMqiGKnH2qR86UjPiLOwOw6uDdZg+NjBHt82jBO1UELPz6T4A8U4rqiJHSJHeVqaJdN90i+svzwR9KYB0bKGOIpmRO225blSEADSUd8sPHTm2mTXMMN6M8djhSaP8iO8r+rZ6vAEdoSiNEsOzMcBlRLIc0UqoLy7AiOdrY0ymT9/d0dWp2j/HrFej1Oq1mZ4JN7fVXbLsqyCb4UpqfSMH+ILAaghTL6Qq9Nc1MMHxFSgU3Ns7Rm0xa+09DL8mrVVkcvfqlrFtuecu5y3SeUv+c+jQiKX/MdLnRzzfZ3H4uVhNnV2Kfdj7//Wc52MXn9VqXeVXX6fFduqn72VSra24IkbmxxLpkQBVRnklcvxFcsNwAmjrGQrvWG7KE2cZrbSog+OnDG8TpMsIlW/x7vhNfu8XSFlQ5ojt0Db7MRGTSU+nddSWRNIFck1gdK/ATLv6SYHlP0Kk1Wm1vo3DNJxr/JjOhxMJPWRTbYsE3B50eQMxMnATgLqGjwilxpxnoB/fYX1eosQ3eI8qEldKNYcD7qHGVMsmp0quXf1Ck26qBG7VtntNIpUo7UQ3CZB5ueGaeCnLwlio1AMEZS/jhKojfHp0qEX3A9XsGOY3tpR7pj4RN1jeLVnwIZT4j+lHMJAw2dOWFgQ4qyIq07YgiPhyepN4gdrW3TOxFE7w14EWnc95KrIroBU0Jem7Wz4XA8HBdG6Rbwgv+5SlZkxyjxrQGOzLQog4UnDoLr4PxU6cnZGKFzhis2QA3c/GnpPRDpCM6qMppBOxqcvyGOIkO6aBTeYpb8jxjGOHB1jaqVSHoeooJXoW5nyZhqoVdqOG3wj/1hxlom2T9GwwxtXTe3D1Fa80AzdO/RyrMVR/tBLqQQ7iE/zeCsQxr9iBaGp/ANw3Wfhybo4nlSoqldLBa8RlzhBCF83xmLNP+PQywU9zFoBtS8FZm44Rl6XA+Wtb5g0wzTkklhhe5+Qx3bCkPZ1rC3OnP+ItD1t4mN5nnzNHI17bSiquR9wHWdVSUa7octe1odo1kbviYBK7XcZv1vrOuTZ0zDy9hi+sSMfRj3tc0sR2SqaA6uuLW+sW+EYsyuZwokEEttxRdZdfkhbchRQHhuKU/0aaKDboNk1bOh98pTRg4+RTatMAuX5GgQnzaqlX3sskXXfBv0eZyRSL3ewhRMGGh6VJYnykRl7+P8apyBTd19jBAzFKl4iDwkKNkm+fV0Lf2EbHfzkPdvC2TMp98wGDFJM3v3Y1g/ChyfEh6z8jajPK4g==
Content-Type: multipart/alternative; boundary="_000_DM4PR15MB5503561D4CCBE9D647F239108D782DM4PR15MB5503namp_"
MIME-Version: 1.0
X-OriginatorOrg: kbslp.cloud
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR15MB5503.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 68f7c9a3-8ed5-4fe8-bbf2-08dce9694e17
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2024 20:22:47.0524 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 101ce67d-13f2-447a-bb65-0989b89dfdb4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: e7ql5El0+p309fwJ/kdS1RREOd/5OaS2MfD56CACkufFNWNJk+UcZrdjoGYvG+5v5/WROhpNoKqZPeGUSOvYZw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR15MB6378
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: DM4PR15MB5503.namprd15.prod.outlook.com
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 165.225.36.185
X-MS-Exchange-CrossPremises-transporttraffictype: Email
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating;SFV:NSPM;SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: CH3PR15MB6378.namprd15.prod.outlook.com
X-Proofpoint-GUID: mQKiOhtDtvLGOEIzTvlfUSq2mKcrUnVI
X-Proofpoint-ORIG-GUID: mQKiOhtDtvLGOEIzTvlfUSq2mKcrUnVI
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-05_03,2024-10-04_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=outbounddefaultpolicy_notspam policy=outbounddefaultpolicy score=0 malwarescore=0 phishscore=0 mlxlogscore=999 bulkscore=0 adultscore=0 clxscore=1011 suspectscore=0 lowpriorityscore=0 spamscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410100134
X-MailFrom: prvs=7013fc4b51=matt.lee@kbslp.cloud
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0
Message-ID-Hash: AD4XH6GHWCN6RFT2SKC4E7IUHUGYQVTN
X-Message-ID-Hash: AD4XH6GHWCN6RFT2SKC4E7IUHUGYQVTN
X-Mailman-Approved-At: Sat, 12 Oct 2024 06:57:43 -0700
CC: "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [OAUTH-WG] Re: RFC 9068
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/aotguo1JlafSe9pxdkUDm3sAEY0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Date: Thu, 10 Oct 2024 20:22:54 -0000
X-Original-Date: Thu, 10 Oct 2024 20:22:47 +0000
Hey Justin Appreciate the insight here, and glad to bring the message back to implementation. Thank you Matt From: Justin Richer <jricher@mit.edu> Date: Thursday, October 10, 2024 at 8:49 AM To: Lee, Matt D <Matt.Lee@kbslp.cloud> Cc: oauth@ietf.org <oauth@ietf.org> Subject: Re: [OAUTH-WG] RFC 9068 Sent by an external sender ________________________________ Hi Matt, RFC6086 is published and final — there is not ongoing work on that document, because it is complete. I’m sure there is also other work happening all around about profiling JWTs for specific purposes and circumstances. The wording of "Proposed Standard" can be confusing. It does not mean that the document is still in process. Instead, it speaks to the nature of organizations like the IETF: we can only really propose and describe standards, it’s the implementations that make those standards concrete in the real world. With that in mind, the best way to continue the work of RFC9068 is to implement it and advocate for others to implement it as well. — Justin On Oct 8, 2024, at 4:41 PM, Lee, Matt D <Matt.Lee=40kbslp.cloud@dmarc.ietf.org> wrote: First, my sincerest condolences regarding the loss of Vittorio Bertocci, someone who had an astonishing impact on the industry and community at large. I was reminded of this loss today as I was having a conversation with some peers about the optional nature of the sub claim in JWTs used in OAuth grants. After we searched for guidance we found this proposed standard from Vittorio that would move sub from optional to required, and wondered if anyone was picking this up now that he has passed. Thank you Matt Lee | KGS Enterprise Architect _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-leave@ietf.org
- [OAUTH-WG] RFC 9068 Lee, Matt D
- [OAUTH-WG] Re: RFC 9068 Justin Richer
- [OAUTH-WG] Re: RFC 9068 Justin Richer
- [OAUTH-WG] Re: RFC 9068 Pierce Gorman
- [OAUTH-WG] Re: RFC 9068 Aaron Parecki
- [OAUTH-WG] Re: RFC 9068 Justin Richer
- [OAUTH-WG] Re: RFC 9068 Lee, Matt D