From nobody Mon Nov 30 08:29:28 2020 Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8B4D3A0E31 for ; Mon, 30 Nov 2020 08:29:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.096 X-Spam-Level: X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id niTsbyZjy-wI for ; Mon, 30 Nov 2020 08:29:24 -0800 (PST) Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D4203A0E24 for ; Mon, 30 Nov 2020 08:29:24 -0800 (PST) Received: by mail-lj1-x22d.google.com with SMTP id r18so18860885ljc.2 for ; Mon, 30 Nov 2020 08:29:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=lry4zoq5cRrZ/Fqeg/Ue2Eww/wqQR65STcu5kMZ1XpQ=; b=mRSEZvyQXPvacAY5VqcvVB4otqtL04EsiIOVmp1Ejtxe5LuJdSuLsS0H8ARjRlrBZO fsa+SVCMY8vxQdGaWOFsXgtmTP8/REVzfqKE4xvMqKfTOLbdzJfbFSqZpeBcNdHof0O+ +3W/HWfSH+mzfsBHNEkzJClluNhtwVFFknBOzdxbXY8hn8e25D7ju/oZN0l7WpAA6hJL 3emPOMGZAXHdMneVs1pPvFRJbE655mmA1BHeibkRYRXK5/g4zZMII2KAR1iYGu8TvGq9 XWBANGJafDA/NxTZHxChkL7qjquDst6JGB2heuC24FVSmib53XBmooJX2X4sVO4fuTi5 rTvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=lry4zoq5cRrZ/Fqeg/Ue2Eww/wqQR65STcu5kMZ1XpQ=; b=VOJanzpptgLQfuMZt8sP2+9CT1VwfO6sQ19wXSqkyJLLQNZwczDitj4Cgyzbs+ELWH JTzqMuGeeUhV/yncaeFFkZUpwoZfn+Bb+5KovauWh1qmfVqRAd4tQwBCCinrh5ZkUCN7 AAmwr5p8xzyTfjmhIPyTnDLXmS8WrAbjkFKU74gp+orz/+iP9T+UkdHYSKmJnlXeSRQj +tXX78vRZwD2JyZQIU8oFuw6qo5D8xrYNgicjzpVqIMxtEvRJvs2WxDZDB4C7bRKwcPc yD5/Rj31sFdLAOAjjMioCg6fOS1eUyXHk53yGw9yn3oQS3e1LgA0/jCRoM7XmDHe7oKg 2FKg== X-Gm-Message-State: AOAM532ZLx/9argXPu5ZpPhDkP9OpdqZoErqOhRKOTuMm41vQnfxcfPU L+LqG3z1kS4p5BMl/RZStQqyS6HdI3uHJ0k7cNR22ALBPDU= X-Google-Smtp-Source: ABdhPJyN1ZAzuWKT5YNgsL/dgLymm43Zzozrz57p9JIyd1kbw6P+NN+pqezYmWQWiIv2xluKn+CpZq9ibo/BYyrN8NM= X-Received: by 2002:a2e:9793:: with SMTP id y19mr9998402lji.437.1606753761865; Mon, 30 Nov 2020 08:29:21 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Dick Hardt Date: Mon, 30 Nov 2020 08:28:45 -0800 Message-ID: To: oauth@ietf.org Content-Type: multipart/alternative; boundary="00000000000037bc7305b55583d0" Archived-At: Subject: Re: [OAUTH-WG] DPoP Binding JWT proposal X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2020 16:29:27 -0000 --00000000000037bc7305b55583d0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Pushing this to the top of the stack in case there is interest in separating the binding mechanism from the RT / AT so that existing RTs / ATs can be used. =E1=90=A7 On Fri, Nov 6, 2020 at 2:12 PM Dick Hardt wrote: > Hello > > After reviewing the DPoP spec, and reflecting on implementations I have > worked with, I wanted to see if there was interest in a DPoP Binding JWT. > > The use case is to enable existing deployments to add support for DPoP > without having to replace their existing refresh token and access tokens, > and the processing of them as the DPoP Binding JWT processing can be adde= d > as an independent software layer. > > The processing overhead is minimized as the DPoP Binding JWT > verification can be cached for an access token, > adding only one JWT verification for the lifetime of the access token. > > DPoP Binding JWTs using asymmetric cryptographic algorithms, provide the > increased security of public / private key for existing deployments using > access tokens signed with shared secrets such as HMAC. > > /Dick > > > *X. DPoP Binding JWT* > Deployments that do not want to modify their existing access tokens o= r > resource tokens to contain > the DPoP thumbprint can include DPoP Binding JWTs in the response fro= m > the AS and present them in > calls to the RS. A DPoP Binding JWT contains the DPoP thumbprint and = a > hash of the access token > or refresh token, and is signed by the AS. > > The use of DPoP Binding JWTs enables existing deployments to add > proof-of-possession assurance to > existing deployments by adding a middle layer service or software > without modifying the processing > of refresh tokens or access tokens. > > > > *X.1 DPoP Binding JWT Syntax* > * "typ": type header, value "dpop-binding+jwt" > > * "jti": unique id > * "iat": time created > * "jkt": JWK SHA-256 Thumbprint of the DPoP public key > > If binding an access token > * "ath": SHA-256 hash of the access token > > If binding an refresh token > * "rth": SHA-256 hash of the refresh token > > Example DPoP Binding JWT for an access token: > > { > "typ":"dpop-binding+jwt", > "alg":"ES256", > "jwk": { > "kty":"EC", > "x":"l8tFrhx-34tV3hRICRDY9zCkDlpBhF42UQUfWVAWBFs", > "y":"9VE4jf_Ok_o64zbTTlcuNJajHmt6v9TDVrU0CdvGRDA", > "crv":"P-256" > } > }.{ > "jti":"-BwC3ESc6acc2lTc", > "iat":1562262616, > "jkt":"0ZcOCORZNYy-DWpqq30jZyJGHTN0d2HglBV3uiguA4I", > "ath":"N0d2HglBV3uiguA4I0ZcOCORZNYy-DWpqq30jZyJGHT" > } > > > > *X.2 Checking DPoP Bindings* > Check the DPoP Binding JWT is valid > Check the DPoP Binding JWT "jkt" value matches the thumbprint of the > DPoP public key > Check the DPoP Binding JWT "ath" value matches the SHA-256 hash of th= e > access token > or > Check the DPoP Binding JWT "rth" value matches the SHA-256 hash of th= e > refresh token > > > *X.3 Token Response* > The AS sets the "token_type" parameter to "DPoP-Binding". > The AS returns the DPoP Binding JWT for the access token in the > "access_token_binding" parameter, > and the DPoP Binding JWT for the refresh token in the > "refresh_token_binding" parameter. > > HTTP/1.1 200 OK > Content-Type: application/json;charset=3DUTF-8 > Cache-Control: no-store > Pragma: no-cache > > { > "access_token":"2YotnFZFEjr1zCsicMWpAA", > "access_token_binding":"eyJ0eXAiOiJkcG9w....", > "token_type":"DPoP-Binding", > "expires_in":3600, > "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA" > "refresh_token_binding":"eyJ0eXAiOiJkcG9w....." > "example_parameter":"example_value" > } > > > *X.4 Resource access* > The client presents the access token DPoP Binding JWT in the > "DPoP-Binding" HTTP header. > > GET /protectedresource HTTP/1.1 > Host: resource.example.org > Authorization: DPoP eyJhbGciOiJFUzI1NiIsImtpZCI6IkJlQUxrYiJ9.eyJzdWI > iOiJzb21lb25lQGV4YW1wbGUuY29tIiwiaXNzIjoiaHR0cHM6Ly9zZXJ2ZXIuZXhh= bX > BsZS5jb20iLCJhdWQiOiJodHRwczovL3Jlc291cmNlLmV4YW1wbGUub3JnIiwibmJ= mI > joxNTYyMjYyNjExLCJleHAiOjE1NjIyNjYyMTYsImNuZiI6eyJqa3QiOiIwWmNPQ0= 9S > Wk5ZeS1EV3BxcTMwalp5SkdIVE4wZDJIZ2xCVjN1aWd1QTRJIn19.vsFiVqHCyIkB= Yu > 50c69bmPJsj8qYlsXfuC6nZcLl8YYRNOhqMuRXu6oSZHe2dGZY0ODNaGg1cg-kVig= zY > hF1MQ > DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik > VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVd= CR > nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R1= JE > QSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRt= Ij > oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN= 0Z > WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOH0.lNhmpAX1WwmpBvwhok4E74kWCi= GB > NdavjLAeevGy32H3dbF0Jbri69Nm2ukkwb-uyUI4AUg1JSskfWIyo4UCbQ > DPoP-Binding: eyJ_an_example_DPoP_binding_JWT_0eXAiOiJkcG9wK2p3dCIsI > VDIiwieCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVd= CR > nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2R2R1= JE > QSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJlMWozVl9iS2ljOC1MQUVCIiwiaHRt= Ij > oiR0VUIiwiaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN= 0Z > WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOH0.lNhmpAX1WwmpBvwhok4E74kWCi= GB > NdavjLAeevGy32H3dbF0Jbri69Nm2ukkwb-uyUI4AUg1JSskfWIyo4UCbQ > > > > =E1=90=A7 > --00000000000037bc7305b55583d0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Pushing this to the top of the stack in case there is inte= rest in separating the binding mechanism from the RT / AT so that existing = RTs / ATs can be used.
3D""=E1=90=A7

On Fri, Nov 6, 2020 = at 2:12 PM Dick Hardt <dick.hard= t@gmail.com> wrote:
Hello

After revie= wing the DPoP spec, and reflecting on implementations I have worked with, I= wanted to see if there was interest in a=C2=A0DPoP Binding JWT.
=
The use case is to enable existing deployments to add suppor= t for DPoP without having to replace their existing refresh token and acces= s tokens, and the processing of them as the DPoP Binding JWT processing can= be added as an independent=C2=A0software layer.=C2=A0

=
The processing overhead is minimized as the DPoP Binding JWT verificat= ion=C2=A0can be cached for an access token,=C2=A0
adding only one= JWT verification for the lifetime of the access token.

DPoP Binding JWTs using asymmetric cryptographic algorithms, provide = the increased security of public / private key for existing deployments usi= ng access tokens signed with shared secrets such as HMAC.

/Dick

X. DPoP Binding JWT

= =C2=A0 =C2=A0 Deployments that do not want to modify their existing access = tokens or resource tokens to contain
=C2=A0 =C2=A0 the DPoP thumbprint = can include DPoP Binding JWTs in the response from the AS and present them = in
=C2=A0 =C2=A0 calls to the RS. A DPoP Binding JWT contains the DPoP = thumbprint and a hash of the access token
=C2=A0 =C2=A0 or refresh token= , and is signed by the AS.

=C2=A0 =C2=A0 The use of DPoP Binding JW= Ts enables existing deployments to add proof-of-possession assurance to =C2=A0 =C2=A0 existing deployments by adding a middle layer service or sof= tware without modifying the processing
=C2=A0 =C2=A0 of refresh tokens o= r access tokens.


X.1 DPoP Binding JWT Syntax

=C2= =A0 =C2=A0 * "typ": type header, value "dpop-binding+jwt&quo= t;

=C2=A0 =C2=A0 * "jti": unique id
=C2=A0 =C2=A0 * &q= uot;iat": time created
=C2=A0 =C2=A0 * "jkt": JWK SHA-256= Thumbprint of the DPoP public key

=C2=A0 =C2=A0 If binding an acce= ss token
=C2=A0 =C2=A0 =C2=A0 =C2=A0 * "ath": SHA-256 hash of = the access token

=C2=A0 =C2=A0 If binding an refresh token
=C2=A0= =C2=A0 =C2=A0 =C2=A0 * "rth": SHA-256 hash of the refresh token<= br>
=C2=A0 =C2=A0 Example DPoP Binding=C2=A0JWT for an access token:
=
=C2=A0 =C2=A0 {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "typ":"dp= op-binding+jwt",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "alg":"= ES256",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "jwk": {
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 "kty":"EC",
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 "x":"l8tFrhx-34tV3hRICRDY9zCkDlpBhF42UQUfWVAWBFs&= quot;,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "y":"9VE4jf_Ok_o64zbTT= lcuNJajHmt6v9TDVrU0CdvGRDA",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "crv&= quot;:"P-256"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 }
=C2=A0 =C2=A0 }= .{
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "jti":"-BwC3ESc6acc2lTc&qu= ot;,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "iat":1562262616,
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 "jkt":"0ZcOCORZNYy-DWpqq30jZyJGHTN0d2Hg= lBV3uiguA4I",
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "ath":"N0d= 2HglBV3uiguA4I0ZcOCORZNYy-DWpqq30jZyJGHT"
=C2=A0 =C2=A0 }

X.2 Checking DPoP Bindings

=C2=A0 =C2=A0 Check the DPoP Bin= ding JWT is valid
=C2=A0 =C2=A0 Check the DPoP Binding JWT "jkt&quo= t; value matches the thumbprint of the DPoP public key
=C2=A0 =C2=A0 Che= ck the DPoP Binding JWT "ath" value matches the SHA-256 hash of t= he access token
=C2=A0 =C2=A0 =C2=A0 or
=C2=A0 =C2= =A0 Check the DPoP Binding JWT "rth" value matches the SHA-256 ha= sh of the refresh token

X.3 Token Response
=C2=A0 =C2=A0 The AS sets the "token_type" parameter to "D= PoP-Binding".
=C2=A0 =C2=A0 The AS returns the DPoP Binding JWT fo= r the access token in the "access_token_binding" parameter,
= =C2=A0 =C2=A0 and the DPoP Binding JWT for the refresh token in the "r= efresh_token_binding" parameter.

=C2=A0 =C2=A0 =C2=A0HTTP/1.1 2= 00 OK
=C2=A0 =C2=A0 =C2=A0Content-Type: application/json;charset=3DUTF-8=
=C2=A0 =C2=A0 =C2=A0Cache-Control: no-store
=C2=A0 =C2=A0 =C2=A0Prag= ma: no-cache

=C2=A0 =C2=A0 =C2=A0{
=C2=A0 =C2=A0 =C2=A0 =C2=A0&qu= ot;access_token":"2YotnFZFEjr1zCsicMWpAA",
=C2=A0 =C2=A0 = =C2=A0 =C2=A0"access_token_binding":"eyJ0eXAiOiJkcG9w....&qu= ot;,
=C2=A0 =C2=A0 =C2=A0 =C2=A0"token_type":"DPoP-Bindin= g",
=C2=A0 =C2=A0 =C2=A0 =C2=A0"expires_in":3600,
=C2= =A0 =C2=A0 =C2=A0 =C2=A0"refresh_token":"tGzv3JOkF0XG5Qx2TlK= WIA"
=C2=A0 =C2=A0 =C2=A0 =C2=A0"refresh_token_binding":&= quot;eyJ0eXAiOiJkcG9w....."
=C2=A0 =C2=A0 =C2=A0 =C2=A0"exampl= e_parameter":"example_value"
=C2=A0 =C2=A0 =C2=A0}
X.4 Resource access

=C2=A0 =C2=A0 The client presents the ac= cess token DPoP Binding JWT in the "DPoP-Binding" HTTP header.
=C2=A0 =C2=A0 GET /protectedresource HTTP/1.1
=C2=A0 =C2=A0 Host: <= a href=3D"http://resource.example.org" target=3D"_blank">resource.example.o= rg
=C2=A0 =C2=A0 Authorization: DPoP eyJhbGciOiJFUzI1NiIsImtpZCI6IkJ= lQUxrYiJ9.eyJzdWI
=C2=A0 =C2=A0 =C2=A0 =C2=A0 iOiJzb21lb25lQGV4YW1wbGUuY= 29tIiwiaXNzIjoiaHR0cHM6Ly9zZXJ2ZXIuZXhhbX
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Bs= ZS5jb20iLCJhdWQiOiJodHRwczovL3Jlc291cmNlLmV4YW1wbGUub3JnIiwibmJmI
=C2=A0= =C2=A0 =C2=A0 =C2=A0 joxNTYyMjYyNjExLCJleHAiOjE1NjIyNjYyMTYsImNuZiI6eyJqa3= QiOiIwWmNPQ09S
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Wk5ZeS1EV3BxcTMwalp5SkdIVE4wZ= DJIZ2xCVjN1aWd1QTRJIn19.vsFiVqHCyIkBYu
=C2=A0 =C2=A0 =C2=A0 =C2=A0 50c69= bmPJsj8qYlsXfuC6nZcLl8YYRNOhqMuRXu6oSZHe2dGZY0ODNaGg1cg-kVigzY
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 hF1MQ
=C2=A0 =C2=A0 DPoP: eyJ0eXAiOiJkcG9wK2p3dCIsI= mFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6Ik
=C2=A0 =C2=A0 =C2=A0 =C2=A0 VDIiwi= eCI6Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWcl= UwQ2R2R1JE
=C2=A0 =C2=A0 =C2=A0 =C2=A0 QSIsImNydiI6IlAtMjU2In19.eyJqdGki= OiJlMWozVl9iS2ljOC1MQUVCIiwiaHRtIj
=C2=A0 =C2=A0 =C2=A0 =C2=A0 oiR0VUIiw= iaHR1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z
=C2=A0 =C2=A0= =C2=A0 =C2=A0 WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOH0.lNhmpAX1WwmpBvwhok4E7= 4kWCiGB
=C2=A0 =C2=A0 =C2=A0 =C2=A0 NdavjLAeevGy32H3dbF0Jbri69Nm2ukkwb-u= yUI4AUg1JSskfWIyo4UCbQ
=C2=A0 =C2=A0 DPoP-Binding: eyJ_an_example_DPoP_b= inding_JWT_0eXAiOiJkcG9wK2p3dCIsI
=C2=A0 =C2=A0 =C2=A0 =C2=A0 VDIiwieCI6= Imw4dEZyaHgtMzR0VjNoUklDUkRZOXpDa0RscEJoRjQyVVFVZldWQVdCR
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 nMiLCJ5IjoiOVZFNGpmX09rX282NHpiVFRsY3VOSmFqSG10NnY5VERWclUwQ2= R2R1JE
=C2=A0 =C2=A0 =C2=A0 =C2=A0 QSIsImNydiI6IlAtMjU2In19.eyJqdGkiOiJl= MWozVl9iS2ljOC1MQUVCIiwiaHRtIj
=C2=A0 =C2=A0 =C2=A0 =C2=A0 oiR0VUIiwiaHR= 1IjoiaHR0cHM6Ly9yZXNvdXJjZS5leGFtcGxlLm9yZy9wcm90ZWN0Z
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 WRyZXNvdXJjZSIsImlhdCI6MTU2MjI2MjYxOH0.lNhmpAX1WwmpBvwhok4E74kWC= iGB
=C2=A0 =C2=A0 =C2=A0 =C2=A0 NdavjLAeevGy32H3dbF0Jbri69Nm2ukkwb-uyUI4= AUg1JSskfWIyo4UCbQ



3D""=E1=90=A7
--00000000000037bc7305b55583d0--