IETF Logo Mail Archive

Re: [OAUTH-WG] WGLC for OAuth 2.0 Protected Resource Metadata

Michael Jones <michael_b_jones@hotmail.com> Wed, 03 April 2024 15:52 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E513FC15199D for <oauth@ietfa.amsl.com>; Wed, 3 Apr 2024 08:52:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.222
X-Spam-Level:
X-Spam-Status: No, score=-1.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f0bMiJ3hkgmE for <oauth@ietfa.amsl.com>; Wed, 3 Apr 2024 08:52:15 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11olkn2108.outbound.protection.outlook.com [40.92.19.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CA72C151984 for <oauth@ietf.org>; Wed, 3 Apr 2024 08:52:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZWEfcsR7HjCs3BQjOcTs7zpjJyZruVDLa0PGfgQKk0ewEG8+yM+qJ99WRee7hGWxTifqwXuZTgN97I2OL0983fsMS7f5uOkvAsyCQkpkyk61bEkbpelzeMUhhBvJKERyDwlbgGMp4sQiDv4ReaNmVZiADwd+Tpxp3qz7ZqJ2DBtbPsa57EmxrHxvbv5v3pBMpD89dhumI2ONDRRmOXBoe/MkYNi+cbPhxU+095d2/GhARguG5vjGrm9Aen+tcaAaWGQ8YwvIwZkhC+sgd+2HId8JasJbhwtVpEweJtMnHm2ZUzdeYhqr/N4d3T/JT9OH004qb7Vr2IKwOj8C3NOqKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zdfamN5fWns1/aeXP9M5Uy65PluQsZwBxy7xnQszB8U=; b=BIyn9W9M+AFQja3eJkDM6Ad5lCriQQEY2xp8Ccx7vVi0eq71jDkaICV9WCrK0DkzAyVWgJE/8UHGZSmcXqi3RQKEUfQ+yeOmUzP12pYgL21JFeXb5aTErKj0YaLFrXEAYiqx6JXTC8QEv0xsN52ZCDG30CJ61oc79e0GePVwQk+2hfs5oZ1Kjo3xyFOH49XhmLtubwQeKZBxFqp4B3kXW0VKV92Q7E7UeH4u1COaIYyLtnvvGHZPamUWaO1y+2Ryd+eBA5q0BA/AEmNvb0R4bfVw/a23dYupSgukCI8rqmRryJ3s/sp4dhOO5m8uceipsJASgdB+255HEJecXZcRfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zdfamN5fWns1/aeXP9M5Uy65PluQsZwBxy7xnQszB8U=; b=FYTOM54tNvViHoIgyaKQSUN+IuZ9dnR0VmoVnN+XPn3Qeyl+rhY04bDyQ8pdPvweTHztKHChRamGOqFonjcQTw6WYjm8StAmVz8UktmXLxORS6SOD0GKowNEZXiUGU9xn0ZzFZ16x34bLoyccwHYDx7lobYeFosdataihkEuodvoEvy+OyZSsXrVyosB084HHYAl+JQHj39KWTkciUXRAnRbgpGpVqXVQJN62KNWjp3mLq7FHDc0yXKJCJSAvIMWZLqIOYht8ISwdekFs1Kl5E4Rv+n27UhJJFthGbCX2+zqoBPwvcMfq0KPVpo6Zgb4awVGpfEknZrH9HFvLXdWlg==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by PH7PR02MB10326.namprd02.prod.outlook.com (2603:10b6:510:302::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Wed, 3 Apr 2024 15:52:13 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66%4]) with mapi id 15.20.7409.042; Wed, 3 Apr 2024 15:52:12 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, Vladimir Dzhuvinov <vladimir@connect2id.com>
CC: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] WGLC for OAuth 2.0 Protected Resource Metadata
Thread-Index: AQHagEXgCKHWo/BnSESn/vIpUYLzj7FNpEIAgAfpWICAASy2sA==
Date: Wed, 03 Apr 2024 15:52:12 +0000
Message-ID: <SJ0PR02MB7439DA7D7B5517D9AC1509C3B73D2@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <CADNypP9QRjmgs5Si4Fj+hSmScwx+4ihQmxfznCCVE4+8F2UFkw@mail.gmail.com> <bb6c0d9f-5156-4b2b-b102-883ee913dfd5@connect2id.com> <CA+k3eCTpS0fa4OdatfPk5xNyLecfBRZZHaOgLV1G3X20NWQzgw@mail.gmail.com>
In-Reply-To: <CA+k3eCTpS0fa4OdatfPk5xNyLecfBRZZHaOgLV1G3X20NWQzgw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [BcBnFEYTNqTptI/CeBMx9zs2wEhnGHzW4HES+HjZoOWbO2tjzQ2aGUikV4RIAp0x33hSM+emHis=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|PH7PR02MB10326:EE_
x-ms-office365-filtering-correlation-id: 5c8407da-70ce-4f39-8fca-08dc53f60723
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BOxJIXfafvzwNIbg9iyn76G1S/yE8CYFNDpToqRxezG/TjAZ1wZ1obvBSQOjVmLHC/1a2w2jMPMaINhN1FFMTbHTduvVDd+6bwBCQQcpmTF5OxbWwtWcD6dC3wRxyvJ6shtguSDYHwwWrGNa25VPDNgTXcjQvkPbHlC6PjzU6iRGeaslRNSgxILGzcr71RtAZfb7IdYCbHaBPqwUqyLBgKBjLkic2o9/fW3PfTd315fjYcLa5itSaGMdTz2k5m5+yGKhWL5E1LYIsuwyhjVsTdQDVkKtLoRVdEcTyXP8UlPzpR35r1SG2fEroPWWLsb+Nn7k3dmVFO3wfIZ0ZmCc+NYCfix4QpXucb0rP25ZIi5ndy8DJn5w7g+VmV3HTkTCNQZUkERF+9uAloxsqUDZHLMSnSX5VSsOR3IqPzEEeGxLEd0TOVXOFOC3Tbx411nSSs/SdW377kv2HF+s6XYOQS2N9a/B6Pc1gv2GA65o++gaptklFrMARB98YxitO50E5FcdMmqjM/ExqMt2JJuYt7sPRJruqZL0pFNwTpg8n+KVgogddpHxf1cb5qp3lLfAALxsCc/0lp6nNhuOyPjRqPZ8X6DlQij/1bhcPP1cS2uiyk4FpLcf09PR63I4Tqsabfk5lQ6rOH/pmQNvwU8f1DNou18pprArwm+R7R4VCpTMj440aFKi8Y0dH0XdWx8pL26RvH958L/h30b3hLG9qg==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NX4fPaZ2KAwiJ7WzA4265lQ2JjDUzjjHlzLgIjVy4dnoRmMH31JgHAOpnNZ21QMj4O364iYVkTAUMExDn/nSv8ynyxkyzV5Da6lOLEbrqI3BFyI2QIXZhNp4Bv0lLGm29hHlHGTte7BQN19Fo4D8J9XX1JucPCXtHld2JfztagYv41DMiqP/lpXPUd2VVvDhl1H4qf9XKkZZyT+F/vCv+sr34yc3fnGF/56rHSRvmpXbGPkBHHeCiHxQOYceyWGr/FebcVy+EUy783oZYzRX05cxYkbp2Mc9bTCBpZvJC6w/AApA50YFtLJI0zD/qyDnIS8cOciDxmccgj4tqGpK3/F8qLz43it2ACRisZ7kR8r8lg1AyHB9Z7YUnIcEH2cnzPTHqj4mzblJspRCn4vSavKxD/GvKhcZFoWldsRd5DP4/xuBIkvncsS2hlqe2DlSjJhxohS+V/XqGFUvOWJFjFyPgJ+gUlJfS5vDvXhzc3XRUxCs3yu3j+s+Yce/O/UfBdjzpFTZFI2rN2bKmDJBZ5HhdTjWSvcY5/xR+DY51OxA6q/4rQ5CZh5ZZj1cGCq0q/qAGWkDnarv/xBIQKBF4WWQCEbr5ZSdKnL3yoWNSfoTuqkzn3ZEIXHUfECD8LYMYn27zZsZAym2dl79f2q/N1RKBlXfEQjDeAoYDrH0oFx4cJz14GE1om8FFmHB7FxBBN6E799CBXM7Qia7bZALQaqFTAonph2PaFvBLTl/WCgNwYhox34mpfasT3+NJpBdTjTmBIXnPM6kr9ygvn2AtQ0lPth/c89FUl4etEU8EtHOA0kN4hvfamkTnbm7k43gYrhQ42K0VM+Z4P8XjEmtKqRAq/04hym5cBsYFTPPnki+y46U8KIKiP91iRrYhPVmsvEdMj2SUimhDDZ5tmtLg2gKEJ2TMPlijVt7DzXmEUkFyAygaKG+tMukvvqrVcHZAAECbJdgAjEUH2VNnkbGBCSM0SaK3bsbqlu0eCqMb/iFF0TLY7FYtJEKN2eqVF9K+5YarmFNHbpitw4CKJx2Hb1N24hFYDlgVIgIgqxevT9gzEsdd2HKf/+nXYzTScIefRauk+IkmxM7erUEhzLYDr+z8InRaPU896hUqXe31+3ccBB88jhJt5WwHmgZ+M8hNsDyVk7OY2nlcO916IfVTJHczmbZWbx1DGWgL5pNgSpcg1FAxJeoukAfkW/dlCKa7YTyZJUkpSPwFIzBokjcCt/wn76TOWYT17HTS0PeggzW6glzWOhx+YrbGjBGVbYeXarvzcUY631pU+zeSsCemst+NdhulIFTP0yETmP7KtTU5632aPSpe3c9LAiFnoB0
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB7439DA7D7B5517D9AC1509C3B73D2SJ0PR02MB7439namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 5c8407da-70ce-4f39-8fca-08dc53f60723
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2024 15:52:12.6117 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR02MB10326
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/dBHRlfdHBlVbbF9C9WtA4JZnP7o>
Subject: Re: [OAUTH-WG] WGLC for OAuth 2.0 Protected Resource Metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 15:52:19 -0000

In October 2023, we added this text describing signing resource responses:

These values may be used by other specifications, such as the jwks_uri used to publish public keys the resource server uses to sign resource responses, as described in Section 5.6.2 of [FAPI.MessageSigning<https://drafts.oauth.net/draft-ietf-oauth-resource-metadata/draft-ietf-oauth-resource-metadata.html#FAPI.MessageSigning>].

This uses the jwks_uri and resource_signing_alg_values_supported metadata parameters.  Admittedly, we’re not describing use cases for resource_encryption_alg_values_supported and resource_encryption_enc_values_supported at present.  If people feel strongly about it, I’d be willing to remove the encryption parameters since they’re more speculative, but I believe there’s a solid use case for the key set and supported signing algorithms.

What do others think?

                                                                -- Mike

From: OAuth <oauth-bounces@ietf.org> On Behalf Of Brian Campbell
Sent: Tuesday, April 2, 2024 2:45 PM
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] WGLC for OAuth 2.0 Protected Resource Metadata

I've had questions similar to Vladimir's* and do still think that some additional context or clarification or something in the document would be helpful.

* https://mailarchive.ietf.org/arch/msg/oauth/LA6sqNOV98D7wP44p2Hl6dpSmtg/

On Thu, Mar 28, 2024 at 2:57 PM Vladimir Dzhuvinov <vladimir@connect2id.com<mailto:vladimir@connect2id.com>> wrote:

I have a question about the parameters: resource_signing_alg_values_supported, resource_encryption_alg_values_supported, resource_encryption_enc_values_supported.

I'm not sure how to interpret "content". Where the algorithms, if advertised, get to apply. Is this something that resources / applications will define, depending on the resource characteristics? If we take JWE for instance, it could be used for 3 things at least. To encrypt bearer JWTs to access the resource, in addition to encrypting request and response payloads.

Vladimir
On 27/03/2024 14:53, Rifaat Shekh-Yusef wrote:
All,

This is a WG Last Call for the OAuth 2.0 Protected Resource Metadata document.
https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-03.html

Please, review this document and reply on the mailing list if you have any comments or concerns, by April 12.

Regards,
  Rifaat & Hannes


_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.

v2.23.0 | Report a Bug | By Email