Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19

Mike Jones <Michael.Jones@microsoft.com> Thu, 01 May 2014 07:19 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 757F81A0A25 for <oauth@ietfa.amsl.com>; Thu, 1 May 2014 00:19:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6WO0NKY4V6Y for <oauth@ietfa.amsl.com>; Thu, 1 May 2014 00:19:34 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0243.outbound.protection.outlook.com [207.46.163.243]) by ietfa.amsl.com (Postfix) with ESMTP id DD1C61A0A15 for <oauth@ietf.org>; Thu, 1 May 2014 00:19:34 -0700 (PDT)
Received: from BY2PR03MB027.namprd03.prod.outlook.com (10.255.240.41) by BY2PR03MB330.namprd03.prod.outlook.com (10.141.139.18) with Microsoft SMTP Server (TLS) id 15.0.934.12; Thu, 1 May 2014 07:19:31 +0000
Received: from BY2PR03CA049.namprd03.prod.outlook.com (10.141.249.22) by BY2PR03MB027.namprd03.prod.outlook.com (10.255.240.41) with Microsoft SMTP Server (TLS) id 15.0.934.12; Thu, 1 May 2014 07:19:30 +0000
Received: from BL2FFO11FD021.protection.gbl (2a01:111:f400:7c09::155) by BY2PR03CA049.outlook.office365.com (2a01:111:e400:2c5d::22) with Microsoft SMTP Server (TLS) id 15.0.934.12 via Frontend Transport; Thu, 1 May 2014 07:19:30 +0000
Received: from mail.microsoft.com (131.107.125.37) by BL2FFO11FD021.mail.protection.outlook.com (10.173.161.100) with Microsoft SMTP Server (TLS) id 15.0.929.8 via Frontend Transport; Thu, 1 May 2014 07:19:29 +0000
Received: from TK5EX14MBXC288.redmond.corp.microsoft.com ([169.254.3.63]) by TK5EX14HUBC102.redmond.corp.microsoft.com ([157.54.7.154]) with mapi id 14.03.0181.007; Thu, 1 May 2014 07:18:55 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
Thread-Index: Ac9lDZvNwUXiaK30S5Cr4jGGLExoyg==
Date: Thu, 1 May 2014 07:18:54 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439A1A1593@TK5EX14MBXC288.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(6009001)(438001)(377454003)(189002)(199002)(13464003)(50986999)(54356999)(46406003)(77982001)(2009001)(15975445006)(86612001)(76482001)(31966008)(97736001)(97756001)(55846006)(46102001)(4396001)(87936001)(20776003)(99396002)(47776003)(44976005)(79102001)(6806004)(74502001)(19580405001)(19580395003)(2656002)(83322001)(80976001)(84676001)(66066001)(80022001)(92566001)(92726001)(85852003)(86362001)(74662001)(15202345003)(81342001)(83072002)(81542001)(33656001)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR03MB027; H:mail.microsoft.com; FPR:; MLV:sfv; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 01986AE76B
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/dq9JHDeMkSgdqAy3SFU7W0jkubY
Subject: Re: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 07:19:40 -0000

Hi Hannes,

I have the changed the RFC 6755 and JWK references in http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20 in the manner that you suggested.

				-- Mike

-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, April 23, 2014 4:49 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19

Doing my shepherd write-up I had a few minor questions:

* Could you move the RFC 6755 reference to the normative reference section? Reason: the IANA consideration section depends on the existence of the urn:ietf:params:oauth registry.

* Could you move the JWK reference to the informative reference section?
Reason: The JWK is only used in an example and not essential to the implementation or understanding of the specification.

* Would it be sufficient to reference RFC 7159 instead of the [ECMAScript] reference?

* The document registers 'urn:ietf:params:oauth:token-type' and it is used in the "type" header parameter.

The text, however, states that the value can also be set to jwt. Why would someone prefer to use urn:ietf:params:oauth:token-type instead of the much shorter jwt value?

Ciao
Hannes