Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-07.txt

"Nat Sakimura" <> Tue, 19 January 2016 09:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 918CF1AD0AD for <>; Tue, 19 Jan 2016 01:55:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.608
X-Spam-Status: No, score=0.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NIRmweKAbgQo for <>; Tue, 19 Jan 2016 01:55:02 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E58AE1AD0AB for <>; Tue, 19 Jan 2016 01:55:01 -0800 (PST)
Received: from (unknown []) by (Postfix) with SMTP id 4CAA217EA40 for <>; Tue, 19 Jan 2016 18:55:01 +0900 (JST)
Received: from ([]) by (unknown) with ESMTP id u0J9t1Ah025294 for <>; Tue, 19 Jan 2016 18:55:01 +0900
Received: from (localhost.localdomain []) by (Switch-3.3.4/Switch-3.3.4) with ESMTP id u0J9t0n3050728; Tue, 19 Jan 2016 18:55:00 +0900
Received: (from mailnull@localhost) by (Switch-3.3.4/Switch-3.3.0/Submit) id u0J9t0w0050727; Tue, 19 Jan 2016 18:55:00 +0900
X-Authentication-Warning: mailnull set sender to using -f
Received: from ([]) by (Switch-3.3.4/Switch-3.3.4) with ESMTP id u0J9t0X5050724 for <>; Tue, 19 Jan 2016 18:55:00 +0900
From: Nat Sakimura <>
References: <>
In-Reply-To: <>
Date: Tue, 19 Jan 2016 18:55:11 +0900
Message-ID: <047501d1529f$7c7b7b40$757271c0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
thread-index: AQGHmPdrDB93G3/pOdb2tld9cUlLxJ+WClzA
Content-Language: ja
X-MailAdviser: 20141126
Archived-At: <>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-07.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Jan 2016 09:55:03 -0000


Took much longer than I anticipated but I finally applied the comments I
received during the WGLC. 

When broken down, there were 44 comments that needed to be dealt with. 

I have accepted most of them. There are a few discussion points, and a few

I am now making the list of those, but as I am going into a meeting now, it
will not be available before tomorrow. 

For a preview, you can go and see them in There
are two sets of comments provided by Mike and Brian as of the time of this
writing. They have unresolved comments. I have recorded my dispositions
there so if you are so inclined, please have a look. 

I will pull out those points as separate issues in the tracker so that they
can be individually tracked. 


Nat Sakimura

PLEASE READ :This e-mail is confidential and intended for the
named recipient only. If you are not an intended recipient,
please notify the sender  and delete this e-mail.

-----Original Message-----
From: OAuth [] On Behalf Of
Sent: Tuesday, January 19, 2016 6:44 PM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts
 This draft is a work item of the Web Authorization Protocol Working Group
of the IETF.

        Title           : OAuth 2.0 JWT Authorization Request
        Authors         : Nat Sakimura
                          John Bradley
	Filename        : draft-ietf-oauth-jwsreq-07.txt
	Pages           : 16
	Date            : 2016-01-19

   The authorization request in OAuth 2.0 [RFC6749] utilizes query
   parameter serialization, which means that parameters are encoded in
   the URI of the request.  This document introduces the ability to send
   request parameters in form of a JSON Web Token (JWT) instead, which
   allows the request to be signed and encrypted.  using JWT
   serialization.  The request is sent by value or by reference.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at

Internet-Drafts are also available by anonymous FTP at:

OAuth mailing list