IETF Logo Mail Archive

Re: [OAUTH-WG] self-issued access tokens

toshio9.ito@toshiba.co.jp Fri, 01 October 2021 00:58 UTC

Return-Path: <toshio9.ito@toshiba.co.jp>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5877A3A0A84 for <oauth@ietfa.amsl.com>; Thu, 30 Sep 2021 17:58:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0lnN38Qa_n6c for <oauth@ietfa.amsl.com>; Thu, 30 Sep 2021 17:58:20 -0700 (PDT)
Received: from mo-csw.securemx.jp (mo-csw1114.securemx.jp [210.130.202.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37E013A0A7E for <oauth@ietf.org>; Thu, 30 Sep 2021 17:58:19 -0700 (PDT)
Received: by mo-csw.securemx.jp (mx-mo-csw1114) id 1910wFbg027962; Fri, 1 Oct 2021 09:58:15 +0900
X-Iguazu-Qid: 2wHHCQcinec5hnIbbN
X-Iguazu-QSIG: v=2; s=0; t=1633049895; q=2wHHCQcinec5hnIbbN; m=gfAj/fSnY+pOgTF6bJzV4EbOJ+W7Df//mzBPLvlOzbw=
Received: from imx12-a.toshiba.co.jp (imx12-a.toshiba.co.jp [61.202.160.135]) by relay.securemx.jp (mx-mr1113) id 1910wEG5001092 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 1 Oct 2021 09:58:14 +0900
Received: from enc02.toshiba.co.jp (enc02.toshiba.co.jp [61.202.160.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by imx12-a.toshiba.co.jp (Postfix) with ESMTPS id AAB641000C0; Fri, 1 Oct 2021 09:58:14 +0900 (JST)
Received: from hop101.toshiba.co.jp ([133.199.85.107]) by enc02.toshiba.co.jp with ESMTP id 1910wE8L013572; Fri, 1 Oct 2021 09:58:14 +0900
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V7GNKv1iohJQ1IfaDmP3XVuv/VE4D6Hvo0Flyh0rE/Y2KFmbcGQeIo/aCS5hm8uvTVFBj7CWKcbdEFkTo35VtSHRuZ9WQ6w5m2Rp6hArWwNM09hJ0yuQ3FUQCc0FWVupQ0NqCYZekErXpOOoCO4qEoti8GhI1HcUPB2L8yfZ5uW62YOyKLzmeV4VeQqUx6WDnBj0uZAq9B/pChoy5pWVpFS+/qatZUJWhRq/IrtlaKKR4Ilx1tWQFcKVotzx58Weq1BsZxbVFjYTA3jq+xaIZk519k795wSgWVs68b+y/A0EhQlnA6gL288D6VSawKQlcFsqs7OQqEdFq4GivYlqmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dkSWkKiiYUBMGeLEl1mjN0MXT9IpreYaLZ9uXSavBVs=; b=i08oBss4iW17oC6knJrAVLkW5yr+OPjKh5ci6S+7v9Quq9zexHkaQ2QLfz0VH4gkfv6E3hJy7GENEzW82L0Ir871JXGAN6FvXlEAkGorwyZ7bEhyZN4yJU02m/e1G/F2J8uS2vlWpHLhDfNyD5KtkjG61E/stoLP4e96yI8YGb00Mg7bL3rzTRreo2qt+ilp6WnZkD4UFyooqSDRq3KOhzBFe+oWKv4+Vn/UOAgQg96iqSoqJ9vXlxE/4Iwbs2Ju1sp0pnpskNgLtT6lo4IlemtOE7YvaJp5TIMn719NDKNPNzGwOwXoZHPwA3ZvTCpfxHJ6kXXAMVSe0+bPPvkjKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=toshiba.co.jp; dmarc=pass action=none header.from=toshiba.co.jp; dkim=pass header.d=toshiba.co.jp; arc=none
From: toshio9.ito@toshiba.co.jp
To: dick.hardt@gmail.com
CC: oauth@ietf.org
Thread-Topic: [OAUTH-WG] self-issued access tokens
Thread-Index: Ade01Nk+d5eF4L5tTXCgjU67TgIDjwAIzLwAAFmdA8A=
Date: Fri, 01 Oct 2021 00:58:11 +0000
X-TSB-HOP: ON
Message-ID: <TYCPR01MB56784381BE6799ADAA46E360E5AB9@TYCPR01MB5678.jpnprd01.prod.outlook.com>
References: <TYCPR01MB567859999FB3350D6A1C63E5E5A99@TYCPR01MB5678.jpnprd01.prod.outlook.com> <CAD9ie-sgjUv3fppvTZvPpOyUKXo1H1i9LtkOk2yxzZ1+A+wt6w@mail.gmail.com>
In-Reply-To: <CAD9ie-sgjUv3fppvTZvPpOyUKXo1H1i9LtkOk2yxzZ1+A+wt6w@mail.gmail.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=toshiba.co.jp;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8d1f2a38-ef86-4c05-5f2e-08d984768aa1
x-ms-traffictypediagnostic: TY1PR01MB1579:
x-microsoft-antispam-prvs: <TY1PR01MB1579BFFA1ED0DDD58542CE2DE5AB9@TY1PR01MB1579.jpnprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2733;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yWm3k+OJ2IZkVYauXdwMik0JvOksSW9553zzlTu6vyQUAArTOkva6vtkO4RYxgjwf2NHND+LJuH9eyIja6GYCI1rIc1sj/MavOVgIGV5K/h8lgOX/2vRzLW1gssYVcBahprCMor4w4rhy1wiqS4AgHgKkOzK6sypQ4Wy03kyJZYVU02azzXbnmDq6M6F+k9dnIC+ZgGYgtSd1xzlJcm7+ym4MKmmZ2KrTSFGlDCuimBcVIwL0RFixqAXRl+XtORQMayoXsIPxJJCRxytm+1b+WllYqlvfXmYQcMp1a4bXM6zHqRrNjtALSmUmUpWJ2Rf/iGPVSjtcKOUiUrkMOtMbOXTJQmjN9buaGiOl//R6EqgDOmdIdCLwEszARrCr/ni1wTpB5EM68UuyGZcQUS7U30+ETAuURJlbbYp++g7T0N7CqPuXMWed1CGiEx9ZKA2koqqH7q+mUM9VJnGb2Z2Cv3Bn6D9FRpQzEk+AFIV7P8tmgnzP90j79Lf26UtjRyhwq2vFx53TGydA4qzt9nwpZUX8WrcjY4CDP0GZspl5JMxnqsJsic1LUCoog5LOEGiHs5Rn3uDRNf74WgGCboS66yWzKuZlXxhGCeTd717iuDoqTHkRI5L8OuWoOdixGbHMmJXgkjMbldBkQfv5/QKLi8Af6kIrGXKIg+y9eBsjjC1Le4V5SDmTIfzNB2BvYj2SRof2DoYJ+brs2BnP/uQyg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:TYCPR01MB5678.jpnprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6916009)(26005)(38070700005)(186003)(5660300002)(76116006)(6506007)(33656002)(55016002)(4744005)(8676002)(86362001)(38100700002)(53546011)(71200400001)(122000001)(52536014)(316002)(4326008)(66556008)(66476007)(64756008)(7696005)(508600001)(66446008)(8936002)(83380400001)(66946007)(9686003)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dTpjgJPWC6I+j9aaBME7uHzjgV1B6BnXLaMfovQfjlOtR6+aIE7KgC17ApS2ytDJMNvMRZceX/AakqyCODwjlHnhXne1W0kKaNKUMV/efonFN0gZyIg3kJfLgGzMe3q3ywO+/nElLWdHFaMFLVHKIMbfVKDnizUHOsd9WaN+KujFiDpdyuLqfhaWxhtDHz0oy1Q+z+R59xXGsmWuLlKwk+mQX4tb4P8rHwsZ/soJkh5XEdlmO/MVfvug6TXYmfRGscaAhajAhFKoJKzFIj0qttVZ2I/XogmYFDjqBcVeweaMtr08GdtRGCiNuufPv3hZBo5AkgwlhgwP4rtP5upNA2ISjvRR1a6dHOlrQLHP4QlshV/x3c3RqwrHHnWZ02P3okV/RRi8M3uSlIOfVVgsrJEWAmeY6N3jg/4ZuwmPmZSnPYCpi16iQHy0zWTDB1LNOVkOa8x2Uz13xCZO7ZK6+iBE/54Y7XZMfHNqZy6FsOJ36Essg3Wn/3xk00CUVfaYyiyaCcVPrc/ZZDB6unhQCP/+G+VZXQbKOO81eKwNZBMvwpYhl0TCujeWHf7LSJAmkExoTEALIUqfZOEql1LJjYwHne0V429pmu1fyEIFZoKh363X3uMpQVZAoJ7dxvAiczmS6EdT+wZypARctuqfWohYIXMj4r60kV1LTAt5enqDxSoBq88YojCUVCW9xHS6iR6YVFLm0HhRN7AfnGxLJ4/miVnD+3W3RJ8hKVTUzNVnzihjGIyakyw8MsX59VKzlFFAQhDvpv2TU0K1F88tOswzKjxhC052rBWx7MKEYyEXzBt8Ok18IUtIRwLKXBeq99ItCQFPuzHxxfVlQfCuQxr80dQ39n6ba5KZSnGcJKiTShH08IYzCCVgdHZ5MSwUFBooar53/jMkfCqQkfqpAA1vWW9zIAxBnBew+EM0j6IFn3n/5bv5/c2q1kxg/7XaxNsTR4xoO569dLGXUo2JhIE4n+sXi7pauHkugnQX0FfcBLSFdz5uiX3RdOIsAYvrlmFgFZlbDiI+nlSaqcLtVZLMQ7CzSLsxyZHFU6rhXci0Iumk/H+RtUq+VSgKwqeEr81gPD1cFhvQCllCw7h2OdQSU1xVvm+tLh+qcaIB8lr0oLqpgvzDLmpxNep8qeMDunGsprr0rxeRhX8e1rTsbm+Qh8Om8BlD0ebW1Hedf3rehyj2QD7Uop/2quKp44zwzkZw5EP85nvEV2iWPjv9PGfBKUh+XdmxFlqS3v7W1xWiZx85hnS5OuM0wAoJhobOoiuKHnyvLcOIpvCgUpBBszqpX6k3z7fyT//PmxkXd2A=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_TYCPR01MB56784381BE6799ADAA46E360E5AB9TYCPR01MB5678jpnp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TYCPR01MB5678.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d1f2a38-ef86-4c05-5f2e-08d984768aa1
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2021 00:58:11.5538 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f109924e-fb71-4ba0-b2cc-65dcdf6fbe4f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6oTIWbPh/kwxlyiv4088c9jyWgPblSMaARkA3iHELJlXBo0/GSCEfakDT2PwJqYJOW/FmosUH+RBs5QOxskGHhWZkD476KbDouZdDtNE+90=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR01MB1579
X-OriginatorOrg: toshiba.co.jp
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eZKYE2EdVC0wNBIHVQtN_go3_QQ>
Subject: Re: [OAUTH-WG] self-issued access tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2021 00:58:26 -0000

Thanks Dick,

I agree. The scenario of self-issued access tokens doesn't really follow the
model of OAuth.

So, if we do standardize self-issued access tokens, maybe OAUTH WG is not the
right venue. Maybe HTTPBIS or HTTPAPI WGs?


Toshio Ito

From: Dick Hardt <dick.hardt@gmail.com>
Sent: Wednesday, September 29, 2021 3:06 PM
To: ito toshio(伊藤 俊夫 ○RDC□IT研○CNL) <toshio9.ito@toshiba.co.jp>
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] self-issued access tokens

If the client is sending a self-signed JWT to the RS, you essentially are just authenticating directly to the RS. Not really OAuth as the RS has not delegated authorization authority to the AS.

If the client sends a self-signed JWT (a PAR) to the AS, and gets back an access token to present to the RS, you get centralized authorization decisions, a key feature of OAuth.

v2.35.0 | Report a Bug | By Email | System Status