Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-12

Mike Jones <> Mon, 03 March 2014 22:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 58E461A0233 for <>; Mon, 3 Mar 2014 14:28:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dX0JuzwiRP2Q for <>; Mon, 3 Mar 2014 14:28:11 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1987C1A01E8 for <>; Mon, 3 Mar 2014 14:28:10 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.888.9; Mon, 3 Mar 2014 22:28:06 +0000
Received: from (2a01:111:f400:7c10::192) by (2a01:111:e400:879::28) with Microsoft SMTP Server (TLS) id 15.0.888.9 via Frontend Transport; Mon, 3 Mar 2014 22:28:06 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.888.9 via Frontend Transport; Mon, 3 Mar 2014 22:28:06 +0000
Received: from ([]) by ([]) with mapi id 14.03.0174.002; Mon, 3 Mar 2014 22:27:37 +0000
From: Mike Jones <>
To: Hannes Tschofenig <>, " WG" <>
Thread-Topic: [OAUTH-WG] draft-ietf-oauth-json-web-token-12
Thread-Index: AQHO1zhaddbyc4KU+UWJrMJ6EdGL+5rQsHvQ
Date: Mon, 3 Mar 2014 22:27:36 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(6009001)(438001)(52314003)(53754006)(377454003)(199002)(189002)(76796001)(81816001)(81686001)(69226001)(49866001)(47736001)(81342001)(81542001)(50986001)(15202345003)(33656001)(76482001)(95416001)(23726002)(4396001)(46102001)(76786001)(47976001)(74706001)(15975445006)(92726001)(66066001)(74502001)(92566001)(74366001)(87266001)(86612001)(93136001)(85806002)(79102001)(31966008)(74876001)(85306002)(56816005)(93516002)(47446002)(86362001)(53806001)(95666003)(85852003)(59766001)(50466002)(46406003)(77096001)(51856001)(65816001)(74662001)(80976001)(83322001)(54356001)(44976005)(94316002)(77982001)(90146001)(87936001)(80022001)(54316002)(19580405001)(94946001)(2656002)(19580395003)(20776003)(6806004)(47776003)(63696002)(55846006)(83072002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR03MB017;; CLIP:; FPR:80B5E1A9.A933ACEA.31EE3E4B.508ADE99.202A4; MLV:sfv; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0139052FDB
Received-SPF: Pass (: domain of designates as permitted sender) receiver=; client-ip=;;
Subject: Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-12
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 03 Mar 2014 22:28:14 -0000

Hi Hannes and WG,

I just did what you had asked - sending detailed replies to everyone who had sent JWT WGLC comments.  I'd addressed most of the comments earlier but discovered a few requested clarifications that I hadn't incorporated yet - hence the -18 release just now.  As you can see from the diffs, the actual changes are quite small.

Anyway, this was a useful step.  Thanks for pinging me about it.

				-- Mike

-----Original Message-----
From: [] On Behalf Of Hannes Tschofenig
Sent: Friday, November 01, 2013 12:27 PM
To: WG
Subject: [OAUTH-WG] draft-ietf-oauth-json-web-token-12

Hi Mike, Hi all,

I was just trying to find out whether version -12 of the JWT spec addresses prior comments and the diff version of the document does not really give that indication. To me it seems that version -12 of the document was published to update -11 in an attempt to create an alignment with the JOSE work.

I believe it would be useful to respond to the review comments so that we can be sure that those had been taken into account (or that they had been rejected for a good reason).

Here are the comments I have found:

* Review by James Manger:

* Review by Mishra Prateek:

* My own shepherd review:


OAuth mailing list