Re: [OAUTH-WG] Benjamin Kaduk's Discuss on draft-ietf-oauth-jwt-introspection-response-08
Jaap Francke <jaap.francke@iwelcome.com> Mon, 02 March 2020 09:34 UTC
Return-Path: <jaap.francke@iwelcome.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC3953A10D0 for <oauth@ietfa.amsl.com>; Mon, 2 Mar 2020 01:34:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iwelcome.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ie1MuZHA0RqO for <oauth@ietfa.amsl.com>; Mon, 2 Mar 2020 01:34:54 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2073.outbound.protection.outlook.com [40.107.20.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2FE53A10E8 for <oauth@ietf.org>; Mon, 2 Mar 2020 01:34:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XhwDYRcNGUdKJeIL2Gqn8iNV1RSCphkb5adyCmd2dSQmXad6BYSr9GVpukkRu6sLmAMe1nWRttF8rQ8TSADcRhuphcuh7nwTxU76RO1RyPjccuRdMGDXWfPFKfs3JT9KUCYV9/f88LosiYVhcYw3VZoh0hhZQTETLZveq5A60WLvDO+4UVDPug3TOznQQNuSAg2TrhRDNXl24Gs6BGGlgPn+ojbo46bfkxNRJWYRBzkOjZ6tAL46OgxlBs+gsmQaXZ2/5eWM1v57hbo3yb54qIjhT4Xqk3rQ54XKwQNI2jZ5eDLkVLOQzAAFkygjlp3/pIJQ7/U9/Bp4kpggz+qiSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=7vAVIS27SXG+XRw2a+2bLYRAV6KVAoexbCBnzGwyeBc=; b=bc7vtyTYS2lxQPiTVjbFIB8VgMqmm2bH98WJ+rrIa/FS4a/ggECwqN68zhN3Q8MeKsjpa/oQ7hHaNRyKFqC3N4TvikPe9wpYR3XgPPr2XEPtpKtxFne61bseSGQQMnhzjGOBg8tEXHIqKOCkymXUZhJYnTQR871e/jgAX3zoGJSX9UlisxLJyCJxXv+7UXZoEtb3mCCWFnwUVvS55CNVvgtqXxqoA9cEmxaenAgI7YOb+2Af6mNcTNFRf5Indoo1/w9XfRc7XVOWgm+ICkJVrTyq04Vjh9JZ+WXX2GD88XvveWvjGVQyFlpik/365PQX70UOpzkIEVkCBAGAysRC+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iwelcome.com; dmarc=pass action=none header.from=iwelcome.com; dkim=pass header.d=iwelcome.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iwelcome.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=7vAVIS27SXG+XRw2a+2bLYRAV6KVAoexbCBnzGwyeBc=; b=P2PB9YlT00HGi9JmLuMQIx1IGISDg90YLtChatCiiF8EJTbPLqoWCRVZepunHP2+bY8bozCqjlq857i2bjdlwT6/UfU+tnIg7G2643mtmXph+HauONHBbLN3nrHt/pjkDuspuCR7a7EaZ2ocpMWGEFwAcLBbDH1h4zuQZtbMz7Q=
Received: from AM0P190MB0657.EURP190.PROD.OUTLOOK.COM (10.141.146.9) by AM0P190MB0692.EURP190.PROD.OUTLOOK.COM (10.186.129.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.19; Mon, 2 Mar 2020 09:34:51 +0000
Received: from AM0P190MB0657.EURP190.PROD.OUTLOOK.COM ([fe80::8096:e15c:fe1a:bf9d]) by AM0P190MB0657.EURP190.PROD.OUTLOOK.COM ([fe80::8096:e15c:fe1a:bf9d%7]) with mapi id 15.20.2772.019; Mon, 2 Mar 2020 09:34:51 +0000
From: Jaap Francke <jaap.francke@iwelcome.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-oauth-jwt-introspection-response-08
Thread-Index: AQHV8HXSMKnoLUC2KESkgbNL2SjjbQ==
Date: Mon, 02 Mar 2020 09:34:51 +0000
Message-ID: <616CC763-081D-41C0-BCC6-95FCAAAEA660@iWelcome.com>
References: <mailman.2252.1583127209.10874.oauth@ietf.org>
In-Reply-To: <mailman.2252.1583127209.10874.oauth@ietf.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jaap.francke@iwelcome.com;
x-originating-ip: [86.84.216.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0b5159b5-133d-4216-2bbd-08d7be8cf524
x-ms-traffictypediagnostic: AM0P190MB0692:
x-microsoft-antispam-prvs: <AM0P190MB069267712E031E35A102C7ECE4E70@AM0P190MB0692.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 033054F29A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(39830400003)(376002)(396003)(346002)(189003)(199004)(6486002)(8676002)(33656002)(8936002)(81166006)(81156014)(5660300002)(66476007)(66946007)(76116006)(71200400001)(66556008)(6916009)(2906002)(2616005)(508600001)(316002)(966005)(64756008)(6506007)(6512007)(186003)(26005)(66446008)(44832011)(4744005)(36756003)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0P190MB0692; H:AM0P190MB0657.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: iwelcome.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BsDqw8eh5rHHq/UaqQTCBSU1oY6orDZ/iGtGq01qvUUqSIThEz0YsUYs0fu047FDvYD+HoV3934tJQNB3D+fAwCh9qk0r186yFmCtVo2EbvDPf+0wJLvaCwVvmYBdXwe06pTzTInXHPj1c81oYZi69sEIPvAswBGWRIYlMoc6OO/ryEpAgiN1ngO/nL8qgA7t9JaBQY+4XSpKRP5xbdiB5Vh3fO5vHni98ZcYE0RCCI0evHFIZ51+fSce/KhZdLXNCtjlCeqjZ8+waTfUS2qXjEQow54WqNjoZ6urCYGOh8VVuQC2nZ4WCWB7xl+QA+bETWEAPqSiip5zGwpW3tDdbZvcutEJ6oMtM1sq3nVKFy10f9lTTI2HmszM66msIwhUpWHxpBdWC4P6ziFbUeUKbSXu3epKZczdt/Hll2VNIq11Wd4PBcAmDHt+6NkZBdNxwlt5hSE1PESMZ/1WQesUVj48irxgluX0J4pDYn9Gf3aTlwuEZZTiLSgtxNwHV9taoobsr+6yWmyUG/iD3NJ3A==
x-ms-exchange-antispam-messagedata: /jkXDx16z7bY5rUKtAvH0UZPZqP2AgfciuTHAiVVKdaeaqoNyelfMCKGzFDj7vRfdJbRV/+qzICewhi5TbEY0K9Xs+Vgwdabn8Kos2ZGgAPdDNDrRgkCJIVgQulbO7q/kYaDFidt8p3pzznUl6F4xw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_616CC763081D41C0BCC695FCAAAEA660iWelcomecom_"
MIME-Version: 1.0
X-OriginatorOrg: iwelcome.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b5159b5-133d-4216-2bbd-08d7be8cf524
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2020 09:34:51.2835 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d5d41fea-d7e6-42be-b3bb-05610e101f27
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BXMkprWB9VHy9VyONQ+mzJEK+D0nBlAUSSE4NTyD0weVw2unbjUE0/h/cjq6pRPydEXy5awXBVY7DCKv8i9AVCeXxb29u9t3nqfbJ3n+YAI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P190MB0692
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/gp7LMZ5bxSD0j8SxWma0bZfAqJI>
Subject: Re: [OAUTH-WG] Benjamin Kaduk's Discuss on draft-ietf-oauth-jwt-introspection-response-08
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 09:34:57 -0000
Hi Ben,
I saw your question and by coincidence i had just been doing some reading in RFC7662.
Maybe this helps.
Could you give me a pointer where in the text it says that if "active" is
false, no other claims are present? ("active" only appears three times,
but none of them seem to say this.)
https://tools.ietf.org/html/rfc7662#page-12 says:
To avoid disclosing the internal state of the authorization server,
an introspection response for an inactive token SHOULD NOT contain
any additional claims beyond the required "active" claim (with its
value set to "false”).
Regards, jaap Francke
- Re: [OAUTH-WG] Benjamin Kaduk's Discuss on draft-… Jaap Francke