[OAUTH-WG] Implementation Status of "JWT Secured Authorization Request (JAR)"

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 21 September 2020 19:22 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 268F33A0D0F for <oauth@ietfa.amsl.com>; Mon, 21 Sep 2020 12:22:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=9orl8227; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=9orl8227
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHcsNEh67isS for <oauth@ietfa.amsl.com>; Mon, 21 Sep 2020 12:22:04 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60048.outbound.protection.outlook.com [40.107.6.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A96DB3A0D0D for <oauth@ietf.org>; Mon, 21 Sep 2020 12:22:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hrc+A7+2sv3k6ZB14YRb5rHwNm20wZMV0zfBi/Pxoco=; b=9orl8227zIT8cVsXCzVSA/ZktK9DoJd6R9IaGMBdgDjlBQm7YJg7niHI7UDLgMOawrsRDsvFZTvLkcxxX/+m++ak6tu3JFWS3bo10hWtFiQEVm2dkvYyhs65EgYS213/iZ4dWrvJ1JkuLm5qjaLkzUBUyhe4YPuM2zTE16utmwg=
Received: from DB6PR0802CA0046.eurprd08.prod.outlook.com (2603:10a6:4:a3::32) by AM4PR08MB2771.eurprd08.prod.outlook.com (2603:10a6:205:7::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.23; Mon, 21 Sep 2020 19:22:00 +0000
Received: from DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:a3:cafe::fd) by DB6PR0802CA0046.outlook.office365.com (2603:10a6:4:a3::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11 via Frontend Transport; Mon, 21 Sep 2020 19:22:00 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT014.mail.protection.outlook.com (10.152.20.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15 via Frontend Transport; Mon, 21 Sep 2020 19:22:00 +0000
Received: ("Tessian outbound 34b830c8a0ef:v64"); Mon, 21 Sep 2020 19:22:00 +0000
X-CR-MTA-TID: 64aa7808
Received: from f57e0e31fa63.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 04FE5F75-86F3-427B-81A7-2B748EE428D1.1; Mon, 21 Sep 2020 19:21:55 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f57e0e31fa63.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Sep 2020 19:21:55 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G421VRZojTzD3kHapo7uig+LFViAQriNpAvHMy3BjwHRPLZfvxJG0XGteeURwtDbpQjTjdX34Rw/d/GXZMv9d/oFF5jPWO9WAqjRs7t2B/9sO7FWtGyhU3rEViUHSbaiZcaOBBNM7fMVXlK8X88BAknSxi6CU7Ddqq/TUyqeEoKVQfsyJun9xjyVz2Z/OHBnZoIZQHCluElmSPHjNhUSv+Sa6ftyxcyimzltEiUTwl5HIqD6pMkpMebHa7x9QexqYcMOJKoa3u13Uf3NcIrKahQelsHi9MomJ4hRzmXfW+2SsSj/DeL5QfH2ITNjAIuzkAPbgnWlYS1eIA1wwjVm9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hrc+A7+2sv3k6ZB14YRb5rHwNm20wZMV0zfBi/Pxoco=; b=XB5z/E5dluzYoOHJwfoQx7XrxAp5IksmUU1ilWMZjd76y9BdYmxSKrEO5j4Kgwkqd0ITDV3E1k190A4ENabnVKEe5JupqIWiPYrEU2dwtS3dHdDUdfQlAGP45IrbAzt/mo6Uy7qRZ3fiR7TvAv4o7U9zGvZqkaA8GbqLzrKnyI/MusH/gODWRogYZs2apcZUnWrRo7VTREZcFsn7YIyRLwU0bIk8Z+ojU+wf3F/fRaRj6Rkow1n1WfrP443VzhErbk4dhECJcNe2tiDvJfh9UR6Z/FgH1lorR/+A0kz7V/cl4LTDqBvxvALJYuShpoKsVWev5Kl34aIiCUTEUIxIxQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hrc+A7+2sv3k6ZB14YRb5rHwNm20wZMV0zfBi/Pxoco=; b=9orl8227zIT8cVsXCzVSA/ZktK9DoJd6R9IaGMBdgDjlBQm7YJg7niHI7UDLgMOawrsRDsvFZTvLkcxxX/+m++ak6tu3JFWS3bo10hWtFiQEVm2dkvYyhs65EgYS213/iZ4dWrvJ1JkuLm5qjaLkzUBUyhe4YPuM2zTE16utmwg=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3220.eurprd08.prod.outlook.com (2603:10a6:208:57::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Mon, 21 Sep 2020 19:21:52 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::900e:c64d:a006:4860%6]) with mapi id 15.20.3391.026; Mon, 21 Sep 2020 19:21:52 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Implementation Status of "JWT Secured Authorization Request (JAR)"
Thread-Index: AdaQSujbHb5ngNw4S0KD91Xu05AChA==
Date: Mon, 21 Sep 2020 19:21:52 +0000
Message-ID: <AM0PR08MB3716CAFF95F9A68853CBEE67FA3A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 9799BE1CF06AB74799761C2B8C994C34.0
x-checkrecipientchecked: true
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.149]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 011afce2-a720-4c9a-1c9f-08d85e639d32
x-ms-traffictypediagnostic: AM0PR08MB3220:|AM4PR08MB2771:
X-Microsoft-Antispam-PRVS: <AM4PR08MB277149D352530EB5CEE5457CFA3A0@AM4PR08MB2771.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:7219;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: yr2mKQk0bQ5yy0V2F3vSzTWtUafa2u1Y264dFFRvQ9SkMfGE/Rey891afRd0qHVj0KvR2sxe1gHaZHhHt2DVce8oZOALYbA6/o9ZX7TL+D3aCdayuG4nuKPKWe4S/oyPyuDBqQfWtMu63e20weOYZaNAGKQAX8HivP57LqEOP1bIxHSu4nXciH4LJ2req1QvbWWXxXAVhdTIcf7zGtPZ70w1E5XqhxSyY7jpyEBhoBu19LZpFnJ5eet41T3JwogvA+8kv7ruVWxahersaT+vKV6/Epgyx0iLqXBw1kTyuAllsigpe5+FcHj7aV3axXYMj+b0hQibUnrtdFsI8kIX+b/10I81y++S4Wbdplw2e9ejw5Kkk70GmpNvMTQr3fVj/syKkAt2tMQLTyyu5Nshog==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(39860400002)(376002)(346002)(136003)(86362001)(5660300002)(66446008)(6916009)(55016002)(19627405001)(6506007)(66476007)(83380400001)(66556008)(166002)(76116006)(66946007)(9686003)(8936002)(52536014)(33656002)(7696005)(478600001)(26005)(316002)(186003)(71200400001)(64756008)(2906002)(8676002)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: /27fI/bIFp3Yg7ZDq0Hp8Wd0BEhmHikgfPu1y2lXjHo5eRnoCf3YD1Vjz7txZwiqjvAxMLoWpoflqR3VluqJ0SRChDQaZ4F+ZcPeQJy2ctXM37enUMITfN7UUwY0CHW0eUi6ABsuOVUiQNsxpVY86hwqQnqtHkpCUHk8k2Ef5TJcWveKZZCLqJTZTVgUHSijuSsAs0K9Aeb+Tot88j8IgTWuuYewD2h/1UH35EL1grrkaq3sCPUrZLWHUqeTGMxf8+2TFOlm+f82ZEC+QPIXEw5rJlQvQSYN9Pfj36Ts1acVlDrztBrh9SPx2fwTXBmzCEE8TTMiX0fj+fRSwKL4RfO0A58VBTJQMTHjvwsZoz6/RH15iNDrNbL9TIvf6EeK5WXk3ChfuLvQiGdm4DsMuiKehSlbklmNl7YRo5GA7YcXV/MLiBXPG21h1e3R5iMPmZAnMNt2tCtpTDBirjxkXdiAB/+782Eo+soCmiO3DPQjDeUt32FTpgi1O9zyf3w1yrPsBU9jTXXIDN+I/aICBgoHrJS2SAhgk7LCPClKOiLQ/qUh3jxkSSdFB79y/F7t+uv4SlFUWZENBXMwB2PRyaQPAiFiKD4A8EJv8tUcV61tBjQLr+TFErb4aQz3D/WYP7ooe0tR6gpvnEtc+MwiMw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716CAFF95F9A68853CBEE67FA3A0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3220
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1ce019de-21c4-4065-032d-08d85e639867
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 4vCO6WfJ/0F4jMNAXsc5pYneNiYVnbK/aI+rn+dO2oDvYeOAgZMhLYsbLDDMTNeD+8EcfRUSPztsTQy7+ie2ovnZTxGDgWK17MqbZ+nQeYiguASOW9mjEObpwl6YgjQBKZc4IvjzEKWSRlHRnPi48F5/5eDO2psga0bhpbcy2XI8S/Lf2tQhaCiP5pwVb9beleJOPSTj9g5IHmbpzVnbIH9nH6i0uqT/jI3QhHG3/hav4IOSQ2Fl0UtaFxh6WkC0wgCiJTVGa4KaulP8DX/wdIVeNdBdq+/aj/Whdx8EuggI++AeSQrRIHOsST2KvVQ+IQrX5hOnFe+2DZ+qBFL2qmNJaBxF8T10b0zIsfiD7OHdjHXf/p0julKo4pWlE0Zf11mQQP2cGAK85BCQGcWjSYnxjAwczFzwMrzZLWR4wLY4VB3vMGpA8+i5og4p3wzmO3JTsO1NuxyX4tguCbEJfJSOLcqi8KaoKnu8agvioNwluusfrq+Jb0YB9Qg0ArQ+Vimynw88gG6LhwMnRXPFTQ==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39860400002)(396003)(136003)(376002)(346002)(46966005)(19627405001)(9686003)(5660300002)(966005)(83380400001)(356005)(166002)(70586007)(70206006)(6506007)(7696005)(47076004)(8936002)(6916009)(186003)(8676002)(26005)(82740400003)(86362001)(55016002)(336012)(52536014)(81166007)(82310400003)(478600001)(2906002)(33656002)(316002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2020 19:22:00.4945 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 011afce2-a720-4c9a-1c9f-08d85e639d32
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR08MB2771
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UC8VcXSgbc7-vP0mR3juXlcbEKg>
Subject: [OAUTH-WG] Implementation Status of "JWT Secured Authorization Request (JAR)"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 19:22:06 -0000

Hi all

Because some procedural issues I have to update the shepherd writeup of the JAR document and I wanted to verify whether the implementations listed in https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_JAR.txt (copied below) are still inline with the latest version of https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-30 (given the changes the document has gone through*).

----- List of implementations -----

As part of the OpenID Foundation certification program the following

implementations of OpenID Connect Core indicate support for this

functionality:

* CZ.NIC mojeID,

* Thierry Habart's SimpleIdentitySever v.2.0.0,

* Roland Hedberg's pyoidc 0.7.7,

* Peercraft ApS's Peercarft,

* MIT's MITREidConnect,

* Gluue Server 2.3,

* Filip Skokan's node-oidc pre supports.


Authlete (https://www.authlete.com/), a commerical, closed source

server implementation, has also implemented this specification and

is offering it.


There is an open source implementation from NRI in PHP and Scala.

NRI's Open Source PHP: https://bitbucket.org/PEOFIAMP/phpoidc

-----

Ciao
Hannes

PS: List of changes from the current draft to the one when I wrote my shepherd writeup:
http://tools.ietf.org//rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-oauth-jwsreq-09.txt&url2=https://tools.ietf.org/id/draft-ietf-oauth-jwsreq-30.txt

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.