[OAUTH-WG] draft-ietf-oauth-access-token-jwt-08 question
Logan Widick <logan.widick@gmail.com> Wed, 16 September 2020 21:21 UTC
Return-Path: <logan.widick@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 283513A11EB for <oauth@ietfa.amsl.com>; Wed, 16 Sep 2020 14:21:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.854
X-Spam-Level:
X-Spam-Status: No, score=-0.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXngwF7G15WJ for <oauth@ietfa.amsl.com>; Wed, 16 Sep 2020 14:21:40 -0700 (PDT)
Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F6483A11E7 for <oauth@ietf.org>; Wed, 16 Sep 2020 14:21:40 -0700 (PDT)
Received: by mail-il1-x131.google.com with SMTP id x2so254018ilm.0 for <oauth@ietf.org>; Wed, 16 Sep 2020 14:21:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Z19r54J+fO8IXPfpqDm1HUgg2WNHhMD8uAcJCwuIL+I=; b=dsKPRteIbln4nf0Tz4lp7JjSawuhADlksvvPFOfPtmMXRfN2Q+/lER7GY+6rzdkh+Z mQiemHyJ31OIPm6QmtxA9Dtv5eLDg9u3STJXUQ/ALb2DQKERW4xj+XaEDW/2dMjF/ST+ 6hpjQZ4BenwNRNHtDuF0Y+jHD37eQEdUkHrH1I/eGJZG4PU2Zj6mby53Np7US01Y+vwa XiV5nHveHcmZr/V/PLYxFLF6CjfE8GdXw53rPZZ5TchVEuMC7eO6vxkLdZdQ8PK5+DKU Pg5DBbhDMrCGXxUxJweUQ/ux3nxZxmA5mIeFbPGk5U7z9SmKy0nyic9ug7HZ0MFM5ZNo u0/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Z19r54J+fO8IXPfpqDm1HUgg2WNHhMD8uAcJCwuIL+I=; b=bJp0DMGHIV56SlCW5Rk6xtCvt//0iefvTFu1wiNPTbKI/uNP27RPgvNOAFd/A/SJu4 uaMffOpkY4Zq9N41pP8HtOM/4JWBvy+ZbcbfHSVKoxT+05uzBDa5XWdZlB237I5C3OUM 2WD3yoI79gk3/TlpPC1F+jHU7YYRoC/6Zcb/NUYv+QeWix/lJ1Y8BzNt6pNEFh3IWhY8 kN67s4NInz3Y72Rb9lMmTR0wrBQynjA5HjcsmH1gEm8Q0VRr4O7lPv0FlpG5Zq86DKGD L9O59xprQB0hF+PkroMWTopGYSHPMRLYtXBgw+K83tirLOhBX6S9/HoUCd3Xb1Jhxs5J fLAA==
X-Gm-Message-State: AOAM532FRmGxEzGqurbBJqDDDc0rPjTsanCJvWv0D7+riNx8F6l8vlu4 7gWbraRHpL0Z+pnWGVFLq5BaZBrXqZwwobiEtm0yc5A0TyM=
X-Google-Smtp-Source: ABdhPJxB2cMPyTtHS1MyW/xNLAc49PCgL5COrlUBSKqzOGEqxxej2hw73dWlOh5YpdJwdP2GZb33n3ahwj1/c4tzeto=
X-Received: by 2002:a92:158f:: with SMTP id 15mr4686594ilv.99.1600291299238; Wed, 16 Sep 2020 14:21:39 -0700 (PDT)
MIME-Version: 1.0
From: Logan Widick <logan.widick@gmail.com>
Date: Wed, 16 Sep 2020 17:21:27 -0400
Message-ID: <CAMmAzEJX=Y=seeDe5T_d8-rr+qAx98fa-9+Qyh3UmnEEZTSoBg@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006daad705af74daf9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/iJFODO2hW6rTlVV3pnJKxyRMQMU>
Subject: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-08 question
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 21:21:42 -0000
I took a look at Section 2.2.3.1: Claims for Authorization Outside of Delegation Scenarios ( https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-08#section-2.2.3.1) and I do not understand what exactly the formats of the "roles", "groups", and "entitlements" claims will be. Will the "roles" claim be an array of strings (role names, IDs, or links), an array of the "roles" objects from the SCIM User schema (pages 66-67 of RFC 7643), or something else? Will the "groups" claim be an array of strings (group names, IDs, or links), an array of the "groups" objects from the SCIM User schema (pages 63-64 of RFC 7643), an array of SCIM Group schema objects (pages 69-70 of RFC 7643), or something else? Will the "entitlements" claim be an array of strings (entitlement names, IDs, or links), an array of the "entitlements" objects from the SCIM User schema (pages 65-66 of RFC 7643), or something else? Sincerely, Logan Widick
- [OAUTH-WG] draft-ietf-oauth-access-token-jwt-08 q… Logan Widick
- Re: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-… Vittorio Bertocci
- Re: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-… Brian Campbell
- Re: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-… Logan Widick
- Re: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-… Deepak Tiwari
- Re: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-… Guilherme Kun
- Re: [OAUTH-WG] draft-ietf-oauth-access-token-jwt-… Vittorio Bertocci