IETF Logo Mail Archive

[OAUTH-WG] JWK Thumbprint URI Specification

Mike Jones <Michael.Jones@microsoft.com> Wed, 24 November 2021 20:07 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F232D3A0BC7 for <oauth@ietfa.amsl.com>; Wed, 24 Nov 2021 12:07:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Po8ouxpeBhZz for <oauth@ietfa.amsl.com>; Wed, 24 Nov 2021 12:07:17 -0800 (PST)
Received: from na01-obe.outbound.protection.outlook.com (mail-oln040093013018.outbound.protection.outlook.com [40.93.13.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C4153A0BC2 for <oauth@ietf.org>; Wed, 24 Nov 2021 12:07:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PRq8Cgi2MGQTA+EsJhDkXPlIOGtp0SyQnx7+zjf51+H7JajGAFY1l8pdxeA+kxjH8lWs5RVztMLOeCZcdvdcweqSvlpdtWBdAZf5Djc4pv6T4gUumYzlgaEFFSyYVFpqToersdwewDtpCNUDEPB2iYi6GlhiqLqNnRpb6HR/gX7MG8X7Rg/831Pa78oOpcxNCBfARSAwiUfl0zKfcjKVsyq/YtWnPFFWoMPRyJN1MePK8aqbV/bJdP67dQiv+f51xysPR4huTHLOnVUI4IgBVTXrGMYZUUBtcJAScUPGYOQKK5H5Yzmonm5aZb5rhLP/GKVddczBvx7XHYVv/lQcog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UyonpgM7kDdnqImRRB3EzDBhS+TPmVQLysuX6Cvno+I=; b=hV8V50mqqVrRVOfPoGdXV8N1tQX1Men4WBrcmZ9swgJJVjRyoXuiebTV4Gd1umR5Sjs4plGLxWkc5UUKpVFV0oD6rRgmRYJ02vH5akJmh1CzvwRqGpH1NSNWPM/8eaxz1WWk8vZPvucLG38HT3W7dqNvrwtmYQAZEAQhl/kfoWRIe2Nu7eC/1uh28ltU0yE89t4ZpXYliHFI5j45sNaYZ9PA5eTkYkP5N4qPiHeN3l/IkbAXDKc5GBxfN/yc+9PahDe3pqkVAdwEOy4xwgvV7nL3E7ObBqwyhcQuI44AOGKGDUz76yUUI7waxX1WXGvWLCO9LHo5aX/brU9ljLJXHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UyonpgM7kDdnqImRRB3EzDBhS+TPmVQLysuX6Cvno+I=; b=CIrvDNP2euCUEqNXrZIo8BXzn8ATgZ4HfWjM2DCzikzy8kkS6GsJsgFNj3gIdBHLLI7Nt4ioNfJDkkjrffUpFkSDPWlcrpVwLs5Ybl27qvr095BRMQupnFc0v9i9BYrzK/NhfoScCO8DYoW7YtwNJhpKV2k3na9TbxtAeg6OLYA=
Received: from CO1PR00MB0996.namprd00.prod.outlook.com (2603:10b6:303:97::16) by SJ0PR00MB1303.namprd00.prod.outlook.com (2603:10b6:a03:3ff::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4768.0; Wed, 24 Nov 2021 20:07:11 +0000
Received: from CO1PR00MB0996.namprd00.prod.outlook.com ([fe80::3023:f763:185d:d649]) by CO1PR00MB0996.namprd00.prod.outlook.com ([fe80::3023:f763:185d:d649%7]) with mapi id 15.20.4776.000; Wed, 24 Nov 2021 20:07:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: JWK Thumbprint URI Specification
Thread-Index: Adfhbo39230dlZEhQpuYBr0QU9wCqA==
Date: Wed, 24 Nov 2021 20:07:11 +0000
Message-ID: <CO1PR00MB0996200ADAD5AF33242C062DF5619@CO1PR00MB0996.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7a0cf02e-e7ab-4376-c072-08d9af860076
x-ms-traffictypediagnostic: SJ0PR00MB1303:EE_
x-microsoft-antispam-prvs: <SJ0PR00MB130337C82C1EA39193E8B1F4F5619@SJ0PR00MB1303.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SMFOCOd6z8HVMFE0+OaRekxJQ2KIxPIjXfyB4rw76K4SrWMBGvqhLSh/Eh+AwExL5m006Q7nFXcvV5o1tCYEE7CO/NvsTaKv5VzAV9dKNJnB6PzGopdL8DR12rw0v0H+2CPrxKIwsGwkmEK7e0apJKgPhkcG8saBYB8nnDrc7j7EXclrMfd8PVLvygwBgczncjABbOYiJqDnzITtjxoLpq2bAdVxK0oHgu7QFh/9PMoPYUdYl8TsQEMesA81/RXxZPdxGocGadGQ/e13fzMyc/Dmqi7MNHXId3L/hs7OCWmBd4Z5XLuzNaA8OxLnqPeUB8GTc4azwkJzGvhxo0lWQHptgNp9Umj8tdJ0PpLKa6cEABSvQ6r32+q4uKlXmSc689YaOPxDNqJh7Gj0cufVrAzYIh/FN6RYiGaDtPZznA2hiefRofamCS36oAZiovaUXOzYqv2JlZdYGw8eguv8lAZ1cHkhxRgF+IY6N1S5+yefWN3tJRhv3ml9TNGjGB0vIt8ZKyKc2UzgIRzs1/DVM/s9lAa6har93RSjTfLfORI0z0cJE8uruLzsHnI6sdGkon9/8/cgaTxrnc03wLoNrHys8IZDUUWzAd9NDrFY5aXWEna0X8BK+mL2Fe76kOnODVUiFQpiUYxCHV0C0nPTuegS2JEz685bC1yLK69jLngrYBeFeQ6s65c2ejAyXRqudnbQS5m6wpLKkML2kHa5jY711J4mGM8ftLQeJA5Oq7Qy9apx8jmkSo7cOp3yJoPfhjmcjMDE+vN3w2x+ob/HkEXXs8qntBka/QL4/XRoeQY4ML8gtUvn7An8RlSQz2enVIC5fIvU/ibN5ngCkuYjF87EsKaVaklO3J1rxcw5NqUXoFpjwidhUKev8JnpkkUX
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR00MB0996.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(10290500003)(508600001)(8990500004)(122000001)(966005)(6506007)(21615005)(166002)(55016003)(9686003)(7696005)(66946007)(66446008)(2906002)(186003)(52536014)(38070700005)(71200400001)(38100700002)(64756008)(8936002)(33656002)(8676002)(5660300002)(6916009)(76116006)(82950400001)(4744005)(316002)(66476007)(82960400001)(66556008)(86362001)(3480700007)(20210929001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5K77DwUhLv40WBPlA9TTmECeU6pxPAFw9H7x1X8/w0h/Y1eyYBWOm8m8NyD2XpY9X4LRWySkZeF3GrOtE31fjAKLWDUotj1YeD7OB3Q42oaTX++NKSezvm8Wef9oydr+2XYlsSf7yy/C0hW0gIuIGK5HutanuCTg487zOIoD+SbHosjpHGTj/RaAKtw0B6I7SaOuvGUeUya/F3ABn1mXWU+MXH/tQZ/IVMuXSdLY95kWQ0pUfMw9XMSqXUEIY3ik61tqN7fEyZBARcMRfS2bPGMW+ZZCHnfn1UbpsHjANZZJctuvgWeLC7HRyLz1O+K0qfwxwR47Y0qdazE3h1RYY0xyERc83YR1NZ6pJQLj2hn2y/bYpDcyHP0zeNyqWRFC08sUDfmJPLyuNe2MQMnSfYCiWBTpGOpNp6R/YElgu6DtGBSBHA+y7c2b9kWWBs6TKJfV4YWFtJ5udk/0sU56zzb2gDtXl9ZgB0fLGbT6me5OelQf1bzNGXahxlWd9Zz278nC4WZ4oCZ8uI6Y4/ReN00ZjS+utRA68AycS++uyUz5TLyvkkzH/WfYYV4HvvXmeA6SqSkCIrXBhf5yV1X34EsDCgr5wHziN4PWkvJ1VVDvZZZiYlki6TQ3UxusZ1+/rhMvoHmGQP9QHNuQDU+OpjcmTSxYj08HYBzrzfz947VUJmdB0Mr0JqP8C69PO0EPtMSdgKTF2gCNvX700G8yHxhOVe7Y6+TQoH/8YvBGIBn9FJHMU7sN8NWokevvOR4LymWNtcCerQtzzLyygdS+4/KHRjl5/f0QDT9oyGiJlvTTSd5aPrF4TFluBP73H+loiWpz9MEHw4u4WilviEsY7ja/vd16UgE129M3G7IUdlptHE4NCCANP26yQsJTbcxZfzsHz0IVp2ATH0Yk+u1Ag6P1pzN70flcuDc/s3PaVoRwuEi3vTd/fnrYEBTjfD8iIcCswNjECUH88aDMcht0GxD/zkbpndTqgRytiCSHPncUUQxxsbutPSASamv/sCdWdy1o2+TsQOtge8IELL7+OTVsZo3Yspq7mxl+LTMMebILSv5k31FjkZiXrPosHW5tlQt6c7lPvQpteetQntXRk5B+FK3LzDGeMWlTa7U44hQrFZz9VupIwYxi4uM4eSYahsrHJMNfRSQHOmypPJ95MDT09rPPdPg0bqa2TJydhIwEna3UlBFhIjKdKOnuRpnRDK8SnFzBn3Iqcp3ATcUmev4bkG4obEuHrvawLnBcx0x8Zyk6C0b7K334RGTC+v3v6rMlynKiRvl3LDG0dnWz974B14V1ZbFu620AIYgAM+5E1wqVV2636NB0u/1/NY07fJ8bHkfg20g+6DvXEV6ue3kNrJZ/nrf/CuObFfXOC1cwlrCMfA5EP/yszhB8AWNxWPUs23YtdVIxwHQagltvSMEhFujz7qAyz34izxk/Pkvv017Yhq7MqH6hxUZDsfOtfNzJg1iPPFSNzHrx70HFffH9FmFoQvZvDp2XQlsjSZPtkArnjARqgF/P+Xt89hspWz+X4dd6MJ/HHxfgMYBDqKzbVasmYCcBArsICZi/u30Rjq1FS0OSJ6A5Kq3tInUJgEC7ZBjdRWW5hDp4an/vRxyrBDKhWCXsewJU0J8XQVcGHJn2sp8+bcl3ws3S607ZeL1VO0nHJ7wQrJbRZea0wkwbWtbLfoV75jX00hVkZeg=
Content-Type: multipart/alternative; boundary="_000_CO1PR00MB0996200ADAD5AF33242C062DF5619CO1PR00MB0996namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR00MB0996.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a0cf02e-e7ab-4376-c072-08d9af860076
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2021 20:07:11.6397 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rvsE3OL7SiWcmWnErHNBNABJBZh8YtZzJMruMWWUVVAQzBAhVTkLcvYYIfZbQihsBq3PYhchqLyfFZjAEzWvvg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR00MB1303
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ifBs-3CVXoztWL5tu48zAeFffG0>
Subject: [OAUTH-WG] JWK Thumbprint URI Specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Nov 2021 20:07:23 -0000

The JSON Web Key (JWK) Thumbprint specification [RFC 7638<https://www.rfc-editor.org/rfc/rfc7638.html>] defines a method for computing a hash value over a JSON Web Key (JWK) [RFC 7517<https://www.rfc-editor.org/rfc/rfc7517.html>] and encoding that hash in a URL-safe manner. Kristina Yasuda<https://twitter.com/kristinayasuda> and I have just created the JWK Thumbprint URI<https://www.ietf.org/archive/id/draft-jones-oauth-jwk-thumbprint-uri-00.html> specification, which defines how to represent JWK Thumbprints as URIs. This enables JWK Thumbprints to be communicated in contexts requiring URIs, including in specific JSON Web Token (JWT) [RFC 7519<https://www.rfc-editor.org/rfc/rfc7519.html>] claims.



Use cases for this specification were developed in the OpenID Connect Working Group<https://openid.net/wg/connect/> of the OpenID Foundation. Specifically, its use is planned in future versions of the Self-Issued OpenID Provider v2<https://openid.net/specs/openid-connect-self-issued-v2-1_0.html> specification.



The specification is available at:
*    https://www.ietf.org/archive/id/draft-jones-oauth-jwk-thumbprint-uri-00.html

                                                       -- Mike

P.S.  This note was also published at https://self-issued.info/?p=2211 and as @selfissued<https://twitter.com/selfissued/>.

v2.23.0 | Report a Bug | By Email