[OAUTH-WG] OAuth Token Exchange spec adding URIs for SAML assertions

Mike Jones <Michael.Jones@microsoft.com> Fri, 01 December 2017 00:03 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 727B21270A7 for <oauth@ietfa.amsl.com>; Thu, 30 Nov 2017 16:03:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Qx8tbDi06i4 for <oauth@ietfa.amsl.com>; Thu, 30 Nov 2017 16:03:00 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0105.outbound.protection.outlook.com [104.47.42.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 534D8124D68 for <oauth@ietf.org>; Thu, 30 Nov 2017 16:03:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5PcwJqgdxeHh9z/PQFiK+Ed5TGdeuRdAsA+kwVzT9Zk=; b=kbWKeQOE2wVmGmzXvYaYSJOYHuFLENyhTt20qiMtGRaqJD7rClCSuFzwmmGD1b6BlKhtPBIujO72lKyVIuy6XiZ3YKEzF3mOLqvIRhF4XhM4Gvt5yItM6bvWYGuJjOny8eyDz+4Gnf2Ot7G7resd1T+yfVT+Hs4fC/HpwXtexs4=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0824.namprd21.prod.outlook.com (10.173.192.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.1; Fri, 1 Dec 2017 00:02:59 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0302.001; Fri, 1 Dec 2017 00:02:59 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth Token Exchange spec adding URIs for SAML assertions
Thread-Index: AdNqNc17FQiV4qGXTyGZfz5MiJ/0uw==
Date: Fri, 1 Dec 2017 00:02:59 +0000
Message-ID: <CY4PR21MB0504EEB06ED5E52C27F84294F5390@CY4PR21MB0504.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-12-01T00:02:58.0161288Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:d::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0824; 6:JnJZVVapJ7hKFKdnXD1UYHTRxMGtmdsZuv8giQKaNJgTtzr9za4j7qCCdR1MCDPJ7xvmFTZOH6kFDgBNmj7WIkRfq8hnZlV8ldWVJ4RpJo0pXVVAba+qOE8vEvssah39aktBirVw72qcfsRswO1uQVwS1nhl2vzqfNhSoijO2Z5PFavjO3vyE+mAde6y9A0HSXaxYwgLtXfu1GlMXtSrLCUxUHtjtXs65dXWj0aRSdqEBMFfwE/Ua7t7U+V90BeYZM3r8ZqJaZO2SbRLGBdBRjaF0s3s+hzoH52Jicaa3acPD1s/btQrIq2Io1qrcY4MBQnelIKq51BleUH/Kjb9RW/NGKfHlxvYbowIx57vgaA=; 5:FBhg9cjKc7kJE3MLtF1tsnuFhISihWbivqwyyKiElrwr5wbR+/0hBwd4wlzR4WcrBXVYJsztJOAQsYX5Ye12pXytowc9IF6wv5mNQbD+bu5sqNCOPyF0lj+N2B2GGA+JxpqsRB3nbbWO2wslV+gPllpnEtTpz0MfaBlX1QZiWIA=; 24:CPMTfIt7clahKd8fRbTjDPTrdQ2hIulewNQKwqwq7EzNwh9EzydVQKVet3mC6LkGwxFXGOXw0jl0t4FivsCG9a4zN86SGQtA5W1jU0/ckwU=; 7:0alYZsO8/a3FadoPlRALYtFKsTfXqMjU34I0zcki3m6uCFrt+LyHvQIv6cUesanByg18OXQAEr1e4cgDnscC3w2JMLU6YqtuqXL9eUvr5dhmTsxFq4rWlIFf8sEKEG6LviCNM4FiEu7V7R3yB1U1yKfSOHn12sw1IaxPY7etIF6NkQgVe2p3gVwzFxj3JcW2Xpgdk8UWNplj+3Tf/z5knQMp3QfnusetE0YKhqsHnSAbphsjfHMwHMpZ9hPtH8WK
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 6f9c85c2-a117-4a46-afa0-08d5384ee216
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:CY4PR21MB0824;
x-ms-traffictypediagnostic: CY4PR21MB0824:
x-microsoft-antispam-prvs: <CY4PR21MB0824E7BC648BEB98EF4E4BC7F5390@CY4PR21MB0824.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(31418570063057)(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231022)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(20161123555025)(6072148)(201708071742011); SRVR:CY4PR21MB0824; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR21MB0824;
x-forefront-prvs: 05087F0C24
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(209900001)(47760400005)(189002)(199003)(966005)(10290500003)(72206003)(3660700001)(478600001)(3280700002)(8676002)(2906002)(74316002)(1730700003)(105586002)(189998001)(5660300001)(106356001)(81156014)(25786009)(7736002)(14454004)(86362001)(81166006)(86612001)(606006)(2351001)(101416001)(54356011)(33656002)(2900100001)(9686003)(54896002)(236005)(6306002)(790700001)(6116002)(102836003)(8990500004)(53376002)(68736007)(53936002)(99286004)(8936002)(10090500001)(7696005)(5630700001)(2501003)(55016002)(97736004)(316002)(6506006)(22452003)(5640700003)(6436002)(6916009)(77096006)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0824; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0504EEB06ED5E52C27F84294F5390CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f9c85c2-a117-4a46-afa0-08d5384ee216
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2017 00:02:59.3285 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0824
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/inYJENr7lFROtyLLViVL9fHp3C8>
Subject: [OAUTH-WG] OAuth Token Exchange spec adding URIs for SAML assertions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 00:03:02 -0000

A new draft of the OAuth 2.0 Token Exchange specification has been published that adds token type URIs for SAML 1.1 and SAML 2.0 assertions.  They were added in response to actual developer use cases.  These parallel the existing token type URI for JWT tokens.

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-10

An HTML-formatted version is also available at:

  *   http://self-issued.info/docs/draft-ietf-oauth-token-exchange-10.html

                                                                -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1755 and as @selfissued<https://twitter.com/selfissued>.