Re: [OAUTH-WG] JWT binding for OAuth 2.0
Phil Hunt <phil.hunt@oracle.com> Tue, 14 April 2015 23:01 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F6E1B3034 for <oauth@ietfa.amsl.com>; Tue, 14 Apr 2015 16:01:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-Asv2ze8NjJ for <oauth@ietfa.amsl.com>; Tue, 14 Apr 2015 16:01:03 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 125FA1B3033 for <oauth@ietf.org>; Tue, 14 Apr 2015 16:01:03 -0700 (PDT)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t3EN11ER015016 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 14 Apr 2015 23:01:01 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t3EN10nF015843 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 14 Apr 2015 23:01:00 GMT
Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id t3EN100d030224; Tue, 14 Apr 2015 23:01:00 GMT
Received: from [172.31.147.139] (/216.9.110.4) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 14 Apr 2015 16:00:59 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail-2CBED7B1-6D64-4488-ABD9-A416DDB06DB8"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (12F70)
In-Reply-To: <CAJV9qO-u8dRB9Rs5Le2GyiVa+eS7U_3_mAAn=5qZz7HQLL=qdw@mail.gmail.com>
Date: Tue, 14 Apr 2015 16:00:57 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <A880495E-FEF5-4F11-9444-93D7100C49B7@oracle.com>
References: <CAJV9qO-PsiNOdfBAf9k0VJ7+eGkE_g_gbygdCbGMv2UT56Ld=g@mail.gmail.com> <A0FFB94C-1EDB-41B9-B1E2-6943B078145F@ve7jtb.com> <CAJV9qO8KJk07Hs7X0tE2UKxeQNA3XaQO2uOF5xfVz0eDd8RgrA@mail.gmail.com> <422C5670-7D2D-4E1C-9E06-74CCB9054260@ve7jtb.com> <CAJV9qO-u8dRB9Rs5Le2GyiVa+eS7U_3_mAAn=5qZz7HQLL=qdw@mail.gmail.com>
To: Prabath Siriwardena <prabath@wso2.com>
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/o_oQO8dTdVtJY0ReirsjO5HgCOk>
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] JWT binding for OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 23:01:05 -0000
The recent scim notify draft does pub sub using jwts. Phil > On Apr 14, 2015, at 15:02, Prabath Siriwardena <prabath@wso2.com> wrote: > > It can be a JSON payload over JMS or even MQTT.. > > I have seen some effort to create an MQTT binding for OAuth 2.0 - but then again for each transport we need to have a binding.. > > But - creating a message level binding would be much better IMHO.. > > Thanks & regards, > -Prabath > >> On Tue, Apr 14, 2015 at 2:55 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: >> Most of the pub sub things I have seen use HTTP transport. Do you have a pointer to the protocol? >> >>> On Apr 14, 2015, at 6:48 PM, Prabath Siriwardena <prabath@wso2.com> wrote: >>> >>> Thanks John for the pointer - will have look.. >>> >>> I am looking this for a pub/sub scenario.. Having JWT binding would benefit that.. >>> >>> Also - why I want access token to be inside a JWT is - when we send a JSON payload in this case, we already have the JWT envelope and the access token needs to be carried inside.. >>> >>> Thanks & regards, >>> -Prabath >>> >>> >>> >>> >>> >>>> On Tue, Apr 14, 2015 at 2:41 PM, John Bradley <ve7jtb@ve7jtb.com> wrote: >>>> There is a OAuth binding to SASL https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 >>>> >>>> Google supports it for IMAP/SMTP, I think the latest iOS and OSX mail client updates use it rather than passwords for Google. >>>> I also noticed Outlook on Android using it. >>>> >>>> The access token might be a signed or encrypted JWT itself. I don’t know that wrapping it again necessarily helps. >>>> >>>> Yes we should have bindings to other non http protocols. >>>> >>>> Is there something specific that you are looking for that is not covered by SASL? >>>> >>>> John B. >>>> >>>> >>>> >>>>> On Apr 14, 2015, at 6:21 PM, Prabath Siriwardena <prabath@wso2.com> wrote: >>>>> >>>>> At the moment we only HTTP binding to transport the access token (please correct me if not).. >>>>> >>>>> This creates a dependency on the transport. >>>>> >>>>> How about creating a JWT binding for OAuth 2.0..? We can transport the access token as an encrypted JWT header parameter..? >>>>> >>>>> >>>>> Thanks & Regards, >>>>> Prabath >>>>> >>>>> Twitter : @prabath >>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>> >>>>> Mobile : +1 650 625 7950 >>>>> >>>>> http://blog.facilelogin.com >>>>> http://blog.api-security.org >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] JWT binding for OAuth 2.0 Prabath Siriwardena
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 John Bradley
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Prabath Siriwardena
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 John Bradley
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Prabath Siriwardena
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Bill Mills
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Phil Hunt
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Hannes Tschofenig
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Prabath Siriwardena
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Hannes Tschofenig
- Re: [OAUTH-WG] JWT binding for OAuth 2.0 Prabath Siriwardena