IETF Logo Mail Archive

[OAUTH-WG] Re: RFC 9068

Pierce Gorman <Pierce.Gorman@numeracle.com> Thu, 10 October 2024 14:01 UTC

Return-Path: <Pierce.Gorman@numeracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F435C151538 for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 07:01:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=numeracle.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jYL-vWli3myM for <oauth@ietfa.amsl.com>; Thu, 10 Oct 2024 07:01:02 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2114.outbound.protection.outlook.com [40.107.237.114]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB8F6C151527 for <oauth@ietf.org>; Thu, 10 Oct 2024 07:01:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=P33WSJWyRz/kGr34CPGlUkNAsdlta3Hz8diYEbyi0qcqfcnmG1f0bj95M7F4rm3LnYVyMTUuIy3MecvSWT22VRlCWPgihqnI+OBBW7qjXtN9Rwka0TCD7Je7O6aaR0B+FLTMee4TdKuiC2NvCxw779GqCMCMARMAsvn0jsicA7Ra/AU2n0G+ue+tyC+rLh9yo3JoaTIAHoMJVvyvypdOsCgYXgQYzERVhpatX/ilRFQNCXsz5F9IJQlXHbuVpyAnta6R6ISlTppm8CJJ8TcQQq0aUxfzTrqtLYo2MhpuAAUh9TpgyEphLW19VeRb/YZoJ2giShQSff/x4AMIvVX6xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+HVTL2p7qHwlhSd26Kka2WEjJXbm3RGtO7WH6eWa/20=; b=TOkVGfrYjJFS+XtywFEjehS9Kkb9PQ5wRhwg3VdIghGRxwYWULYV11FJ7G96WYmf9CJOQxK8FQyI02NpDd1zQZ2EslHjFL9UryxsXbPoBr8TQj6HKknOedJhcv4ZveLz6Wj3XuWkg/Nh6dl6bCicevBHukYDijmt19oJZSPyR4BM56aogW/gg3tcBwTKdrJKiSYzLpmX/I3Uv0Yde+cF4lxz0ovU1ctwvxOaNv0aqfc0VTIDIXFYatcZfIMRBzXSq+7esyVGSVjfU29pSaIyg0HJxK14i9EE6jkGPFShdYH4j9xlPYToMzy0V1oWENJ11zh8lECtG23thSCsBL9X9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=numeracle.com; dmarc=pass action=none header.from=numeracle.com; dkim=pass header.d=numeracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=numeracle.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+HVTL2p7qHwlhSd26Kka2WEjJXbm3RGtO7WH6eWa/20=; b=OXSm7HIgT7bZs7eAQqfedt9EU7KcQzFPizdOL5KO+Cz3kr6HdSpPvYfPmtol0i/0HGI4W+6xACJz1ZYw65oMV1FXq3a/g/e0iRGUv64Oi4y490qMhBmu2gYK9MTMdekVspJJDmdZyf4OWMZ6B4N0vbDH1nLrUXLihGFIavS2Cd0+yGfUhw5ODD518WUvMRvWJUTXu7bBXTaWqxXCBV9V+eSpcxc9S7a4kisaVzzILaG9gIDEWPzGnp/LWzy3iAp0ot5ceFmiMYT+su58f0IzBo+ESOgM9hdkPdS+MOeg7wxJ0C1HPmwNvaT3w+TE/9XghT4+oOwTNGYzaNY8rI2laQ==
Received: from CH3PR13MB6747.namprd13.prod.outlook.com (2603:10b6:610:1e4::5) by CO6PR13MB5258.namprd13.prod.outlook.com (2603:10b6:303:135::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8048.18; Thu, 10 Oct 2024 14:00:58 +0000
Received: from CH3PR13MB6747.namprd13.prod.outlook.com ([fe80::2f39:dcae:9ef7:d518]) by CH3PR13MB6747.namprd13.prod.outlook.com ([fe80::2f39:dcae:9ef7:d518%4]) with mapi id 15.20.8026.020; Thu, 10 Oct 2024 14:00:58 +0000
From: Pierce Gorman <Pierce.Gorman@numeracle.com>
To: Justin Richer <jricher@mit.edu>, "Lee, Matt D" <Matt.Lee=40kbslp.cloud@dmarc.ietf.org>
Thread-Topic: [OAUTH-WG] Re: RFC 9068
Thread-Index: AQHbGcB/55V0SnvLfEqC3lTstd9zR7KAAqaAgAAAwYCAAACoYA==
Date: Thu, 10 Oct 2024 14:00:57 +0000
Message-ID: <CH3PR13MB6747D2A65CF5B995C86FC2F5E1782@CH3PR13MB6747.namprd13.prod.outlook.com>
References: <DM4PR15MB5503161F3F1BB3A66F53264F8D7E2@DM4PR15MB5503.namprd15.prod.outlook.com> <62AD7B59-29FD-4829-B744-D60AB0592D86@mit.edu> <A1547D2F-FE42-431E-B9A6-6754541F7C15@mit.edu>
In-Reply-To: <A1547D2F-FE42-431E-B9A6-6754541F7C15@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-codetwoprocessed: true
x-codetwo-clientsignature-inserted: true
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=numeracle.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH3PR13MB6747:EE_|CO6PR13MB5258:EE_
x-ms-office365-filtering-correlation-id: a5f58a45-3923-40ff-d8d3-08dce933f734
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|366016|376014|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: nh57BFNia4TY51dArdXifItxDHGLvWbBRKevFxkIZ6WzBYmVTZSVscGzCyYhTMCDfI003Lsyn9sFcd7T6D72IHYqegLtbXzxk0JKp8X402PeTyiW2KIbMmGhe4F646wdxQNLXWETfjTVcodkHt3Q6f7bcMQWDsBkw2SM5eTjept3s69pXvuLImlFhTfZYIjPQIf/5A4T1PVDV/4ID0lZaNMbmqebFOJMDO4hrggHa6EhE+PCVBnPIBwVIKPp0NBDOYIYMKbnhvtoU4XV3dfhF/RgCIkub/GgBK9O8/dQ6bf7rSMNhkcD/wfFsh6k3mptXJ6AWQG0a9bOvjxuEAArQaeXSfGi1KHKl5zWk1BrHki/qSG2S+GNwBKHtHTWRSlJ5HxwJhwaupdYq6yxhrPCyarqKpfHldwJ1PwhzXsNUwgMwmAl5LS79yHLkA3UTIb9dussMzJ9pZBB8KScwUJpU59Wen6PHhLsZvUFC5YRIp7dGehB/aS+/JuxYsFu64menNt5ccY8PEmQGWBIdvv9B8PenpAWU7Me9ooeaOdAdiNIp4roesCsmE5A0/kW5EIwCvxbTLKRcLGaE0dIjy9IRFdtJMpog+wMgLiLtFvU6gNxNbwT//Of/oYCEWvWnU6XRkQQLJXOUYzsRixju341GBx+emEEiyxEanCs+PX0dNQEhfXD9PivVlV0k4WCAv6DoVGaiyoPU7IEoiLHAsIicjapE59jClIEexEzEsdvcbpADSehzt/l7a7lYjmZuRTe4P3ayGF6QET3vR1NYYnndnQx4hDVbO0lXZeKTIKwQm6/DZsDUCSuN0Ihov3q1wB3i0zg2UZ+EbTzOKaJvLRIiUV/x3V5O15u7LxtZl4qBzRgwaz3olxiZiZU0j+ksrgVw0uXgI0fxERCsY8HtH0pz/Ti9ctCnXgo8/XgyGqe+baEAy3cYBVICDlEnNCnjByaZS/DVRB20cSU/FFEOsJpSQCWhEg5XNxgv69mRI687P5PWjMt+r8IvsLySvJYvUO9BiVcdWlLNmxzQYIbF0mlN6ZRdkRnfxJjiKqriQfBg70wg7NmaLXmpqUjiHSJECowLUuUWjmoWhsvPxLETMse+SJBjd9ph4i5/SvQVNR8g2dZCil5Baz3yIdar2f9xqT/i0jcB82xlbMHvqh+iQyCTtWzNBOAp3G0a8Dv2U0HQNMxrw/4R5FnvpEUt/PNPsFuWQqRVg85192aFwfzL6POX7lQqp2g2eMNgEcCjvb0Ghsxq/ZSGTYhf+Pzn7Um/aSgmfzvR/mdip8gWAIFiAsJ9ucB17QNVzpKNTTNI6FhdBYANgS9YclgN55bZyopmAHwjsTN6asy8LCum4nEiIihtw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR13MB6747.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(366016)(376014)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: CIwnZ1+s0Iklpyr5bEeviStNYUwmvpXmit+MyXGyDeBNZwjaNZ0TiR97sMcP5JMpYdmGQxsOiMl6vZwcC1KmtAUgaMZlnRFGT6oujM+moQuD1gi1p6fwK9thkUjtAF/bsWKit65wEp06YkPo9ZRC/eMGeEqndKbMckjmoEbivUaFZj42F9xmxhaHA8JkZFE3RB65wJWMSqiuFRIlQCuLSWAkQE/ZS5DjAohAQUuP0TYnhrZx7KRUxdMCZ8o4yNgZ8wcVJOGf2xMSV/eymR9a0sQmvZf19WePrwgQRuTwg0Se2yShfj+w0Zx1+wjpTOxOK+wDtQ0vZG3oHxXArPXT+pkKdGMbIRH5ZDxuhaiiTGBWzn+9St9+Toe+zMjVQIMD7pSw7uT47WnT7Rvl6e3wnJ31ZTqD0k40rVrloWJjbx4vWuYbVe7/PtSSggujmj4eIYwa+eD4bi154289PfrByJu4F4tZ68tM+msWP5Tn6xbuNhcb/M6N8rE9r0bCJw2Gp5/8o43PKbwoCP+Q6iOyH4R6+st3UgDeFMUxrslZEQyWd5SkJIecDUAHo3w8FaDNu3h6BMDugCnoOUYbcKDD9k2OTJAwAqqs3omjn63mfawCDMpLAJkyxjwbeWh5kfOirROIgTIEWrrvInfxiS7PZE/4ozpsV8RCA1OWJnlA2ANorgOg4AgQh3zIC8UYQKIErxsIKo0vs83Wpn+WWlcBdTh3nkgzDfDtduoy0ZRCuZboOa2C1ES721WOsW7WcnDB7ncNYIRhQ0p+iXlLdupZe7J7heLyYV90f09Kh7Zh9o2UqEpbVCL94dVZKHDj1sG47yB+HSIgaQcGkAV+TXPU+KGifSeGPW5e3ANdR7kuJzBHkArcOLxbstEcUdgtdDU0h3S/0YcAskbb3+eSSomUo32zTamRJZK9eHsIWsHuieSeIA8eKUVoAJ5nugRANUDyYjaaO5fGKhJIb6U7LqRxn2RXQRYFuu/OVJ/OVMRCzOQTtl+I2kK1t7L4Ie1U6GeDH+gy0vv6WHyzMH5heYQipCoe3MCh1C7Q3g0WQ+tv4flxsI2xN9zy4g9ln9Okcpm337C8sFgrGZuCBljp5PP0AturAg3GbBInyHngqG5Jn7aIeQxtimEQz9x6YJQ2F5bc3P2cKAwaNuqjskbuz0820ZoPfpy9VpQou9HF4ejplzmD7El0FjFEHTLFbQBh5QI6ITk1A4yI3YCizT/BCwBeqastXvZgNVJba+AYl85C++o949Cyp9AABpYaUG0qwytkGbNgh3dKN4fpck1fM1ljVgQahddqJ7hT447m81ZSwJstJ4MJ4Og+Io8DbmTArN9LWtuUyHjPcDbUEzGm7BgrkZeHDp1jBGWeqPbLYQpufGyKWBcNai3j0TthTpZSvPsMpKi+zo2PSQD+huQT0t2kAo2NYlHpNWe1SDchOt6X8On1w8ARbKXkuTPerEgeO7v/VzSaRfXdW2YtOsFMP4hvm/anblkU9li5yrkl8m1kWM5Sq9QMPCxGx7EduzyE5vA31UCmlgzNAJ7Brjfh9kW+HisifRcmyMERd8C8+P11YXPJuz5mKM6oSf/Al2P1m5M3EVKjg/lRb8gl9QSTct5CijIhuh6DiEcpNPHEUtteuX6REq36y+WbU4fsqHG3OV69+T1R1fx5o3U4N0y4dfQtRQ==
Content-Type: multipart/alternative; boundary="_000_CH3PR13MB6747D2A65CF5B995C86FC2F5E1782CH3PR13MB6747namp_"
MIME-Version: 1.0
X-OriginatorOrg: numeracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH3PR13MB6747.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a5f58a45-3923-40ff-d8d3-08dce933f734
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2024 14:00:57.9300 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b807d15e-47b0-447f-a656-f397dba6285c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R7UiTNl+5Hou0+WCcxClIJ9FcXyaVygEaae0tlQOwlyIQllhXEgAEIil+d9sAvdC6wL7nKBNqFt3VbN5waYHaFOfX+mEzzt0xp+mz6wkKfQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR13MB5258
Message-ID-Hash: UP6A5MGOSEXMY7NRW4PRWF2TH7MRAGQ4
X-Message-ID-Hash: UP6A5MGOSEXMY7NRW4PRWF2TH7MRAGQ4
X-MailFrom: Pierce.Gorman@numeracle.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [OAUTH-WG] Re: RFC 9068
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/qaxjb_nyYKAPj6TqmaP1Eh99EJs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

It might be worth reviewing how updates or changes are made available to a completed “Proposed Standard”.

In my experience I’ve seen:


  *   Errata
  *   An updated version noted as RFC xxxx bis (where bis is Old Latin for “repeat”)
  *   A new Internet-Draft which, if promoted to “Proposed Standard” may obsolete or deprecate all or a portion of a previous RFC.

I’m pretty sure I’ve mangled the part about “obsolete” and “deprecate” but hopefully that helps some.

Pierce

From: Justin Richer <jricher@mit.edu>
Sent: Thursday, October 10, 2024 8:51 AM
To: Lee, Matt D <Matt.Lee=40kbslp.cloud@dmarc.ietf.org>
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Re: RFC 9068

You don't often get email from jricher@mit.edu<mailto:jricher@mit.edu>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>


EXTERNAL EMAIL
My apologies - I just realized that I mistakenly typed "RFC6086" on the first part of the message, to be clear the entire comment is in fact about RFC9068.

 — Justin


On Oct 10, 2024, at 9:48 AM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:

Hi Matt,

RFC6086 is published and final — there is not ongoing work on that document, because it is complete. I’m sure there is also other work happening all around about profiling JWTs for specific purposes and circumstances.

The wording of "Proposed Standard" can be confusing. It does not mean that the document is still in process. Instead, it speaks to the nature of organizations like the IETF: we can only really propose and describe standards, it’s the implementations that make those standards concrete in the real world.

With that in mind, the best way to continue the work of RFC9068 is to implement it and advocate for others to implement it as well.

 — Justin


On Oct 8, 2024, at 4:41 PM, Lee, Matt D <Matt.Lee=40kbslp.cloud@dmarc.ietf.org<mailto:Matt.Lee=40kbslp.cloud@dmarc.ietf.org>> wrote:

First, my sincerest condolences regarding the loss of Vittorio Bertocci, someone who had an astonishing impact on the industry and community at large.

I was reminded of this loss today as I was having a conversation with some peers about the optional nature of the sub claim in JWTs used in OAuth grants. After we searched for guidance we found this proposed standard from Vittorio that would move sub from optional to required, and wondered if anyone was picking this up now that he has passed.

Thank you

Matt Lee | KGS Enterprise Architect
_______________________________________________
OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>
To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>

_______________________________________________
OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>
To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>

v2.39.1 | Report a Bug | By Email | System Status