Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document

Chuck Mortimore <cmortimore@salesforce.com> Sun, 13 April 2014 01:09 UTC

Return-Path: <cmortimore@salesforce.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F24A1A0261 for <oauth@ietfa.amsl.com>; Sat, 12 Apr 2014 18:09:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 264ZdjAZ5qx4 for <oauth@ietfa.amsl.com>; Sat, 12 Apr 2014 18:09:14 -0700 (PDT)
Received: from mail-ob0-f170.google.com (mail-ob0-f170.google.com [209.85.214.170]) by ietfa.amsl.com (Postfix) with ESMTP id 3A95A1A0178 for <oauth@ietf.org>; Sat, 12 Apr 2014 18:09:14 -0700 (PDT)
Received: by mail-ob0-f170.google.com with SMTP id uz6so7747652obc.1 for <oauth@ietf.org>; Sat, 12 Apr 2014 18:09:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=yPV/fFApWYY7YiD6llZwpcU8pyzqnC+rR27w3navnno=; b=P+WsFKbTfiPZRYwEgZinx2n5OfTCmroqOWh7vk6PUcV8wuve9+b7UJMrBONfFWLC3l 39yfUjF0KBXrlULt4/iEx9q2j0c+YipAdR8+faQ60rFaa8BL6qRuTQq6kTH+S/+mA2mg g1Ph8BgSqItI+FctGJ/fntdzxEhNcNMlQ8vEUVp3jXFHj3TgnUvTHpHYsPSfpCO7sXhP lyLadZvDj1Zy86A/WfSbxLzjJ9n5ZlbadUNfC6x6bKOHDhHZXWJFIoJyF6F0i6YYzQzV E6GOkg4Kzaabqjvi4NT7zILpO9vJu5pD/q7ST2OfwKekN1QwHsfer2pr0JOgdrJLkLVL VoPw==
X-Gm-Message-State: ALoCoQnmlS3Uz7yX/3dngKeFB6hvbWXgjijHIIwGeuCbYhPDrjYGC3ea6254YhN0JKH8tJdLAnKX
MIME-Version: 1.0
X-Received: by 10.60.39.131 with SMTP id p3mr27240766oek.44.1397351352035; Sat, 12 Apr 2014 18:09:12 -0700 (PDT)
Received: by 10.76.75.169 with HTTP; Sat, 12 Apr 2014 18:09:11 -0700 (PDT)
In-Reply-To: <533D1E8D.5000401@gmx.net>
References: <533D1E8D.5000401@gmx.net>
Date: Sat, 12 Apr 2014 18:09:11 -0700
Message-ID: <CA+wnMn9h9zmJxQgiRMUK=EW_0DHrdHdXHesri8GyReLS6KSJDw@mail.gmail.com>
From: Chuck Mortimore <cmortimore@salesforce.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=089e0149cc30f7006404f6e23619
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/qcbRKyCTrHV19WV4QVdKoJeluoI
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Apr 2014 01:09:19 -0000

Nice document.   One quick question

In Section 6, on the use of asymmetric keys, it is stated "If the client
generates the key pair it includes a fingerprint of the public key (of the
SubjectPublicKeyInfo structure, more precisely).  The authorization server
would include this fingerprint in the access token and thereby bind the
asymmetric key pair to the token."   However, it's not clear where this
fingerprint would go in a JWK.   I see a cert fingerprint, but no provision
for a public key fingerprint.

What's the intent here?

-cmort



On Thu, Apr 3, 2014 at 1:40 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net
> wrote:

> Hi all,
>
> as discussed during the last IETF meeting we are re-factoring our
> documents on proof-of-possession. (As a reminder, here is the
> presentation I have during the OAuth meeting:
> http://www.ietf.org/proceedings/89/slides/slides-89-oauth-0.pptx)*
>
> Mike had already posted draft-jones-oauth-proof-of-possession-00 and now
> I have added the architecture document, which provides an overview of
> the different pieces.
>
> Here is the document for you to look at:
> http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00
>
> Ciao
> Hannes
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>