Re: [OAUTH-WG] Fwd: draft-ietf-oauth-jwt-bearer draft errors
Brian Campbell <bcampbell@pingidentity.com> Wed, 12 November 2014 23:50 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0E0A1A0012 for <oauth@ietfa.amsl.com>; Wed, 12 Nov 2014 15:50:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.578
X-Spam-Level:
X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wIqEwIiyEupN for <oauth@ietfa.amsl.com>; Wed, 12 Nov 2014 15:50:24 -0800 (PST)
Received: from na3sys009aog124.obsmtp.com (na3sys009aog124.obsmtp.com [74.125.149.151]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 160221A006F for <oauth@ietf.org>; Wed, 12 Nov 2014 15:50:24 -0800 (PST)
Received: from mail-ig0-f172.google.com ([209.85.213.172]) (using TLSv1) by na3sys009aob124.postini.com ([74.125.148.12]) with SMTP ID DSNKVGPyP9aSSBePu4tmnle1FmC75HtBJNb+@postini.com; Wed, 12 Nov 2014 15:50:24 PST
Received: by mail-ig0-f172.google.com with SMTP id a13so3997862igq.17 for <oauth@ietf.org>; Wed, 12 Nov 2014 15:50:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Gpyn/tbnpQyjCHqPxSkqxqmECRQLcEF8p6pOgMK/GsY=; b=gSPthVt3Fs8anG/2XVrByP51cox2PnilXwaJX281gKH6kuxjRl8Yj7D3HsNlOJ7AAr FDoPlWq+DJ6uGsVlZvbdI88of1X+wgvbqC9H12M2dxUn8KDjF1bCVr9wG4FpmBS2NBUw QZmyD3f1gyYWVmkUtIbYehfE0dM5msqXmtTlB2PZPrYaFM0JTLYz2/KNPJamlT43neLe IE0eiO8dYv7i+4/OfBflRL1E30eShdTtum7PH7wIif6ypmIDRQ+IQEt7wZ6euRKOMq2H 77rbFTpnllioFiChLCVqgXP+d5VP2H0r/DoW+K7+KbpeR7KNArTPyxzdV/wX6wkA9Dnd cSyg==
X-Gm-Message-State: ALoCoQmuW0W5mojWQQFud5UFGp7tyCxKCluPZ8enEbcyANsQDc4P2v9AGzteVCZ4GnawvZAWyCqU4AyzIzrAdpa4O/UBUgeBklIfExbYG0H+igw3qJoOzO+zfASopaUzdjb6NqoAQv7Z
X-Received: by 10.107.170.161 with SMTP id g33mr53205739ioj.2.1415836222951; Wed, 12 Nov 2014 15:50:22 -0800 (PST)
X-Received: by 10.107.170.161 with SMTP id g33mr53205729ioj.2.1415836222826; Wed, 12 Nov 2014 15:50:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.28.15 with HTTP; Wed, 12 Nov 2014 15:49:52 -0800 (PST)
In-Reply-To: <CAHbuEH4hxB-a08n6YYobzZ=b1mkBqNe-WRBkoytbrXbdW7-TDg@mail.gmail.com>
References: <CABhm=xCHO7OCEPFk26hgVVtUWvUo99Q-T1ZWwKCk2nMwfK5eTw@mail.gmail.com> <CAAX2Qa2JQoZPzM0AtQy3VpE9EjaTbi1qBRqcb6d6dF2TZsOieA@mail.gmail.com> <CA+k3eCStAvyM9niT3hoNgAq5CWH-jJb+7uUSk0grYmXt1wmBaA@mail.gmail.com> <CAHbuEH4hxB-a08n6YYobzZ=b1mkBqNe-WRBkoytbrXbdW7-TDg@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 12 Nov 2014 16:49:52 -0700
Message-ID: <CA+k3eCRu2v8BwhndnNhmU4jb-LEE-jgj1a-DqjwiNFK9d8uQzw@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a114278fe1f48d90507b20fe5"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/s4DKCorKRDt5N74VoHmX9nAQlBc
Cc: Benjamin Trofatter <trofatter@google.com>, "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: draft-ietf-oauth-jwt-bearer draft errors
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 23:50:27 -0000
Sure thing, new drafts have just been posted. JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/ http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12 SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/ http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-23 On Wed, Nov 12, 2014 at 12:08 PM, Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > Hi Brian, > > If you could make a quick update, that would be easier to prevent it > from getting lost. The shepherd and I will recheck the draft and then > I'll move it forward. > > Thanks for all of your work on this! > Kathleen > > On Wed, Nov 12, 2014 at 12:05 PM, Brian Campbell > <bcampbell@pingidentity.com> wrote: > > Forwarding this to the WG. > > > > There is a word missing in the sentence noted below as well as in the > > similar sentence in the SAML draft. However, I believe it should be "to > the > > client" rather than "about the client". > > > > What is the most appropriate way to handle a minor fix like this at this > > stage? A note to the RFC editor? Or should I push new drafts? > > > > https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-11#section-7 > > https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-22#section-7 > > > > > > > > ---------- Forwarded message ---------- > > From: Benjamin Trofatter <trofatter@google.com> > > Date: Sat, Nov 8, 2014 at 8:11 PM > > Subject: draft-ietf-oauth-jwt-bearer draft errors > > To: mbj@microsoft.com, brian.d.campbell@gmail.com, > cmortimore@salesforce.com > > > > > > Hi, > > > > I was reading your draft and noticed a couple of typos. In 7 Privacy > > paragraph 1, the last sentence reads: > > > > "In cases where it is desirable to prevent disclosure of certain > information > > the client, the JWT should be be encrypted to the authorization server." > > > > I'm guessing this ought to say something like: > > > > "In cases where it is desirable to prevent disclosure of certain > information > > about the client, the JWT should be encrypted to the authorization > server." > > > > Hope this helps, > > > > Ben > > _______________________________________________ > > Ben Trofatter // Software Engineer // > > trofatter@google.com // (650) 279-0512 > > > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > -- > > Best regards, > Kathleen >
- [OAUTH-WG] Fwd: draft-ietf-oauth-jwt-bearer draft… Brian Campbell
- Re: [OAUTH-WG] Fwd: draft-ietf-oauth-jwt-bearer d… Kathleen Moriarty
- Re: [OAUTH-WG] Fwd: draft-ietf-oauth-jwt-bearer d… Brian Campbell