Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-07.txt
Justin Richer <jricher@mit.edu> Tue, 31 March 2015 13:10 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 833291ACD1C for <oauth@ietfa.amsl.com>; Tue, 31 Mar 2015 06:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ta6JeVncsQZG for <oauth@ietfa.amsl.com>; Tue, 31 Mar 2015 06:10:38 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BE3B1ACD19 for <oauth@ietf.org>; Tue, 31 Mar 2015 06:10:38 -0700 (PDT)
X-AuditID: 1209190d-f79676d000000da0-95-551a9ccc7fd0
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 92.65.03488.CCC9A155; Tue, 31 Mar 2015 09:10:36 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t2VDAZql008791; Tue, 31 Mar 2015 09:10:36 -0400
Received: from [192.168.128.56] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t2VDAYuB022713 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 31 Mar 2015 09:10:35 -0400
Message-ID: <551A9CC6.8080301@mit.edu>
Date: Tue, 31 Mar 2015 09:10:30 -0400
From: Justin Richer <jricher@mit.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "<oauth@ietf.org>" <oauth@ietf.org>
References: <20150327232343.29335.55288.idtracker@ietfa.amsl.com> <B0122CE4-17BE-4AD6-9FB7-9AEBC1960FA9@mit.edu> <551A6943.70905@gmx.net>
In-Reply-To: <551A6943.70905@gmx.net>
Content-Type: multipart/alternative; boundary="------------010701070103090708090209"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjleLIzCtJLcpLzFFi42IR4hRV1j0zRyrUYMFyTYulO++xWpx8+4rN gclj8ab9bB5LlvxkCmCK4rJJSc3JLEst0rdL4Mr4u3UhY8H5gIpvE16wNzBOd+xi5OSQEDCR OHrzCzOELSZx4d56ti5GLg4hgcVMEgvnHGGHcDYySpx6shYqc5tJYv+VTYwgLbwCahINO36x gNgsAqoSZ3a2gcXZgOzpa1qYQGxRgSiJnj/dbBD1ghInZz4BqxcRiJeYf7IHrEZYwFPi/J4X rBALOhklFkzpYgdJcAINurrxDthQZoEwiY9n9zFPYOSfhWTWLCQpCNtW4s7c3VC2vETz1tlQ tq7Eom0r2JHFFzCyrWKUTcmt0s1NzMwpTk3WLU5OzMtLLdI10svNLNFLTSndxAgObkneHYzv DiodYhTgYFTi4b1wTzJUiDWxrLgy9xCjJAeTkijv/SqpUCG+pPyUyozE4oz4otKc1OJDjBIc zEoivD8nAuV4UxIrq1KL8mFS0hwsSuK8m37whQgJpCeWpGanphakFsFkZTg4lCR4d88GahQs Sk1PrUjLzClBSDNxcIIM5wEaPhOkhre4IDG3ODMdIn+KUVFKnLcSJCEAksgozYPrhSWfV4zi QK8I8/4BqeIBJi647ldAg5mABp9eJQ4yuCQRISXVwLiqQrFSTPDzt/sGErI/uI8/X79++vn5 DG/vbDeb5Xfp3XEF77TdPdLFgnNuf1qjV/TysFfCf16dfRNZ7JPV1WMcal/lC5/N0134OjRr 2ZF1KjrGS2IKPWbdutkatvbf6b0+GrHurTeYOBbsjtyyWHNOObfIjG2eS8+IuLuI7ugSeJKS H7hV66USS3FGoqEWc1FxIgCqclvrGQMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/vtSCi5OhmQgq_0oKII3nJ1-bxxc>
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-07.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 13:10:41 -0000
Hannes,
Yes, disambiguation with JWT is a very important goal here, since both
are talking about token information. The document currently has this
text in 3.1.1:
Name:
The name requested (e.g., "example"). This name is case
sensitive. Names that match other registered names in a case
insensitive manner SHOULD NOT be accepted. Names that match
claims registered in the JSON Web Token Claims registry
established by [JWT <http://tools.ietf.org/html/draft-ietf-oauth-introspection-07#ref-JWT>] SHOULD have comparable definitions and
semantics.
But perhaps we can push this even further. Additionally, the review list
is the oauth-ext list, but perhaps it should be jwt-ext in addition or
instead of oauth-ext. I'd like WG feedback on that aspect as well.
-- Justin
On 3/31/2015 5:30 AM, Hannes Tschofenig wrote:
> Hi Justin,
>
> thank you for quickly updating the document to give the working group a
> chance to review the proposed text for the open issue regarding the
> registry.
>
> We should give the group a couple of days to decide whether they like
> the change.
>
> I looked at the text and it is fine with me. I was, however, wondering
> whether the expert reviewers should be given some guidance. For example,
> I could imagine that it would be helpful to check a new claim against
> the JWT registry. What we would like to avoid is to have claims in the
> introspection registry that have the same name but a different semantic
> compared to those in the JWT registry. That could lead to a lot of
> confusion.
>
> Ciao
> Hannes
>
> On 03/28/2015 12:28 AM, Justin Richer wrote:
>> This version creates the OAuth Token Introspection Response registry as discussed at the face-to-face meeting this past Monday. This is a new, separate registry from the JWT registry, and it wholesale imports the claims in the JWT registry as response elements. There are instructions in the registry’s template and description about manually coordinating with the contents of the JWT registry, which will ultimately be the responsibility of the expert reviewers.
>>
>> Please check the diffs and the final version to make sure that this makes sense, and I’d like to hear feedback from the wider working group to confirm that this is the direction we want to take vis a vis the response parameters.
>>
>> — Justin
>>
>>> On Mar 27, 2015, at 6:23 PM, internet-drafts@ietf.org wrote:
>>>
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the Web Authorization Protocol Working Group of the IETF.
>>>
>>> Title : OAuth 2.0 Token Introspection
>>> Author : Justin Richer
>>> Filename : draft-ietf-oauth-introspection-07.txt
>>> Pages : 16
>>> Date : 2015-03-27
>>>
>>> Abstract:
>>> This specification defines a method for a protected resource to query
>>> an OAuth 2.0 authorization server to determine the active state of an
>>> OAuth 2.0 token and to determine meta-information about this token.
>>> OAuth 2.0 deployments can use this method to convey information about
>>> the authorization context of the token from the authorization server
>>> to the protected resource.
>>>
>>>
>>>
>>> The IETF datatracker status page for this draft is:
>>> https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/
>>>
>>> There's also a htmlized version available at:
>>> http://tools.ietf.org/html/draft-ietf-oauth-introspection-07
>>>
>>> A diff from the previous version is available at:
>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-07
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
- [OAUTH-WG] I-D Action: draft-ietf-oauth-introspec… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Hannes Tschofenig
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Justin Richer