Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-reg-09 - token_endpoint_auth_method
John Bradley <ve7jtb@ve7jtb.com> Wed, 24 April 2013 20:57 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA1B21F8A6B for <oauth@ietfa.amsl.com>; Wed, 24 Apr 2013 13:57:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.167
X-Spam-Level:
X-Spam-Status: No, score=-2.167 tagged_above=-999 required=5 tests=[AWL=0.431, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9G5v2Prb+C9f for <oauth@ietfa.amsl.com>; Wed, 24 Apr 2013 13:57:26 -0700 (PDT)
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 32DC221F8A48 for <oauth@ietf.org>; Wed, 24 Apr 2013 13:57:25 -0700 (PDT)
Received: by mail-ie0-f176.google.com with SMTP id x14so2673732ief.7 for <oauth@ietf.org>; Wed, 24 Apr 2013 13:57:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:message-id:references:to:x-mailer:x-gm-message-state; bh=4vWJxQR9W/U/YwdyY6Lm1y8z16gUyD18S1sGKhP1NqI=; b=CLXskNM3+UNU2D7qNGZuADQK9pXn9ZMSnkrZBClrF5XqdnR3zWv4NJzWtC2Vtwp9nL OCcQ6hlIcnMc07yi79+2TymtVARaFhTheLA24UBG8kJbhRLu2qlwMHZxKDZWaO8aPAvA ewB6hLZP9iB4497eVbwkF7d1y1WVcIw1uM494kGaAZFQ1Q+7cCM2b/NGh1FFeYTcGNdc wxKeC6jTcC5TJ6bQHibuiP5+mxpAlaaknamhY3lFgEoPqVAozAaNfm78lkY1GrcLXo5j TRRlhqxUMy8vCVoQYVvtBUcp6GCHrXRJknPja3F9nEAT1XA5mcSP2gGcFNLGk1yaJ7AW oeIA==
X-Received: by 10.50.110.106 with SMTP id hz10mr16470913igb.24.1366837045625; Wed, 24 Apr 2013 13:57:25 -0700 (PDT)
Received: from [192.168.1.39] (190-20-16-122.baf.movistar.cl. [190.20.16.122]) by mx.google.com with ESMTPSA id dy5sm7759014igc.1.2013.04.24.13.57.22 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 24 Apr 2013 13:57:24 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_5412B490-0DB4-4A39-950B-E78938241C21"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <53250C00-9D1C-4E81-9AD6-E12241B875D9@oracle.com>
Date: Wed, 24 Apr 2013 17:57:10 -0300
Message-Id: <60512D2A-3E89-4809-B1E1-BA55143B58CD@ve7jtb.com>
References: <53250C00-9D1C-4E81-9AD6-E12241B875D9@oracle.com>
To: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: Apple Mail (2.1503)
X-Gm-Message-State: ALoCoQlWqaND6mhrc40AmZGv3viNnCISvcqTw9YmBwm3d1bfMqbl0V5jx5aiCblpnrObKhhQVA1A
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-reg-09 - token_endpoint_auth_method
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2013 20:57:27 -0000
Yes there should be corresponding client_secret_SAML and private_key_SAML. Those parameters were taken from Connect which is more JWT focused so I didn't put in the SAML options for token endpoint authentication, though they would be valid. There is probably some profiling that needs to be done for the client_secret_SAML to define how the client secret is used to hmac the SAML assertion. You might want to just skip that and only do private_key_SAML which is more strait-forward with a asymmetric signature. John B. On 2013-04-24, at 5:17 PM, Phil Hunt <phil.hunt@oracle.com> wrote: > For parameters to token_endpoint_auth_method, the spec has defined "client_secret_jwt" and "private_key_jwt". Shouldn't there be similar options of SAML? > > Shouldn't there be an extension point for other methods? > > Phil > > @independentid > www.independentid.com > phil.hunt@oracle.com > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Questions on draft-ietf-oauth-dyn-reg-… Phil Hunt
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… John Bradley
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Justin Richer
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Phil Hunt
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… John Bradley
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Phil Hunt
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Mike Jones
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… John Bradley
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Phil Hunt
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Sergey Beryozkin
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… John Bradley
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Justin Richer
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Justin Richer
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… John Bradley
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Phil Hunt
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Justin Richer
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Phil Hunt
- Re: [OAUTH-WG] Questions on draft-ietf-oauth-dyn-… Justin Richer