Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66131A0261 for ; Sat, 12 Apr 2014 18:12:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.978 X-Spam-Level: X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hcqz2-zi8mp0 for ; Sat, 12 Apr 2014 18:12:08 -0700 (PDT) Received: from mail-oa0-f41.google.com (mail-oa0-f41.google.com [209.85.219.41]) by ietfa.amsl.com (Postfix) with ESMTP id A8F8E1A0178 for ; Sat, 12 Apr 2014 18:12:08 -0700 (PDT) Received: by mail-oa0-f41.google.com with SMTP id j17so7814632oag.14 for ; Sat, 12 Apr 2014 18:12:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Q2vYZhEpMlZccLO5JCOd3ZXltLG3Pp7ApBH6qaT75GE=; b=ZkXw/w+4e+OV0Q0yc4VRolRyDu87u/Ca5ZDau/h1dqr5z6mhDIjLiAyMX8CWQA/vxh PcQ/PLdlGQ4mn0LfXheO/qia/ORusLmoHTyFNK511fTzFHcp6wJPv4PfqSCqi5qhuYfU WKdJ3Ud6i7+vFxUQv1gV3qMG8gSPkI+WKAkeFrglTKioefv0d42NZdsaf257DdchsXdq FzCPZBFwZZvw8c4vOLbzDhDZGKgc9bCU+QKVOWADMa+RYxp16iq1uXxJ7O3HBv27rgif PhhuHYvd8rNzRZuHXxjFq992ZhinoZJF5K3SQlQx7stQ4mAslm0Xm3n5bmzKztcWEEz4 Un2w== X-Gm-Message-State: ALoCoQkGqD8DqyCx4WmYBkRQC4ujY8HHBDRdCQ53qFxYwQJasbyC7XR2LRAc7uWywKG48mjoBVGh MIME-Version: 1.0 X-Received: by 10.182.44.167 with SMTP id f7mr26562298obm.3.1397351526614; Sat, 12 Apr 2014 18:12:06 -0700 (PDT) Received: by 10.76.75.169 with HTTP; Sat, 12 Apr 2014 18:12:06 -0700 (PDT) In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439A132083@TK5EX14MBXC286.redmond.corp.microsoft.com> References: <4E1F6AAD24975D4BA5B16804296739439A132083@TK5EX14MBXC286.redmond.corp.microsoft.com> Date: Sat, 12 Apr 2014 18:12:06 -0700 Message-ID: From: Chuck Mortimore To: Mike Jones Content-Type: multipart/alternative; boundary=001a11c1d7e05ed7e704f6e241c7 Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/wjXJdvUI16bpznmG3MkEXetEdoo Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Proof-Of-Possession Semantics for JSON Web Tokens (JWTs) X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2014 01:12:11 -0000 --001a11c1d7e05ed7e704f6e241c7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Good start here Mike! One quick question - I see the "cnf" member is defined as a JWK. Why not a JWK Set? I could see use-cases for binding in multiple keys. -cmort On Tue, Apr 1, 2014 at 8:36 PM, Mike Jones wro= te: > I've written a concise Internet-Draft on proof-of-possession for JWTs > with John Bradley and Hannes Tschofenig. Quoting from the abstract: > > > > *This specification defines how to express a declaration in a JSON Web > Token (JWT) that the presenter of the JWT possesses a particular key and > that the recipient can cryptographically confirm proof-of-possession of t= he > key by the presenter. This property is also sometimes described as the > presenter being a holder-of-key.* > > > > This specification intentionally does not specify the means of > communicating the proof-of-possession JWT, nor the messages used to > exercise the proof key, as these are necessarily application-specific. > Rather, this specification defines a proof-of-possession JWT data structu= re > to be used by other specifications that do define those things. > > > > The specification is available at: > > =B7 > http://tools.ietf.org/html/draft-jones-oauth-proof-of-possession-00 > > > > An HTML formatted version is available at: > > =B7 > http://self-issued.info/docs/draft-jones-oauth-proof-of-possession-00.htm= l > > > > -- Mike > > > > P.S. This note was also posted at http://self-issued.info/?p=3D1210 and = as > @selfissued. > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > --001a11c1d7e05ed7e704f6e241c7 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Good start here Mike!

One quick questio= n - I see the "cnf" member is defined as a JWK.  Why not a J= WK Set?    I could see use-cases for binding in multiple keys.

-cmort




On Tue, Apr 1, 2014 at = 8:36 PM, Mike Jones <Michael.Jones@microsoft.com> = wrote:

I’ve written a concise Internet-Draft on proof= -of-possession for JWTs with John Bradley and Hannes Tschofenig.  Quot= ing from the abstract:

 

This specification def= ines how to express a declaration in a JSON Web Token (JWT) that the presen= ter of the JWT possesses a particular key and that the recipient can crypto= graphically confirm proof-of-possession of the key by the presenter. This property is also sometimes described as = the presenter being a holder-of-key.

 

This specification intentionally does not specify th= e means of communicating the proof-of-possession JWT, nor the messages used= to exercise the proof key, as these are necessarily application-specific.&= nbsp; Rather, this specification defines a proof-of-possession JWT data structure to be used by other specification= s that do define those things.

 

The specification is available at:

=B7       = ; http://tools.ietf.org/ht= ml/draft-jones-oauth-proof-of-possession-00

 

An HTML formatted version is available at:=

=B7       = ; http://self-issue= d.info/docs/draft-jones-oauth-proof-of-possession-00.html

 

        &nbs= p;            &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; -- Mike

 

P.S.  This note was also posted at http://self-issued.info/?p=3D1210 and as @selfissued.

 


_______________________________________________
OAuth mailing list
OAuth@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/oauth


--001a11c1d7e05ed7e704f6e241c7--