IETF Logo Mail Archive

[OAUTH-WG] Re: WGLC for Token Status List

Dean Saxe <dean.saxe@beyondidentity.com> Wed, 08 January 2025 19:39 UTC

Return-Path: <dean.saxe@beyondidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77ED9C1D52F1 for <oauth@ietfa.amsl.com>; Wed, 8 Jan 2025 11:39:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=beyondidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPQ945z2vLvB for <oauth@ietfa.amsl.com>; Wed, 8 Jan 2025 11:39:02 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34E99C1D4A93 for <oauth@ietf.org>; Wed, 8 Jan 2025 11:39:02 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-305f529a987so422371fa.2 for <oauth@ietf.org>; Wed, 08 Jan 2025 11:39:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=beyondidentity.com; s=google-bid; t=1736365140; x=1736969940; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gfdCiuljSJAsaE2AfBYycShO/MyZCfz7KuxudMyHShQ=; b=be+zjN7fQyil7DaysS+FJeNcLmzuTVqR0E7Ps2Jr+cXK4mye+NJb0tZ7ARvq+SOnUQ byhx6NlMv8N6kJk/V0SZ4hPnDzJ86XmSri0SZ3WOgXGAZe153xpd7eBa6MzSdxPTMVM6 DNO0QW7jtf19iTEGwbhJlhPAmdFGrixkY2eVFaVmoOGAdWdClSkBeoTL0m9KeJfa1yao T5RQabNPXtQpBvAtJ8sYcKlhD/km0foydeXU8iVeGuvKmGSTyUzBAhho/t9E4mQSUrTp +SeqXO1tncjpfdeA315MTKpZ9AZ5H+EwWm7yKH9dWurAtX/s+mnQjn9XaPJxsaTnbC/I GsMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736365140; x=1736969940; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gfdCiuljSJAsaE2AfBYycShO/MyZCfz7KuxudMyHShQ=; b=LRsdXRXMqzdU49a7bIMWEo9IqUOla/xByO5M52zrUQLg1QMUTlSaYvDcEo07m+1NYT SnJDeV0zmTOmlwVS9Rk7RWqoxiYdmUT388M0S1JBGH+x6G6feI2+yoGr/nVvug2drodO 9y0c5iy69h2FLHGRbbyg7vXx9+8U3Pj5s9gswynDDG2cIITsA5wKn2QniuFUdwq2KG5P hvEYXyq3kJFUp6Fx2FQ0prQzWJRClEd0QF5BJDprS4pEbJCAJfWHjJ/kT+tRQB9bzkJq 7UakuVgeVT693WKv22eLED+MqII8cFUCyglO2KeZBsGO69rRsio3GMjlBHkevN3u+6CY h9/A==
X-Forwarded-Encrypted: i=1; AJvYcCUxxogPgA5gwujUh2U8yimQc4wA8mgqeg5ISMgU5+DyG+kdfwTupxb5P1UzCn8HfummFn8Qfw==@ietf.org
X-Gm-Message-State: AOJu0YwxbSvWk3xSA706s/tZI6gyQDKJA726pPnXG6Lb+e+qqlaEfJwI kcXHeZ52f46C1FBMmVh2e/lWV45d26oCE+u1VLGz5M6Jq0vE+1KpckkuMvZSgw1HMeVdi9zgJ+/ +OVLDzmRzoEj8NYKqDBSclOXsaDzfHNduCvrTOA==
X-Gm-Gg: ASbGncs6IpgNgRlQcqEbv4ef7j5vqkKBVgkWxhCh05veY7xw6Y8RjBziWD2y3wMmnRn TD5JtxLoqDQ/wI1KMJ1dVjAkTMY+GNJp7MksU/Cs=
X-Google-Smtp-Source: AGHT+IGusjTF3IuR1gjAAGNWzoCLdEo4wb1Vms5RNmTITmtepogzJ5ZOeZtxkrMn11p9s2yXMLSj+DsxxsWKiiq9ENA=
X-Received: by 2002:a05:651c:221a:b0:302:17e7:e186 with SMTP id 38308e7fff4ca-305f455e886mr13011891fa.8.1736365139405; Wed, 08 Jan 2025 11:38:59 -0800 (PST)
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Wed, 8 Jan 2025 11:38:59 -0800
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Wed, 8 Jan 2025 14:38:55 -0500
MIME-Version: 1.0 (Mimestream 1.5.0)
References: <CADNypP_kmt2PdOJoUa+TNpYHYbfdyv+j2pteSaHsrPk4oxdqFw@mail.gmail.com>, <AS8PR04MB7686F48028CF512A12A52715D1142@AS8PR04MB7686.eurprd04.prod.outlook.com> <D75CFAA2-3300-4648-96F3-6B8EB79ACB33@hxcore.ol>
In-Reply-To: <D75CFAA2-3300-4648-96F3-6B8EB79ACB33@hxcore.ol>
From: Dean Saxe <dean.saxe@beyondidentity.com>
Date: Wed, 08 Jan 2025 11:38:59 -0800
X-Gm-Features: AbW1kvaBeCyH8i_-hD6rhVX5v-lM4VKHi03gwfYS7_WZm9FpLbHX66y_8FHiD7Q
Message-ID: <CALH0CC27jdv8r05p37HGjcUuCO1qOp32-Cm1+xwCYZo0QasGDg@mail.gmail.com>
To: "chris.bormann@gmx.de" <chris.bormann=40gmx.de@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000055cdd8062b37037f"
Message-ID-Hash: MXT3MQYRO4C3AVIK4QVY64DDXEMJ6NTA
X-Message-ID-Hash: MXT3MQYRO4C3AVIK4QVY64DDXEMJ6NTA
X-MailFrom: dean.saxe@beyondidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Oliva Fernandez, Jorge" <Jorge.OlivaFernandez=40santander.co.uk@dmarc.ietf.org>, oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: WGLC for Token Status List
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/y-dUDQy_R8HbP95bIzuOV1YFUHw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

 I would not be opposed to more examples and/or test vectors included in an
appendix.  I didn’t recognize that the examples were meant as test vectors
and don’t recall that specifically being identified in the draft.

-dhs
--
Dean H. Saxe, CIDPRO <https://idpro.org/cidpro/>
Principal Engineer
Office of the CTO
Beyond Identity
dean.saxe@beyondidentity.com




On Jan 8, 2025 at 7:37:09 AM, chris.bormann@gmx.de <chris.bormann=
40gmx.de@dmarc.ietf.org> wrote:

> Hi Jorge,
>
>
>
> With that part, we meant the examples given in Section 4 & 10 where
> examples are given for 1 and 2 bit status lists (byte array and base64url
> encoding for the JWT variant).
>
> Perhaps a general question: Would more and bigger examples / test vectors
> be helpful?
>
>
>
> Best Regards,
>
> Christian
>
>
>
> *From: *Oliva Fernandez, Jorge <Jorge.OlivaFernandez=
> 40santander.co.uk@dmarc.ietf.org>
> *Date: *Thursday, 2. January 2025 at 15:23
> *To: *Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, oauth <oauth@ietf.org>
> *Subject: *[OAUTH-WG] Re: WGLC for Token Status List
>
> Hi Rifaat,
>
> Just first time reading this new spec, and I have one doubt, in section
> “111. Correct decoding and parsing of the encoded Status List” say
> “Implementations are RECOMMENDED to verify correctness using the test
> vectors given by this specification.” Where are this test vectors located
> in the specification?
>
> Best Regards.
>
>
>
> *From: *Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
> *Date: *Thursday, 2 January 2025 at 13:53
> *To: *oauth <oauth@ietf.org>
> *Subject: *[EXT][OAUTH-WG] WGLC for Token Status List
>
> *CAUTION:* This message is from an EXTERNAL sender – be vigilant,
> particularly with links and attachments. If you suspect it, report it
> immediately using the phishing button.
>
> All,
>
> This is a WG Last Call for the *Token Status List *document.
> https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/
>
>
> Please, review this document and reply on the mailing list if you have any
> comments or concerns, by *Jan 17th*.
>
> Note that this document will be discussed during the OAuth WG *interim*
> on *Jan 13th*.
>
> Regards,
>   Rifaat & Hannes
>
>
>
> Emails aren't always secure, and they may be intercepted or changed after
> they've been sent. Santander doesn't accept liability if this happens. If
> you think someone may have interfered with this email, please get in touch
> with the sender another way. This message doesn't create or change any
> contract. Santander doesn't accept responsibility for damage caused by any
> viruses contained in this email or its attachments. Emails may be
> monitored. If you've received this email by mistake, please let the sender
> know at once that it's gone to the wrong person and then destroy it without
> copying, using, or telling anyone about its contents.
>
> Santander UK plc. Registered Office: 2 Triton Square, Regent's Place,
> London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in
> England and Wales. https://www.santander.co.uk. Telephone 0800 389 7000.
> Calls may be recorded or monitored. Authorised by the Prudential Regulation
> Authority and regulated by the Financial Conduct Authority and the
> Prudential Regulation Authority. Our Financial Services Register number is
> 106054. You can check this on the Financial Services Register by visiting
> the FCA’s website https://www.fca.org.uk/register.  Santander and the
> flame logo are registered trademarks.
>
> Ref:[PDB#1-4B]
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

v2.39.1 | Report a Bug | By Email | System Status