Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq
Mike Jones <Michael.Jones@microsoft.com> Wed, 31 October 2018 16:17 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78A19130DC2; Wed, 31 Oct 2018 09:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.469
X-Spam-Level:
X-Spam-Status: No, score=-2.469 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id exB9VT61mN34; Wed, 31 Oct 2018 09:17:41 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640120.outbound.protection.outlook.com [40.107.64.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 761661293FB; Wed, 31 Oct 2018 09:17:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D6nGemQzx9hIc33rvJ2TyJbrOdiHWLegR+GWH+u3BKw=; b=fLieGZkrh9Pln/5YaBOaXLDf3fBZOta1s1lXb+MaIEtZ7s2+goE1kr/pdCMRj0socdbaaMOY4zTzIAwS0kKObTEhPiyDKzjpR/ohxGPxTlzJ5BANyXcrNbuHe2LrXhzWb7UlCC+OtmCQwlRAJV0n+6SKUHT651xjWxHFgo5UosM=
Received: from MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) by MW2PR00MB0412.namprd00.prod.outlook.com (52.132.149.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1335.0; Wed, 31 Oct 2018 16:17:38 +0000
Received: from MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::adfd:292e:1b8e:cbd]) by MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::adfd:292e:1b8e:cbd%6]) with mapi id 15.20.1336.000; Wed, 31 Oct 2018 16:17:38 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "draft-ietf-oauth-jwsreq@ietf.org" <draft-ietf-oauth-jwsreq@ietf.org>
CC: 'oauth' <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq
Thread-Index: AdRxLpIMI5di45SuRsKCd+hvIPbTSAABVs7A
Date: Wed, 31 Oct 2018 16:17:38 +0000
Message-ID: <MW2PR00MB0298547452BD260483C0CC50F5CD0@MW2PR00MB0298.namprd00.prod.outlook.com>
References: <04d301d4712f$08bf8dc0$1a3ea940$@augustcellars.com>
In-Reply-To: <04d301d4712f$08bf8dc0$1a3ea940$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.95.50]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0412; 6:3kQZlF5bUAX2YrATp9+624h6Kld4Kb0gT5rUKUxP4YfQ3DyIMi+4EfaIzvibuEIHbcLMkLLPfb+N2RZg/oZ2VhCepz7kwZyX16ka+xWXnvFt4uvGHZetMP+FfaOuYVUhERFfngNc0mNwCzSyFJ68BCmprqa0u+PTG59GORVodzCAJdoLDVIo/hA7MbvY5oz+7ky58E4GsGoYVFHTzlztlJ/DeJY4GILTBfkcZWXZbLeq+j1ZI2fUp9KpSSCioOojRxlaz58zhX4xJkFSM1hx7KD3Tdw3owCPLfq6WNGhSWBJYEpbIxO8lvkdwn20vouY2SyFvEd+fh9++xCTkeCO+vO90O/KEsG6jwGfICg80gwexzForXCqIYCnoGUm9c4l6XjfzHyIxIlNDbttxjiTEgNmbJeXiezA4zjWb8v7E0N6raRYvllOWwGPWPKrEio1cNQzU2RTybAKdFElRLzgfA==; 5:5diw/8m7lAjJrZuaR1GDknkSvv+xBzXZ2PuSCc+eZQFJu+sKLuPRJR3g7x0C+iWrAJFz9JFkfQgQpDSdgzfd8pQ2ZIW365h7R1ub5Z/BfwDtQPsa5cp+bt8rn4ODFZ5xLLXTLXSwGjbj3A18TwHR6JkE90x5VC7A4xIfHiHmqWA=; 7:rpy8iVbEiidSb1OlquaXKjWbvewy36/vDKQNdsiNfI6pZMnjlOBwhxZRTP5hoaiiAcXfTY2VsdieYw8Vggq9+LEs+Fi7MjlMRQ/Uqb5+/VoVH432/JW4usTc4HvobTeyrl/KC/huRFbHbMouSmQIMA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: bacf0725-2e40-4c1e-6be5-08d63f4c605c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:MW2PR00MB0412;
x-ms-traffictypediagnostic: MW2PR00MB0412:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB0412967BEDA7590B65B7EFD8F5CD0@MW2PR00MB0412.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(8220035)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3231382)(944501410)(52105102)(2018427008)(93006095)(93001095)(3002001)(10201501046)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123558120)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:MW2PR00MB0412; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0412;
x-forefront-prvs: 084285FC5C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(39860400002)(376002)(346002)(366004)(189003)(199004)(13464003)(105586002)(81156014)(8990500004)(81166006)(86362001)(53936002)(8676002)(54896002)(9686003)(236005)(229853002)(6436002)(6306002)(2900100001)(316002)(8936002)(606006)(2906002)(106356001)(97736004)(55016002)(68736007)(110136005)(10090500001)(790700001)(6116002)(3846002)(2501003)(22452003)(5250100002)(33656002)(256004)(71200400001)(21615005)(71190400001)(74316002)(14444005)(7736002)(14454004)(6506007)(5660300001)(7696005)(446003)(53546011)(478600001)(72206003)(186003)(486006)(102836004)(10290500003)(26005)(76176011)(966005)(4326008)(99286004)(476003)(25786009)(6246003)(66066001)(86612001)(11346002); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0412; H:MW2PR00MB0298.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 2KOk/6eY3gzWf+2fpxWF05ye/tqb8knPqACUg/gDvBR46JiH5+W3gPE86/QBAZzxgilUQiR8a7+k7UHPacGTHT+3EkcSeef3eG2AquZ2eLC6oB+hSVJ/LNCbFja3YsFZOaLx5ElULDlxHnhREelSIcPWw+jMAv85FakAYgJkjNOApYRpy9kZ/gG8h+7k6U+nCwziqZJy9UE3T+KC0NRxSoLLZn6eEQQggUqTPAFOWA3CiXU4T7fKVhddUgo+0OczAz9tPYBH2WOtlJOttfohaF/F36+BfjTyNOnf25v5yTkuDqWqslPCtVtAC6BVs0ary2tAybk0jpFHaX9qCkgg+mdpFkfvFNV8Q8Z3h6mvjNk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MW2PR00MB0298547452BD260483C0CC50F5CD0MW2PR00MB0298namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bacf0725-2e40-4c1e-6be5-08d63f4c605c
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2018 16:17:38.4666 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0412
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/gdqFzpz2wkPYHppqTcMSS0-jte4>
Subject: Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 16:17:43 -0000
JWT defines a number of standard claims that are used in this application, including "iss" (issuer), "aud" (audience), etc. Making the requests a JWT allows code reuse, rather than having an application-specific signed request representation that has many of the semantics and fields of a JWT anyway. It's also worth noting that this practice has been a standard since 2014. OpenID Connect Core standardized the OAuth signed request format in https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests. The draft-ietf-oauth-jwsreq<https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-17> spec is the OAuth-only version of this already standard and deployed practice. (There's other precedents for OAuth subsetting standard OpenID Connect functionality. For instance, RFC 8414<https://tools.ietf.org/html/rfc8414> is the OAuth-specific subset of the metadata format defined by OpenID Connect Discovery<https://openid.net/specs/openid-connect-discovery-1_0.html>.) -- Mike -----Original Message----- From: OAuth <oauth-bounces@ietf.org> On Behalf Of Jim Schaad Sent: Wednesday, October 31, 2018 8:33 AM To: draft-ietf-oauth-jwsreq@ietf.org Cc: 'oauth' <oauth@ietf.org> Subject: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq As part of looking at the issues of using CWTs for this purpose I did some more reading of the document. I am having a problem with the understanding the reasons for using JWT as opposed to just saying that you are going to use JWS and JWE. There is nothing in this section that I can see that points to a reason to be using JWTs as the carrier. What am I missing? Jim _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth