[OAUTH-WG] Proof-of-Possession Key Semantics for JWTs spec addressing WGLC comments

Mike Jones <Michael.Jones@microsoft.com> Tue, 07 July 2015 20:23 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF8C61A8AB8 for <oauth@ietfa.amsl.com>; Tue, 7 Jul 2015 13:23:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6KDvqxp3018c for <oauth@ietfa.amsl.com>; Tue, 7 Jul 2015 13:23:07 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0124.outbound.protection.outlook.com [207.46.100.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58F9D1A8AB7 for <oauth@ietf.org>; Tue, 7 Jul 2015 13:23:07 -0700 (PDT)
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) with Microsoft SMTP Server (TLS) id 15.1.213.10; Tue, 7 Jul 2015 20:23:06 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0213.000; Tue, 7 Jul 2015 20:23:06 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Proof-of-Possession Key Semantics for JWTs spec addressing WGLC comments
Thread-Index: AdC48rb5Z6Z4jjfaQJG0cBsiuBv0rg==
Date: Tue, 7 Jul 2015 20:23:05 +0000
Message-ID: <BY2PR03MB4423239C572063B794BE99BF5920@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:ed31::2]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 5:0/xB5YW4mK0QrDMhkYQHsdO6MxgD7A5O17cZTUVbQSHZDE87SZ6Np+H9ZnMPi5yqN5SHclayntXvKbl8s5unvbQ9elMLyU7UOkakYjJcBNLncmkTJsz0F9w628nsH5vLRDPF7Mr1udJHEdJpqY9txg==; 24:jRGU9I+HMRYEPuN+gVlrHWwOMTw9ioBdHSfJDLx6MD7VhiDZ7L+DxQKul0J2gUvV/RIsPCcVXKognzljew/2HJEsUh1jxx4UvIoqZcCKn/0=; 20:5/Q2md7n85QSv7vseAkrjPyi6zGOg3mL4bdPAd46HODex5KIwIyhv1/9ZP4hGBBM1lStGPbd6x7k4nAE+dpJwQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
by2pr03mb442: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <BY2PR03MB4427520423C061B3FDEDFF4F5920@BY2PR03MB442.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:BY2PR03MB442; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB442;
x-forefront-prvs: 0630013541
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(54164003)(86362001)(74316001)(110136002)(107886002)(19609705001)(5001960100002)(2501003)(2900100001)(16236675004)(230783001)(5003600100002)(15975445007)(102836002)(40100003)(46102003)(189998001)(99286002)(5002640100001)(62966003)(86612001)(450100001)(77156002)(92566002)(50986999)(77096005)(54356999)(19300405004)(2351001)(2656002)(33656002)(229853001)(19625215002)(19580395003)(87936001)(19617315012)(3826002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB4423239C572063B794BE99BF5920BY2PR03MB442namprd_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2015 20:23:05.9587 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/yyi_OdArDf6bhzNfTVoEO-jRLcc>
Subject: [OAUTH-WG] Proof-of-Possession Key Semantics for JWTs spec addressing WGLC comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 20:23:09 -0000

The editors have published draft-ietf-oauth-proof-of-possession-03<https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-03>03>, which addresses the working group last call comments received.  Thanks to all of you who provided feedback.  The changes were:

*         Separated the jwk and jwe confirmation members; the former represents a public key as a JWK and the latter represents a symmetric key as a JWE encrypted JWK.

*         Changed the title to indicate that a proof-of-possession key is being communicated.

*         Updated language that formerly assumed that the issuer was an OAuth 2.0 authorization server.

*         Described ways that applications can choose to identify the presenter, including use of the iss, sub, and azp claims.

*         Harmonized the registry language with that used in JWT [RFC 7519<http://tools.ietf.org/html/rfc7519>]9>].

*         Addressed other issues identified during working group last call.

*         Referenced the JWT and JOSE RFCs.

The updated specification is available at:

*         https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-03

An HTML formatted version is also available at:

*         http://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-03.html

                                                                -- Mike

P.S.  This note was also published at http://self-issued.info/?p=1406 and as @selfissued.