Re: [Unbearable] Token binding for Oauth2.0
Mike Jones <Michael.Jones@microsoft.com> Mon, 30 October 2017 06:37 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E71313968C for <unbearable@ietfa.amsl.com>; Sun, 29 Oct 2017 23:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wh2iS6NDY2T0 for <unbearable@ietfa.amsl.com>; Sun, 29 Oct 2017 23:37:55 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0128.outbound.protection.outlook.com [104.47.34.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E57761391C3 for <unbearable@ietf.org>; Sun, 29 Oct 2017 23:37:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+ue9s6WGPehqSd9pYUPYYNECHvo8Vku/FXLDR3i88WE=; b=VpIQIS3dMQjDYS4tbBEob31nf9RfqizYBxjGXLioN9XfzSzulW4DYzMc8G+ga0hhfa767Cs62L4eNocB2I6kF7P/u6EJ336xG8ozoqjn36WNVAGZAovgIAMmNS4AwUf6L2NFyOBOJmgTvmo68hzf+2uSNvmAKKQ/JTKoClppAfI=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0758.namprd21.prod.outlook.com (10.173.192.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.197.0; Mon, 30 Oct 2017 06:37:53 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0218.002; Mon, 30 Oct 2017 06:37:53 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: tharmakulasingham inthirakumaaran <inthiraj1994@gmail.com>, "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: [Unbearable] Token binding for Oauth2.0
Thread-Index: AQHTUT4iwH90VTcuV0alV0L975pH7qL78Hjw
Date: Mon, 30 Oct 2017 06:37:53 +0000
Message-ID: <CY4PR21MB050474E09B591C1DBE1ACAC0F5590@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <CAFUY97p7DNUms9_f+P5jg0dFzr2BO4DibxAM5_E04UoLejCa_A@mail.gmail.com>
In-Reply-To: <CAFUY97p7DNUms9_f+P5jg0dFzr2BO4DibxAM5_E04UoLejCa_A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.85.199]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0758; 6:v8tl87xfmXWXyxaAxkDtny5G1IJIn49n6OG1ZNy6MHEYCpxW/UhNADfjkZIytVMEyfP9Cb2coh5kgC00jsEGNPndH7oNDhoUL2/huFJx+VOasnSwj9I/21NPT6XJksOlsjD3jDpy2Vqgm4ShCYJ4DfzATeZtumYT8+OCCmDvm0bwPh10ZYbvHn/7B7BqTQVMmgY2SHqjdW77VK+SOIa6ZZV/+KzO4cPrFmW4fahpt3gsVuqjxdYdXdwhrsYByIEsFKJiP6LUzE9A7RFk8AFKX9GN43dFjfSwOwAkTVm/sf52WH3OrRg9TksxpbQbk8v9aaWVuDXGMJIBd4fjDN3WqwP47A0WOOoUht7Ojh31e38=; 5:97XYCPZnLh6/56DPr1j6C3wfOVx9taEOjDrvmKlMCzH79kdRNB3UzV6at+ip3k8EteQXnPTvjHZEbrCtqGGQFhau9RVP66VCjMrnWbdw4he5D+1kM7qIXRm2toIdblrOk/KeRsPXCz1bfqosh/Ogc7OmLvZ1igpaTJ/IgdhfmIw=; 24:JYxtMbc1XWnIDuBvsZqIhY0bAAZcSkqT6Q9nudFWubPXIrstATdyTRWBSAaFnASE6KKkkXammRl1WHWdl8Ee7aZWvhbAJqYHXfMB4NlZk/A=; 7:N8ncQYgh+Z5ysYbpR5P53XHj75+qFLGkRNDEE0WY9JvwcNUyhCEtDwzv5mOLErR/ETvs1ZGE4RRZ61waXgMgeElydcaGBZuqBA+RwLGj8acjwN26Xp0iluO6ayJk4qHzqMyL2At3Ixax62hIW62/OAcpUr7jqDBtKuNpJLg3z01wexUMw3XKzR2qOv3SaknOzUZq6bAFXLKfbuUDCzLd5O2qq5CEkJhPKIEvleGzS73121r8EkBB7HVobz/tmfy3
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: c235b388-cd1b-4cf4-aac2-08d51f60bf86
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603238); SRVR:CY4PR21MB0758;
x-ms-traffictypediagnostic: CY4PR21MB0758:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-exchange-antispam-report-test: UriScan:(158342451672863)(21748063052155);
x-microsoft-antispam-prvs: <CY4PR21MB07583403158003B343ED88EAF5590@CY4PR21MB0758.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(3231020)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123558100)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0758; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0758;
x-forefront-prvs: 0476D4AB88
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(47760400005)(53754006)(199003)(189002)(53936002)(316002)(7696004)(5660300001)(81166006)(86362001)(76176999)(50986999)(54356999)(8936002)(68736007)(81156014)(97736004)(22452003)(8676002)(2501003)(2950100002)(86612001)(2900100001)(3846002)(106356001)(25786009)(790700001)(110136005)(102836003)(3280700002)(72206003)(3660700001)(99286003)(14454004)(10090500001)(478600001)(39060400002)(101416001)(6246003)(6116002)(105586002)(7736002)(2906002)(606006)(8990500004)(74316002)(189998001)(966005)(6306002)(9686003)(66066001)(53546010)(6436002)(6506006)(10290500003)(33656002)(229853002)(55016002)(236005)(77096006)(54896002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0758; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB050474E09B591C1DBE1ACAC0F5590CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c235b388-cd1b-4cf4-aac2-08d51f60bf86
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2017 06:37:53.2450 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0758
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/S4SGsfnspIghldUvyZ9wrF1kKrE>
Subject: Re: [Unbearable] Token binding for Oauth2.0
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 06:37:57 -0000
Please see https://tools.ietf.org/html/draft-ietf-oauth-token-binding-05 for the answers. Best wishes, -- Mike From: Unbearable [mailto:unbearable-bounces@ietf.org] On Behalf Of tharmakulasingham inthirakumaaran Sent: Sunday, October 29, 2017 10:16 PM To: unbearable@ietf.org Subject: [Unbearable] Token binding for Oauth2.0 Hi all, I am a university student and trying to implement token binding for oauth2.0 in one of my projects. Currently, I am using nginx as proxy to do the token binding but hope to write a token binding implementation in java. I want to know how we can send referred token binding ID(RID) without redirection or Include-referred-ID header. Especially in the point where client application send access token request with including referred token binding ID (ID between the client app and resource server).Although spec says we can use other methods, I cannot find what are those. Please clarify me on this matter and open to any suggestion on how to do this project.If you can suggest any example implementations that would be helpful too. Thank you, kumaaran
- [Unbearable] Token binding for Oauth2.0 tharmakulasingham inthirakumaaran
- Re: [Unbearable] Token binding for Oauth2.0 Mike Jones