[Unbearable] FW: OAuth and OpenID Connect Token Binding specs updated
Mike Jones <Michael.Jones@microsoft.com> Fri, 27 October 2017 01:50 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0873113F4CB for <unbearable@ietfa.amsl.com>; Thu, 26 Oct 2017 18:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eYyycF8lg3Oq for <unbearable@ietfa.amsl.com>; Thu, 26 Oct 2017 18:50:48 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0132.outbound.protection.outlook.com [104.47.41.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C32D13F491 for <unbearable@ietf.org>; Thu, 26 Oct 2017 18:50:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=e3BGrtmmG35UfNc2mii8suTtZgI3sTuTQ3XRuFde3X4=; b=mtQGLwAg75a2rioJ3Obey/YSEeTaXHSuJKp1mRfGN+1uaFzowgTpj3fuEucYOKCCqi5lCfPa2CAuTkVkiqvbG1CxvzIfz4orYDrZ8ph5E6xIMUa2hf9WPgkA/72VISnHUEFSsEqRqigrA5v9eWZ5egT5OzIVakn+GEjqV1AoHkU=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0695.namprd21.prod.outlook.com (10.175.121.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.197.0; Fri, 27 Oct 2017 01:50:46 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.20.0197.006; Fri, 27 Oct 2017 01:50:46 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: OAuth and OpenID Connect Token Binding specs updated
Thread-Index: AdNOwS8Q2pa6FtsSQ0mfAarSebdK2AABLLHQ
Date: Fri, 27 Oct 2017 01:50:46 +0000
Message-ID: <CY4PR21MB0504DBCFAF0FFB7BC9FBF677F55A0@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <CY4PR21MB0504C66C604809958CEDB57BF55A0@CY4PR21MB0504.namprd21.prod.outlook.com>
In-Reply-To: <CY4PR21MB0504C66C604809958CEDB57BF55A0@CY4PR21MB0504.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Ref=https://api.informationprotection.azure.com/api/72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-10-26T18:50:45.1141436-07:00; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:d::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0695; 6:K/m5VI8WohN4d0l7olEh4NOgIyGnJl4eWKK9dTRRPCFOcDrD8mmBX9byp9Im8IeGhjoQBo14dLxbZbbUv/uJZsY1YHOj5+RqXIEiMKZRSbUSzoED5pmRRD6gIVFzISi8vqCuCPL/trPb+OYTEB6FyAueUJ7vzcxZSpy3WXivnVQVHMrgxauLFjkCqXsWPvXPUbw5pmcuUU/9JsecA/xafuNfwvBZC6sQ0mGmom6F38KTuOJMVfqP/qqYCy5i4DFjCFIag6+zsZV4ltvz1k/FzKqbnerLlhyW++6OajIVQx3wwQ/gD4Du2Za8tuLlON+WYDT0Ihb0mm+HAj0rDjzUsgEVe+1NwvuVsd15ZHMywh4=; 5:paFnq5L07MT+SxC1S7cU23joca3krbSp6Kz3hYd6j4EocCVPkHxXTLkvqmqSZwlzk0izYGp9R4MlFmpmWIle5MTB5yOJ5niQmMGuVNaB1m9Mtei0ssEVK+4lIRhrPhO8wZQMT6auixvXVJlSYZ4lSUsj7VfROD5H5T6oRoUmRhI=; 24:QUBAt9d5VFs9XTHBqcKaAO5CqnFztYt2jYWrtMjMi52LQMfyq15hqXT4SE6J66TyEajNEa56OqJw6dNbUqchLxkYsckahv8MSK5CwE40T1I=; 7:svPvjVv6aPzQpwag0+VyjzXmFNnBHPejaje/dLa3iOWIdUWK6wULR2wOozUrsmpJFldu80jySOtNFZlfv+P+TlHhh+cHzRONL8eNRXA89qFIK7NrbpztTtUEFgx7Xok2jFVZhtPb9sd5qDY4G9GRXgRF4FRWjiGDhjaiV4+Xmy5Ko5SGdvB3ZtTcjA+cQEGBypckboKN7CLPfC5SLsciCVdqMtdc8r4IKtLNZc7+vLAIJZ8eJatMCTBiD9XpymKe
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b579a321-2881-45b5-f14f-08d51cdd2444
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603238); SRVR:CY4PR21MB0695;
x-ms-traffictypediagnostic: CY4PR21MB0695:
x-exchange-antispam-report-test: UriScan:(31418570063057)(21748063052155)(21532816269658);
x-microsoft-antispam-prvs: <CY4PR21MB0695B4F249BA26D2E051EA50F55A0@CY4PR21MB0695.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231020)(10201501046)(100000703101)(100105400095)(6055026)(61426038)(61427038)(6041248)(20161123558100)(20161123562025)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0695; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0695;
x-forefront-prvs: 0473A03F3F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(209900001)(47760400005)(199003)(189002)(97736004)(5660300001)(72206003)(7736002)(9686003)(54896002)(2501003)(966005)(106356001)(6116002)(102836003)(606006)(2906002)(790700001)(8990500004)(55016002)(99286003)(74316002)(15650500001)(2420400007)(236005)(53376002)(6306002)(2473003)(478600001)(53936002)(3280700002)(3660700001)(2351001)(10290500003)(105586002)(7696004)(8676002)(54356999)(76176999)(50986999)(77096006)(2900100001)(1730700003)(2940100002)(10090500001)(81156014)(14454004)(81166006)(33656002)(6916009)(229853002)(2950100002)(101416001)(86612001)(5630700001)(53546010)(6506006)(68736007)(86362001)(7110500001)(189998001)(25786009)(22452003)(316002)(5640700003)(6436002)(8936002)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0695; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0504DBCFAF0FFB7BC9FBF677F55A0CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b579a321-2881-45b5-f14f-08d51cdd2444
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2017 01:50:46.3880 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0695
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/zFCC9J6aeCIWLgDcDGsJLOuOqU4>
Subject: [Unbearable] FW: OAuth and OpenID Connect Token Binding specs updated
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 01:50:50 -0000
From: Mike Jones Sent: Thursday, October 26, 2017 6:49 PM To: oauth@ietf.org Subject: OAuth and OpenID Connect Token Binding specs updated The OAuth 2.0 Token Binding specification has been updated to enable Token Binding of JWT Authorization Grants and JWT Client Authentication. The discussion of phasing in Token Binding was improved and generalized. See the Document History section for other improvements applied. The specification is available at: * https://tools.ietf.org/html/draft-ietf-oauth-token-binding-05 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-ietf-oauth-token-binding-05.html An update to the closely-related OpenID Connect Token Bound Authentication 1.0 specification was also simultaneously published. Its discussion of phasing in Token Binding was correspondingly updated. The OpenID Connect Token Binding specification is available in HTML and text versions at: * http://openid.net/specs/openid-connect-token-bound-authentication-1_0-02.html * http://openid.net/specs/openid-connect-token-bound-authentication-1_0-02.txt Thanks to Brian Campbell for doing the bulk of the editing for both sets of revisions. -- Mike P.S. This note was also published at http://self-issued.info/?p=1740 and as @selfissued<https://twitter.com/selfissued>.