[Webpush] vapid issue 24: supplementary data in tokens
Martin Thomson <martin.thomson@gmail.com> Fri, 01 July 2016 02:03 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 1397E12D0B4
for <webpush@ietfa.amsl.com>; Thu, 30 Jun 2016 19:03:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3s8kfoXD-ZIE for <webpush@ietfa.amsl.com>;
Thu, 30 Jun 2016 19:02:59 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com
[IPv6:2607:f8b0:400d:c09::231])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 9FE2B12D098
for <webpush@ietf.org>; Thu, 30 Jun 2016 19:02:59 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id o76so65659074qke.0
for <webpush@ietf.org>; Thu, 30 Jun 2016 19:02:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:from:date:message-id:subject:to;
bh=2HIcFJUP5IJYam/DoJTM6BXBS+ksNCEeD96+csHGKtQ=;
b=STGrOOp91HX47Q/BWjB19IgVdi2tdYKPd7bKd1FY6RvtXBPRFRtgB1PzBLLJ8/4ZYx
4I7uTACFCY+NaAQQSIq4Fv9eHbDf3b4i9rcUf3Cz17HzddU1Vv8ETJ8q09GpIVXV4HHt
Xr7cZVjUsyAt9n9aLZ1wexAoZEJZ3W721kUtOxXV9zs4jAZjyNhyIrX09gbWJNawq5eM
xt1jwi0AQweCKe/Ak1UscnJq6aRj1yGJ7Bq5efUDS5MCUBHH+9DAENUj+xNFTauDk1yv
okoAvU1DpIGSUGEICdS4qgcBvU+PEFZ7KrW6opj5Tv/cNuGDMcS36JzpEdQFAfgjdN3N
3b3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=2HIcFJUP5IJYam/DoJTM6BXBS+ksNCEeD96+csHGKtQ=;
b=iZtCKyZAqmdloj2RC7Z0Rz3iw0067jZBBSHg4cY9I6yxOoRML+uBFNv5FImU395bLs
XZ4ZlApeY3jR88Qb3Qs0qFPReIHDnkW/OQSq0XmHugXeySZqo20wLbsuxAszwRQCcGgw
aQ0uQLuzl6+LaMJ8CO3TRQFmRwAbyXOXp3raOPHt+V5q1m7oqMBrQB4o8PrHK2FHKIeS
2BPGBMTidPA4oYv9xD77klHPC0ZRIQVGjR7VEGcp6hcIJR4EAVJbpY0eDyNDUwul1PL0
TIoSIh0IT5spheVRgE4K8KKIKgoXwvM3sztHwoWLi8rK3JFUycIjKHNQQ7bXzXLGkgfP
r+Kg==
X-Gm-Message-State: ALyK8tIkaHewpqh3W5nNsE0hgc5yvtQXnLV654TB6kBDOMWbWMkyF//otAsIuwr2tXkG4eIpC+be4YKD1pwnqw==
X-Received: by 10.55.201.70 with SMTP id q67mr22486301qki.124.1467338578454;
Thu, 30 Jun 2016 19:02:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Thu, 30 Jun 2016 19:02:57 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 1 Jul 2016 12:02:57 +1000
Message-ID: <CABkgnnUkntEq66k+85zATwZHDKNMJ+NR_VZXa_jKCrDhhUSvPw@mail.gmail.com>
To: "webpush@ietf.org" <webpush@ietf.org>, JR Conlin <jrconlin@mozilla.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/Z1PhP26WL4k7KY5QOwIznBsk8kc>
Subject: [Webpush] vapid issue 24: supplementary data in tokens
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2016 02:03:02 -0000
JR requests that we allow the inclusion of extra stuff in a vapid token: https://github.com/webpush-wg/webpush-vapid/issues/24 >>> As noted in the arguments of #23, there is a need for an "extra data" field which would be used by the parties using the VAPID claims. This data would contain information useful to the publisher of the claim (e.g. the originating server ID, transaction ID, or other possibly VAPID consumer opaque data). This extra data ("vapid-ext" ?) field would allow consistent, predictable definition rather than a set of 'one-offs' that may be difficult to find or ignored by operators. <<< I think that the general idea is fine. Better this than trying to pack the "sub" field with extra stuff. JR, would it suffice to point out that the [private](https://tools.ietf.org/html/rfc7519#section-4.3) (or even [public](https://tools.ietf.org/html/rfc7519#section-4.2)) claims can be added to the token? Allowing multiple fields gives the application server a fair bit more flexibility. If that's OK, we should point out that this is possible so that push services don't lose the extra data because they aren't aware that it might exist.
- Re: [Webpush] vapid issue 24: supplementary data … Martin Thomson
- Re: [Webpush] vapid issue 24: supplementary data … jr conlin
- [Webpush] vapid issue 24: supplementary data in t… Martin Thomson