[woes] Preview of Google API support for OAuth2 assertion flow
Eric Sachs <esachs@google.com> Tue, 17 May 2011 01:12 UTC
Return-Path: <esachs@google.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6B85E0696 for <woes@ietfa.amsl.com>; Mon, 16 May 2011 18:12:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.976
X-Spam-Level:
X-Spam-Status: No, score=-105.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMKMOi2Tg1R6 for <woes@ietfa.amsl.com>; Mon, 16 May 2011 18:12:43 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id 6C109E0684 for <woes@ietf.org>; Mon, 16 May 2011 18:12:17 -0700 (PDT)
Received: from hpaq3.eem.corp.google.com (hpaq3.eem.corp.google.com [172.25.149.3]) by smtp-out.google.com with ESMTP id p4H1CGcr014600 for <woes@ietf.org>; Mon, 16 May 2011 18:12:16 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1305594736; bh=n3xA8WLtiihAVgnKP1XouXn5d0Q=; h=MIME-Version:Date:Message-ID:Subject:From:To:Cc:Content-Type; b=ebAGGuuBSL1CatmFkLB4Rq8R1mcEcQiKGaRzI4ywhnI6oUA/IsXznf3DqW4yNSFlQ jprUu1SMFMz/5R4zMSA0A==
Received: from yib2 (yib2.prod.google.com [10.243.65.66]) by hpaq3.eem.corp.google.com with ESMTP id p4H1BU2R001451 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <woes@ietf.org>; Mon, 16 May 2011 18:12:15 -0700
Received: by yib2 with SMTP id 2so8517yib.38 for <woes@ietf.org>; Mon, 16 May 2011 18:12:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:date:message-id:subject:from:to:cc :content-type; bh=HeNIdmzNpbE7xgmvcIx0f81Bm33ausCLoMd9k8I2k54=; b=lhrEgMUrd9eFSNoySM5339ryBkC4qYO5Zl+vTbCIfELXfwY8nRx1xPq+mYeWfUY0aS kuZr1Ze5QL7LQPMkUhRA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=ajcyNsHiISr32yrbV6OdwbQ3heuEag0FxmU9s69b90As7Xy2yscHHETIxw8USzyYvS 4PmWBXvch09+YQRnseWg==
MIME-Version: 1.0
Received: by 10.150.208.6 with SMTP id f6mr68675ybg.135.1305594732224; Mon, 16 May 2011 18:12:12 -0700 (PDT)
Received: by 10.151.85.7 with HTTP; Mon, 16 May 2011 18:12:12 -0700 (PDT)
Date: Mon, 16 May 2011 18:12:12 -0700
Message-ID: <BANLkTim=Zum0CN=xoAGTrm6NgUM8GG7T+w@mail.gmail.com>
From: Eric Sachs <esachs@google.com>
To: woes@ietf.org
Content-Type: multipart/alternative; boundary="000e0cd755923c21dd04a36e765b"
X-System-Of-Record: true
Cc: Jian Cai ☑ <jcai@google.com>
Subject: [woes] Preview of Google API support for OAuth2 assertion flow
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2011 01:12:44 -0000
Last month we announced support for Google App Engine apps to create signed JWTs, such as for use in an OAuth2 assertion flows. We are now providing a preview of the ability for developers to make API calls to Google using OAuth2 assertions in JWT format. The documentation (including pointers to sample apps and their source code) is at: https://sites.google.com/site/oauthgoog/Home/google-oauth2-assertion-flow As we discussed at the InternetIdentityWorkshop, we are interested in working with vendors in interop using these techniques. ---------- Forwarded message ---------- From: Eric Sachs <esachs@google.com> Date: Wed, Apr 6, 2011 at 12:43 PM Subject: Native JWT support in Google App Engine To: woes@ietf.org Google has just added native support for JWT to Google App Engine. Here is the documentation: https://sites.google.com/site/oauthgoog/authenticate-google-app-engine-app Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems. Based on past industry discussion, we wroteup a description of some of the general interop use-cases: https://sites.google.com/site/oauthgoog/robotaccounts/cloudtoonpremise https://sites.google.com/site/oauthgoog/robotaccounts/onpremisetocloud While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2 support for Google APIs<http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html>. However we would prefer to get feedback from this group on a standard approach, including around key rotation/management. Eric Sachs Senior Product Manager, Internet Identity Google
- [woes] Preview of Google API support for OAuth2 a… Eric Sachs
- Re: [woes] Preview of Google API support for OAut… Chuck Mortimore
- Re: [woes] Preview of Google API support for OAut… Eric Sachs
- Re: [woes] Preview of Google API support for OAut… Chuck Mortimore