Re: [jose] DISCUSS: Nonce/Timestamp parameter

Mon, 27 Aug 2012 11:12:00 -0700 

It is.  For those of you wondering what the reference to "issued at" is, see 
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-03#section-4.1.3.

                                -- Mike

-----Original Message-----
From: Justin Richer [mailto:[email protected]] 
Sent: Monday, August 27, 2012 7:59 AM
To: Mike Jones
Cc: Jim Schaad; [email protected]
Subject: Re: [jose] DISCUSS: Nonce/Timestamp parameter

How is "issued at" not a timestamp?

  -- Justin

On 08/24/2012 07:02 PM, Mike Jones wrote:
> I'll note for discussion purposes that a nonce and a timestamp are not the 
> same thing (although sometimes they are used to achieve similar/related 
> goals).  A nonce tends to be an opaque value that must be preserved across 
> the communication.  Whereas a timestamp typically has defined semantics - 
> sometimes simply a non-decreasing integer value - and sometimes a 
> representation of time, and then, sometimes with a uniqueness requirement.
>
> For discussion purposes, I'll say that the simplest thing for us to do 
> (should we decide to do anything in this regard) would be to define the nonce 
> as an opaque string value that must be preserved.
>
> We could also define a timestamp parameter, but as I wrote above, that would 
> likely require us to specify additional semantics - starting with whether 
> it's a non-decreasing integer or a representation of a time value.  This 
> seems much harder to define and possibly to use than a nonce.
>
> Would it make sense to define a nonce parameter now and hold off on defining 
> a timestamp parameter until there's a clear demonstrated use case for which a 
> nonce is not sufficient?  That would be my personal recommendation.
>
>                               Best wishes,
>                               -- Mike
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of Jim 
> Schaad
> Sent: Friday, August 17, 2012 12:05 AM
> To: [email protected]
> Subject: [jose] POLL: Nonce/Timestamp parameter
>
> <CHAIR>
>
> If you voted at the face-2-face please do not vote again.  If you want to 
> provide comments please change the title from POLL to DISCUSS.
>
> Do we need to define a nonce/timestamp parameter in the base specification?
>
>
>
> Room vote:  6 yes, 0 no, 1 discuss
>
>
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose
>
>
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose



_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to