> -----Original Message----- > From: Mike Jones [mailto:[email protected]] > Sent: Friday, December 03, 2010 5:19 PM > To: Eran Hammer-Lahav; OAuth WG > Subject: RE: Bikeshedding poll: 'attributes' parameter vs. attributes > parameters > > To understand your thinking a little more, Eran, as a not-hypothetical thought > experiment, how would you recommend that people specify JSON Web > Tokens (JWTs) in a parallel manner to your description below of using the > MAC token type? > > Would they use a token_type=JWT parameter to specify the token type?
Yep. Case insensitive... > How would you see this relating to the mac_algorithm, token_secret, and > attributes parameters below? Those parameter are specific to the MAC token type. If you want to use them, you will need to redefine them for that token type. Ideally, they will have the same meaning or you should pick a different name. EHL > > Thanks, > -- Mike > > P.S. I described JWTs at http://self-issued.info/?p=349. A new draft > incorporating the consensus decisions reached at IIW will be published > shortly. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Eran Hammer-Lahav > Sent: Thursday, December 02, 2010 1:04 PM > To: OAuth WG > Subject: [OAUTH-WG] Bikeshedding poll: 'attributes' parameter vs. attributes > parameters > > I'm defining a new token type: MAC based on my previous HTTP Token > authentication draft (which in turn was based on 1.0a HMAC-SHA1). This is > being drafted and implemented in my current project (in node.js). I will have > a draft to share shortly (I do not plan to make this a WG item, but will not > object if the group wants to). > > When issuing a token, the authorization server needs to provide two > additional attributes: > > - mac algorithm (hmac-sha1 and hmac-sha256 will be defined) > - secret > > I have two options; extend the token response by registering: > > 1. Type specific parameters: 'mac_algorithm' and 'token_secret' > 2. Generic parameter: 'attributes' with some form of key-value pairs > > I prefer #1 because it is much simpler. However, #2 is cleaner and better if > we end up with a lot of token types. > > So I'm going with #1 but open to other suggestions and feedback. > > EHL > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
