I would find using a "mac" attribute inside a MAC token confusing. Inside a
MAC token or any other client signed thing I'd probably call the keying
assertion inside "key", and make the payload of that defined by token type
since some things like EC have more than one value in the keying information.
________________________________
From: Sergey Beryozkin <[email protected]>
To: William Mills <[email protected]>
Cc: "<[email protected]>" <[email protected]>
Sent: Friday, December 21, 2012 7:59 AM
Subject: Re: [OAUTH-WG] Few questions about HOTK
On 21/12/12 15:54, William Mills wrote:
> No, MAC as I'm using it is a MAC token per
> http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02
Sure, what do you mean though when saying
"HOTK payload can be carried in a MAC token." ?
I'm presuming you have in mind the parameters as defined in the draft,
and specifically I thought it was the 'mac' attribute which is
effectively a HOTK payload, possibly alongside few other Authorization
MAC scheme attributes ?
Sergey
>
> ------------------------------------------------------------------------
> *From:* Sergey Beryozkin <[email protected]>
> *To:* William Mills <[email protected]>
> *Cc:* "<[email protected]>" <[email protected]>
> *Sent:* Friday, December 21, 2012 3:15 AM
> *Subject:* Re: [OAUTH-WG] Few questions about HOTK
>
> On 21/12/12 05:30, William Mills wrote:
> > MAC and HOTK describe different properties of a token, and could both be
> > used in the same token. MAC specifies a basic format for a signed token
> > payload and transaction. HOTK defines part of a token payload. HOTK
> > payload can be carried in a MAC token.
>
> Speaking of MAC, are you referring to
> "mac" parameter within MAC Authorization payload representing a HOTK
> property ?
>
> Cheers, Sergey
>
> >
> > -bill
> >
> > ------------------------------------------------------------------------
> > *From:* Sergey Beryozkin <[email protected]
> <mailto:[email protected]>>
> > *To:* "<[email protected] <mailto:[email protected]>>" <[email protected]
> <mailto:[email protected]>>
> > *Sent:* Thursday, December 20, 2012 1:49 PM
> > *Subject:* [OAUTH-WG] Few questions about HOTK
> >
> > Hi Hannes, others,
> >
> > I'd like to understand what is the difference between HOTK Symmetric [1]
> > and MAC [2].
> >
> > I'm reading about HOTK Symmetric and JWS profile and it seems like HOTK
> > Symmetric text can support MAC.
> >
> > My main question at the moment: does HOTK (Symmetric) offer an
> > alternative to MAC or is HOTK actually a higher-level token scheme which
> > can support different types of tokens ?
> >
> > thanks, Sergey
> >
> > [1] http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-01
> > [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02
> > _______________________________________________
> > OAuth mailing list
> > [email protected] <mailto:[email protected]> <mailto:[email protected]
> <mailto:[email protected]>>
> > https://www.ietf.org/mailman/listinfo/oauth
> >
> >
>
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
