Done From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com] Sent: Thursday, July 03, 2014 12:59 PM To: Mike Jones Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] FW: JOSE -30 and JWT -24 drafts incorporating AD feedback on fifth spec of five
On Thu, Jul 3, 2014 at 3:38 PM, Mike Jones <michael.jo...@microsoft.com<mailto:michael.jo...@microsoft.com>> wrote: I can add something along these lines. Does that work for you? Privacy Considerations A JWT may contain privacy-sensitive information. When this is the case, measures must be taken to prevent disclosure of this information to unintended parties. One way to achieve this is to use an encrypted JWT. Another way is to ensure that JWTs containing unencrypted privacy-sensitive information are only transmitted over encrypted channels or protocols, such as TLS. Great, thanks! -- Mike From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com<mailto:kathleen.moriarty.i...@gmail.com>] Sent: Thursday, July 03, 2014 11:32 AM To: Mike Jones Cc: oauth@ietf.org<mailto:oauth@ietf.org> Subject: Re: [OAUTH-WG] FW: JOSE -30 and JWT -24 drafts incorporating AD feedback on fifth spec of five Mike, Thanks for the updated JWT draft. I just read through it again and the changes look good. I noticed that privacy considerations were not mentioned. Should there be any discussed for claims, claim sets, etc.? This is bound to come up in the IESG review if it is not addressed. Sorry I didn't catch that on the first review. On Tue, Jul 1, 2014 at 9:11 PM, Mike Jones <michael.jo...@microsoft.com<mailto:michael.jo...@microsoft.com>> wrote: From: Mike Jones Sent: Tuesday, July 01, 2014 6:11 PM To: j...@ietf.org<mailto:j...@ietf.org> Subject: JOSE -30 and JWT -24 drafts incorporating AD feedback on fifth spec of five JOSE -30 and JWT -24 drafts have been posted incorporating improvements resulting from Kathleen Moriarty’s JWE review. At this point, actions requested in her reviews of the JWS, JWE, JWK, JWA, and JWT specifications have all been incorporated. All changes in this release were strictly editorial in nature. The specifications are available at: • http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-30 • http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-30 • http://tools.ietf.org/html/draft-ietf-jose-json-web-key-30 • http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-30 • http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-24 HTML formatted versions are available at: • http://self-issued.info/docs/draft-ietf-jose-json-web-signature-30.html • http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-30.html • http://self-issued.info/docs/draft-ietf-jose-json-web-key-30.html • http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-30.html • http://self-issued.info/docs/draft-ietf-oauth-json-web-token-24.html -- Mike P.S. This notice was also posted at http://self-issued.info/?p=1245 and as @selfissued. _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth -- Best regards, Kathleen -- Best regards, Kathleen
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
