HI Petteri, thanks for your feedback. I incorporated it in the upcoming revision.
kind regards, Torsten. > Am 26.03.2018 um 11:02 schrieb Petteri Stenius > <[email protected]>: > > Hi all, > > I want to show my support for this proposal > > > I believe the two use cases presented at the IETF meeting [1] are important: > > 1. implementing application level end-to-end integrity protection of the > introspection response > 2. simple conversion of by-reference access tokens into by-value JWT encoded > tokens > > > This proposal adds three fields to the client metadata. I think there are two > issues that should be addressed: > > 1. Remove double "response" from field names. Replace > "introspection_response_signed_response_alg" with > "introspection_signed_response_alg". Also address two other fields > 2. Add corresponding fields to provider metadata. For client metadata field > "introspection_signed_response_alg" there should exist > "introspection_signing_alg_values_supported" in provider metadata. The two > other fields need corresponding fields as well. > > > Relationship with OpenID Connect > > In OpenID Connect the userinfo endpoint is very similar to introspection > endpoint of OAuth. Userinfo supports JWT signing and encryption. Adding JWT > signing and encryption to introspection endpoint fills the gap between the > two specifications. > > > Best regards, > Petteri Stenius > > [1] > https://datatracker.ietf.org/meeting/101/materials/slides-101-oauth-sessb-jwt-introspection-response-01 > > > > From: OAuth <[email protected]> On Behalf Of Torsten Lodderstedt > Sent: sunnuntai 18. maaliskuuta 2018 21.33 > To: oauth <[email protected]> > Subject: [OAUTH-WG] Fwd: New Version Notification for > draft-lodderstedt-oauth-jwt-introspection-response-00.txt > > Hi all, > > I just submitted a new draft that Vladimir Dzhuvinov and I have written. It > proposes a JWT-based response type for Token Introspection. The objective is > to provide resource servers with signed tokens in case they need > cryptographic evidence that the AS created the token (e.g. for liability). > > I will present the new draft in the session on Wednesday. > > kind regards, > Torsten. > > > Anfang der weitergeleiteten Nachricht: > > Von: [email protected] > Betreff: New Version Notification for > draft-lodderstedt-oauth-jwt-introspection-response-00.txt > Datum: 18. März 2018 um 20:19:37 MEZ > An: "Vladimir Dzhuvinov" <[email protected]>, "Torsten Lodderstedt" > <[email protected]> > > > A new version of I-D, > draft-lodderstedt-oauth-jwt-introspection-response-00.txt > has been successfully submitted by Torsten Lodderstedt and posted to the > IETF repository. > > Name: > draft-lodderstedt-oauth-jwt-introspection-response > Revision: 00 > Title: JWT Response for OAuth Token Introspection > Document date: 2018-03-15 > Group: Individual Submission > Pages: 5 > URL: > https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt > Status: > https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/ > Htmlized: > https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response > > > Abstract: > This draft proposes an additional JSON Web Token (JWT) based response > for OAuth 2.0 Token Introspection. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
