Re: [OAUTH-WG] minor issue with scope and RFC 6749 ABNF in sasl-oauth

Hi Benjamin, in my opinion, your proposal sound reasonable from a protocol perspective. kind regards, Torsten. Am 23. März 2015 06:26:20 MEZ, schrieb Benjamin Kaduk : >Hi all, > >During the shepherd review for draft-ietf-kitten-sasl-oauth-19, I >noticed >an old comment from Matt back in Dec

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

Yes, kid could do it. It just seemed less than idea and that, for confirmation, it might be useful to explicitly say "this is the thumbprint of the key that'll confirm this JWT" rather than "here's something that points to a key for confirmation and in some cases it might be a thumbprint". But I j

[OAUTH-WG] Federated Authentication for RDAP

I was going to ask this question during the just-concluded WG session at IETF-92, but with a full agenda and little time I thought it might be better to ask this question on-list. The Registration Data Access Protocol (RDAP, a work product of the WEIRDS WG) uses a RESTful web service to access

Re: [OAUTH-WG] minor issue with scope and RFC 6749 ABNF in sasl-oauth

Gmail always returns a non-empty scope value in our error response, so the proposed protocol change would not affect our implementation. On Sun, Mar 22, 2015 at 10:26 PM, Benjamin Kaduk wrote: > Hi all, > > During the shepherd review for draft-ietf-kitten-sasl-oauth-19, I noticed > an old commen

[OAUTH-WG] OAuth Token Swap (token chaining)

As mentioned in today’s IETF meeting, here are the two drafts dealing with generic token swap: https://tools.ietf.org/html/draft-hunt-oauth-chain-01 https://tools.ietf.org/html/draft-richer-oauth-chain-00 signature.asc Description: Message signed with OpenPGP using GPGMail _

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

ok, this is a full circle to my original comment "Would not kid do? " 2015年3月23日(月) 13:52 Brian Campbell : > I wasn't necessarily suggesting to drop the kid one. > > On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura wrote: > >> +1 for dropping kid in favor of thumbprint. >> 2015年3月23日(月) 12:56 Brian

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

I wasn't necessarily suggesting to drop the kid one. On Mon, Mar 23, 2015 at 1:00 PM, Nat Sakimura wrote: > +1 for dropping kid in favor of thumbprint. > 2015年3月23日(月) 12:56 Brian Campbell : > > Yeah, it could be done with kid. But that would require a bit more >> out-of-band understanding betwe

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

+1 The thumbprint is a semantic way to identify a key. The key id claim name is the syntactic representation of a key identifier of any type. One type of key ID is a thumbprint. One place to put a thumbprint is in a key ID. — Justin > On Mar 23, 2015, at 1:47 PM, Mike Jones wrote: > > In JW

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

In JWT, we generally use key IDs to identify keys. Per draft-ietf-jose-jwt-thumbprint, *one* value that can be used as a key ID, but it's not the only one. That's up to the application. But especially since Jim Schaad had us take out the thumbprint claim names, "kid" is the clear winner as the

[OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-management-11.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : OAuth 2.0 Dynamic Client Registration Management Protocol Authors : Justin Richer

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

+1 for dropping kid in favor of thumbprint. 2015年3月23日(月) 12:56 Brian Campbell : > Yeah, it could be done with kid. But that would require a bit more > out-of-band understanding between the parties to know that the kid is, in > fact, a thumbprint. Seems like it'd be better to outright support a >

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

Yeah, it could be done with kid. But that would require a bit more out-of-band understanding between the parties to know that the kid is, in fact, a thumbprint. Seems like it'd be better to outright support a thumbprint rather than overloading kid, if thumbprint representation of the key for confir

[OAUTH-WG] Why are fragment components forbidden in the redirect_uri?

Section 3.1.2. of RFC6794 [0] says that: The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when ad

Re: [OAUTH-WG] Lunch (pre-)Meeting Monday

Looks like we are heading to the bbq grill at the hotel, if you're (Hannes) late and still want to join us. On Mar 22, 2015 6:10 PM, "Derek Atkins" wrote: > Hi, > > Hannes and I would like to have a lunch meeting before the OAUTH meeting > to chat about various ongoing WG activities. If you're a

Re: [OAUTH-WG] confirmation model in proof-of-possession-02

+1 =nat via iPhone 2015/03/23 11:07、Brian Campbell のメッセージ: > This is mostly about section 3.4 but also the whole draft. > > If "cnf" is intended to analogous to the SAML 2.0 SubjectConfirmation > element, it should probably contain an array value rather than an object > value. SAML allows no

[OAUTH-WG] confirmation model in proof-of-possession-02

This is mostly about section 3.4 but also the whole draft. If "cnf" is intended to analogous to the SAML 2.0 SubjectConfirmation element, it should probably contain an array value rather than an object value. SAML al

Re: [OAUTH-WG] The use of sub in POP-02

+1 The JWT may well be about the sub but presented by some software component that should be independently identified. On Mon, Mar 23, 2015 at 2:25 AM, Nat Sakimura wrote: > Re: > https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3 > > I understand the use of sub in th

Re: [OAUTH-WG] The use of sub in POP-02

+1 sounds reasonable to distinguish the software and the user. Am 23. März 2015 08:25:13 MEZ, schrieb Nat Sakimura : >Re: >https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3 > >I understand the use of sub in this section comes down from SAML but I >feel >that some separ

[OAUTH-WG] The use of sub in POP-02

Re: https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3 I understand the use of sub in this section comes down from SAML but I feel that some separation between sub and presenter would be nice. For example, when I am presenting the token using an app that I installed on

Re: [OAUTH-WG] proof-of-possession-02 cnf via key thumbprint?

Would not kid do? Right, thumbprint has more semantics and has nice properties, but having too many ways is not good for interop. Nat 2015-03-23 15:40 GMT+09:00 Brian Campbell : > Do folks in the WG think there'd be utility in having a way to identity > the finger/thumbprint of a key in the cnf