Re: [OAUTH-WG] JWT Token on-behalf of Use case

] On Behalf Of Justin Richer Sent: Tuesday, July 07, 2015 12:52 PM To: Kathleen Moriarty Cc: Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case Kathleen, I agree that Brian’s approach covers the use case that drove my original draft and effectively subsumes my approach. My standing

Re: [OAUTH-WG] JWT Token on-behalf of Use case

Kathleen, I agree that Brian’s approach covers the use case that drove my original draft and effectively subsumes my approach. My standing contention with the document as it stands is and has always been that it’s lacking a general syntactical approach and it isn’t very OAuth-y. I would love t

Re: [OAUTH-WG] JWT Token on-behalf of Use case

On Tue, Jul 7, 2015 at 3:43 PM, Kathleen Moriarty < kathleen.moriarty.i...@gmail.com> wrote: > I'm just catching up on this tread, but would appreciate an in-room > discussion on this topic that doesn't assume the adopted draft has the > agreed upon approach as I am not reading that there is conse

Re: [OAUTH-WG] JWT Token on-behalf of Use case

I'm just catching up on this tread, but would appreciate an in-room discussion on this topic that doesn't assume the adopted draft has the agreed upon approach as I am not reading that there is consensus on that approach in this thread at all. Could we see presentations on Mike's draft and Brian's

Re: [OAUTH-WG] JWT Token on-behalf of Use case

Speaking as someone who is reasonably familiar with Kerberos and the general concepts involved, I find both Microsoft/Kerberos technology ((constrained delegation/protocol transition) and the ws-trust text horribly confusing and would recommend against all of the above as examples of clarity. After

Re: [OAUTH-WG] JWT Token on-behalf of Use case

pbell *Sent:* Monday, July 6, 2015 11:29 AM *To:* Mike Jones <mailto:michael.jo...@microsoft.com>> *Cc:* oauth mailto:oauth@ietf.org>> *Subject:* Re: [OAUTH-WG] JWT Token on-behalf of Use case Stating specific action items resulting from the ad-hoc meeting in Dallas like that suggest

Re: [OAUTH-WG] JWT Token on-behalf of Use case

t; > *From:* Brian Campbell [mailto:bcampb...@pingidentity.com] > *Sent:* Monday, July 6, 2015 2:33 PM > *To:* Anthony Nadalin > *Cc:* Mike Jones ; oauth > > *Subject:* Re: [OAUTH-WG] JWT Token on-behalf of Use case > > > > A natural usage of act-as or impersonat

Re: [OAUTH-WG] JWT Token on-behalf of Use case

-- Mike > > From: Brian Campbell [mailto:bcampb...@pingidentity.com] > Sent: Monday, July 06, 2015 11:29 AM > To: Mike Jones > Cc: John Bradley; oauth > Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case > > Stating specific action it

Re: [OAUTH-WG] JWT Token on-behalf of Use case

ke Jones mailto:michael.jo...@microsoft.com>> Cc: oauth mailto:oauth@ietf.org>> Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case Stating specific action items resulting from the ad-hoc meeting in Dallas like that suggests some clear consensus was reached, which is not at al

Re: [OAUTH-WG] JWT Token on-behalf of Use case

etf.org] *On Behalf Of *Brian > Campbell > *Sent:* Monday, July 6, 2015 11:29 AM > *To:* Mike Jones > *Cc:* oauth > > *Subject:* Re: [OAUTH-WG] JWT Token on-behalf of Use case > > > > Stating specific action items resulting from the ad-hoc meeting in Dallas > like that su

Re: [OAUTH-WG] JWT Token on-behalf of Use case

-Trust and > Kerberos support in Windows (workstation and server) and Xbox. > > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell > Sent: Monday, July 6, 2015 11:29 AM > To: Mike Jones > Cc: oauth > Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case >

Re: [OAUTH-WG] JWT Token on-behalf of Use case

Xbox. > > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell > Sent: Monday, July 6, 2015 11:29 AM > To: Mike Jones > Cc: oauth > Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case > > Stating specific action items resulting from the ad-hoc meet

Re: [OAUTH-WG] JWT Token on-behalf of Use case

...@ietf.org] On Behalf Of Brian Campbell Sent: Monday, July 6, 2015 11:29 AM To: Mike Jones Cc: oauth Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case Stating specific action items resulting from the ad-hoc meeting in Dallas like that suggests some clear consensus was reached, which is not at all

Re: [OAUTH-WG] JWT Token on-behalf of Use case

Bradley; oauth Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case Stating specific action items resulting from the ad-hoc meeting in Dallas like that suggests some clear consensus was reached, which is not at all the case. As I recall, several of us argued past one another for an hour or so

Re: [OAUTH-WG] JWT Token on-behalf of Use case

..@ietf.org] On Behalf Of John Bradley > Sent: Monday, July 06, 2015 8:13 AM > To: Brian Campbell > Cc: oauth > Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case > > Yes unfortunately we haven’t made any progress on this since accepting Mike’s > first draft. > > His pro

Re: [OAUTH-WG] JWT Token on-behalf of Use case

Best wishes, > -- Mike > > -Original Message- > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley > Sent: Monday, July 06, 2015 8:13 AM > To: Brian Campbell > Cc: oauth > Subject: Re: [OAUTH-WG] JW

Re: [OAUTH-WG] JWT Token on-behalf of Use case

A and not B. In a sense, A is an agent for B." >> >>This is a typical case with the authorization code flow >>where a client >>application acts on-behalf-of the user who authorized >>this

Re: [OAUTH-WG] JWT Token on-behalf of Use case

To: Brian Campbell Cc: oauth Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case Yes unfortunately we haven’t made any progress on this since accepting Mike’s first draft. His proposal is basically for a new endpoint while Brian tired to fit it into the existing token endpoint. I think

Re: [OAUTH-WG] JWT Token on-behalf of Use case

ry if I'm missing something > > Cheers, Sergey > On 25/06/15 22:28, Mike Jones wrote: > > That’s what > > https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-01 > is >

Re: [OAUTH-WG] JWT Token on-behalf of Use case

application acts on-behalf-of the user who authorized >> this application ? >> >> Sorry if I'm missing something >> >> Cheers, Sergey >> On 25/06/15 22:28, Mike Jones wrote: >&

Re: [OAUTH-WG] JWT Token on-behalf of Use case

*From:*OAuth [mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>] *On Behalf Of *Vivek Biswas -T (vibiswas - XORIANT CORPORATION at Cisco) *Sent:* Thursday, June 25, 2015 2:20 PM *

Re: [OAUTH-WG] JWT Token on-behalf of Use case

g] On Behalf Of Justin Richer Sent: Wednesday, July 1, 2015 5:18 AM To: oauth@ietf.org Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case As it's written right now, it's a translation of some WS-* concepts into JWT format. It's not really OAuth-y (since the client has to understa

Re: [OAUTH-WG] JWT Token on-behalf of Use case

; identity separate from B and it is explicitly understood that while B >>>>> may have delegated its rights to A, any actions taken are being taken by >>>>> A and not B. In a sense, A is an agent for B." >>>>> >>>>> This is a typical case

Re: [OAUTH-WG] JWT Token on-behalf of Use case

lf-of the user who authorized this application ? >>>> >>>> Sorry if I'm missing something >>>> >>>> Cheers, Sergey >>>> On 25/06/15 22:28, Mike Jones wrote: >>>> >>>>> That’s what >>>>>

Re: [OAUTH-WG] JWT Token on-behalf of Use case

01 is about. Cheers, -- Mike *From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Vivek Biswas -T (vibiswas - XORIANT CORPORATION at Cisco) *Sent:* Thursday, June 25, 2015 2:20 PM *To:* OAuth@ietf.org *Subject:* [OAUTH-WG] JWT Token on-behalf of Use case Hi All, I am looking to solve a

Re: [OAUTH-WG] JWT Token on-behalf of Use case

, -- Mike *From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Vivek Biswas -T (vibiswas - XORIANT CORPORATION at Cisco) *Sent:* Thursday, June 25, 2015 2:20 PM *To:* OAuth@ietf.org *Subject:* [OAUTH-WG] JWT Token on-behalf of Use case Hi All, I am looking to solve a use-case similar to WS

Re: [OAUTH-WG] JWT Token on-behalf of Use case

at Cisco) *Sent:* Thursday, June 25, 2015 2:20 PM *To:* OAuth@ietf.org *Subject:* [OAUTH-WG] JWT Token on-behalf of Use case Hi All, I am looking to solve a use-case similar to WS-Security On-Behalf-Of <http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-comple

Re: [OAUTH-WG] JWT Token on-behalf of Use case

ubject:* [OAUTH-WG] JWT Token on-behalf of Use case Hi All, I am looking to solve a use-case similar to WS-Security On-Behalf-Of <http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html#_Toc325658980> with OAuth JWT Token. Is there a standa

Re: [OAUTH-WG] JWT Token on-behalf of Use case

Vivek Biswas -T (vibiswas - XORIANT CORPORATION at Cisco) Sent: Thursday, June 25, 2015 2:20 PM To: OAuth@ietf.org Subject: [OAUTH-WG] JWT Token on-behalf of Use case Hi All, I am looking to solve a use-case similar to WS-Security On-Behalf-Of<http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/err

[OAUTH-WG] JWT Token on-behalf of Use case

Hi All, I am looking to solve a use-case similar to WS-Security On-Behalf-Of with OAuth JWT Token. Is there a standard claim which we can define within the OAuth JWT which denot