Google has just added native support for JWT to Google App Engine. Here is the documentation:
https://sites.google.com/site/oauthgoog/authenticate-google-app-engine-app Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems. Based on past industry discussion, we wroteup a description of some of the general interop use-cases: https://sites.google.com/site/oauthgoog/robotaccounts/cloudtoonpremise https://sites.google.com/site/oauthgoog/robotaccounts/onpremisetocloud While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2 support for Google APIs<http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html>. However we would prefer to get feedback from this group on a standard approach, including around key rotation/management. Eric Sachs Senior Product Manager, Internet Identity Google
_______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
