Dikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.
Pesan Asli
Dari: oauth-requ...@ietf.org
Terkirim: Minggu, 19 Oktober 2014 01.58
Ke: oauth@ietf.org
Balas Ke: oauth@ietf.org
Perihal: OAuth Digest, Vol 72, Issue 55
Send OAuth mailing list submissions to
oauth@ietf.org
To subscribe or unsubscribe via the World Wide Web, visit
https://www.ietf.org/mailman/listinfo/oauth
or, via email, send a message with subject or body 'help' to
oauth-requ...@ietf.org
You can reach the person managing the list at
oauth-ow...@ietf.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of OAuth digest..."
Today's Topics:
1. Re: Stephen Farrell's No Objection on
draft-ietf-oauth-saml2-bearer-21: (with COMMENT) (Brian Campbell)
2. I-D Action: draft-ietf-oauth-json-web-token-29.txt
(internet-dra...@ietf.org)
3. FW: JOSE -35 and JWT -29 drafts addressing AppsDir review
comments (Mike Jones)
4. Re: Richard Barnes' Discuss on
draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)
(Richard Barnes)
----------------------------------------------------------------------
Message: 1
Date: Fri, 17 Oct 2014 16:41:02 -0600
From: Brian Campbell <bcampb...@pingidentity.com>
To: Stephen Farrell <stephen.farr...@cs.tcd.ie>
Cc: "oauth-cha...@tools.ietf.org" <oauth-cha...@tools.ietf.org>,
draft-ietf-oauth-saml2-bea...@tools.ietf.org, The IESG
<i...@ietf.org>, Peter Saint-Andre <stpe...@stpeter.im>, oauth
<oauth@ietf.org>
Subject: Re: [OAUTH-WG] Stephen Farrell's No Objection on
draft-ietf-oauth-saml2-bearer-21: (with COMMENT)
Message-ID:
<ca+k3ecrkjw8+_nobcfynwfhztzd-s6_7rxfktekoy0s9pqv...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Stephen,
I'm working on updating these drafts and as I look again at the text that's
in ?5. Interoperability Considerations and the requirement in ?3 Assertion
Format and Processing Requirements to compare these values using the Simple
String Comparison (absent an application profile specifying otherwise) I'm
not sure what to say or where based on your suggestion below. Is there
something specific you can suggest (and where to put it)?
Thanks,
Brian
On Thu, Oct 16, 2014 at 3:20 PM, Brian Campbell <bcampb...@pingidentity.com>
wrote:
>
> On Thu, Oct 16, 2014 at 2:54 PM, Stephen Farrell <
> stephen.farr...@cs.tcd.ie> wrote:
>
>>
>> > Some stuff needs to be exchanged out-of-band for this to work.
>> > Entity/issuer/audience identifiers are part of that. This need is
>> discussed
>> > in the Interoperability Considerations at
>> > https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-21#section-5
>>
>> So I think it'd be good to explicitly call out that these
>> mappings are basically required and that they can be fraught
>> (e.g. if someone uses wildcards badly, which they do).
>>
>
> OK, I will add something to that effect in the next revisions.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.ietf.org/mail-archive/web/oauth/attachments/20141017/2cdb2c08/attachment.html>
------------------------------
Message: 2
Date: Fri, 17 Oct 2014 18:12:01 -0700
From: internet-dra...@ietf.org
To: i-d-annou...@ietf.org
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-json-web-token-29.txt
Message-ID: <20141018011201.12233.99151.idtrac...@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : JSON Web Token (JWT)
Authors : Michael B. Jones
John Bradley
Nat Sakimura
Filename : draft-ietf-oauth-json-web-token-29.txt
Pages : 34
Date : 2014-10-17
Abstract:
JSON Web Token (JWT) is a compact, URL-safe means of representing
claims to be transferred between two parties. The claims in a JWT
are encoded as a JavaScript Object Notation (JSON) object that is
used as the payload of a JSON Web Signature (JWS) structure or as the
plaintext of a JSON Web Encryption (JWE) structure, enabling the
claims to be digitally signed or MACed and/or encrypted.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-29
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-json-web-token-29
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
------------------------------
Message: 3
Date: Sat, 18 Oct 2014 01:32:33 +0000
From: Mike Jones <michael.jo...@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Subject: [OAUTH-WG] FW: JOSE -35 and JWT -29 drafts addressing AppsDir
review comments
Message-ID:
<4e1f6aad24975d4ba5b16804296739439bb17...@tk5ex14mbxc286.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="us-ascii"
From: Mike Jones
Sent: Friday, October 17, 2014 6:32 PM
To: j...@ietf.org
Subject: JOSE -35 and JWT -29 drafts addressing AppsDir review comments
I've posted updated JOSE and JWT drafts that address the Applications Area
Directorate review comments. Thanks to Ray Polk and Carsten Bormann for their
useful reviews. No breaking changes were made.
The specifications are available at:
* http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-35
* http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-35
* http://tools.ietf.org/html/draft-ietf-jose-json-web-key-35
* http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-35
* http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-29
HTML formatted versions are available at:
*
http://self-issued.info/docs/draft-ietf-jose-json-web-signature-35.html
*
http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-35.html
* http://self-issued.info/docs/draft-ietf-jose-json-web-key-35.html
*
http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-35.html
* http://self-issued.info/docs/draft-ietf-oauth-json-web-token-29.html
-- Mike
P.S. I've also posted this notice at http://self-issued.info/?p=1293 and as
@selfissued.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.ietf.org/mail-archive/web/oauth/attachments/20141018/03a87bce/attachment.html>
------------------------------
Message: 4
Date: Sat, 18 Oct 2014 11:58:34 -0700
From: Richard Barnes <r...@ipv.sx>
To: Mike Jones <michael.jo...@microsoft.com>
Cc: "oauth-cha...@tools.ietf.org" <oauth-cha...@tools.ietf.org>,
"oauth@ietf.org" <oauth@ietf.org>,
"draft-ietf-oauth-json-web-to...@tools.ietf.org"
<draft-ietf-oauth-json-web-to...@tools.ietf.org>, The IESG
<i...@ietf.org>
Subject: Re: [OAUTH-WG] Richard Barnes' Discuss on
draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)
Message-ID:
<cal02cgrxyfvue4c5yh+rrguzlrwo5-mkg1cjtqm4ufw-wcr...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Dude, I cleared on the 10th :)
On Tue, Oct 14, 2014 at 5:53 AM, Mike Jones <michael.jo...@microsoft.com>
wrote:
> The proposed resolution below has been incorporated in the -28 draft.
> Hopefully you can clear your DISCUSS on that basis.
>
> Thanks again,
> -- Mike
>
> > -----Original Message-----
> > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones
> > Sent: Saturday, October 11, 2014 12:54 PM
> > To: Richard Barnes
> > Cc: draft-ietf-oauth-json-web-to...@tools.ietf.org; oauth-
> > cha...@tools.ietf.org; The IESG; oauth@ietf.org
> > Subject: Re: [OAUTH-WG] Richard Barnes' Discuss on
> draft-ietf-oauth-json-web-
> > token-27: (with DISCUSS and COMMENT)
> >
> > > From: Richard Barnes [mailto:r...@ipv.sx]
> > > Sent: Friday, October 10, 2014 2:37 PM
> > > To: Mike Jones
> > > Cc: The IESG; oauth-cha...@tools.ietf.org; oauth@ietf.org;
> > > draft-ietf-oauth-json-web-to...@tools.ietf.org
> > > Subject: Re: [OAUTH-WG] Richard Barnes' Discuss on
> > > draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)
> > >
> > > On Mon, Oct 6, 2014 at 3:54 AM, Mike Jones
> > <michael.jo...@microsoft.com> wrote:
> > > Thanks for your review, Richard. My responses are inline below...
> > >
> > > > -----Original Message-----
> > > > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Richard
> > > > Barnes
> > > > Sent: Wednesday, October 01, 2014 7:57 PM
> > > > To: The IESG
> > > > Cc: oauth-cha...@tools.ietf.org; oauth@ietf.org;
> > > > draft-ietf-oauth-json-web- to...@tools.ietf.org
> > > > Subject: [OAUTH-WG] Richard Barnes' Discuss on
> > > > draft-ietf-oauth-json-web-
> > > > token-27: (with DISCUSS and COMMENT)
> > > >
> > > > Richard Barnes has entered the following ballot position for
> > > > draft-ietf-oauth-json-web-token-27: Discuss
> > > >
> > > > When responding, please keep the subject line intact and reply to
> > > > all email addresses included in the To and CC lines. (Feel free to
> > > > cut this introductory paragraph, however.)
> > > >
> > > >
> > > > Please refer to
> > > > http://www.ietf.org/iesg/statement/discuss-criteria.html
> > > > for more information about IESG DISCUSS and COMMENT positions.
> > > >
> > > >
> > > > The document, along with other ballot positions, can be found here:
> > > > http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------------
> > > > --
> > > > DISCUSS:
> > > > --------------------------------------------------------------------
> > > > --
> > > >
> > > > Section 7.
> > > > In order to prevent confusion between secured and Unsecured JWTs,
> > > > the validation steps here need to call for the application to
> specify which is
> > required.
> > >
> > > Per my response on your JWS comments, this is already handed in a more
> > general way in the JWS validation steps. Specifically, the last
> paragraph of
> > Section 5.2 is:
> > >
> > > "Finally, note that it is an application decision which algorithms are
> acceptable
> > in a given context. Even if a JWS can be successfully validated, unless
> the
> > algorithm(s) used in the JWS are acceptable to the application, it
> SHOULD reject
> > the JWS."
> > >
> > > I've cleared this DISCUSS in the interest of having this fight over in
> JWS thread.
> > But I also added the following COMMENT:
> > > "It would be good for this document to pass on the note from JWS about
> > selecting which algorithms are acceptable, and in particular, whether
> unsecured
> > JWTs are acceptable."
> >
> > Thanks for clearing the DISCUSS. I'm fine repeating the note about
> acceptable
> > algorithms in the JWT spec, assuming others are.
> >
> > > I would therefore request that you likewise withdraw this DISCUSS on
> that
> > basis.
> >
> > -- Mike
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.ietf.org/mail-archive/web/oauth/attachments/20141018/2dca48a8/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
------------------------------
End of OAuth Digest, Vol 72, Issue 55
*************************************
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
