I think there may be some confusion between two different things that can use JWT.
In OAuth a client asks for authorization to access some API set of resources. The AS is supposed to gather consent. In principal to construct some reasonable dialog for the user to grant the consent and to be able to produce the correct format access token it is should know what the RS is. I need to be convinced that this is a real privacy issue. It is also likely covered with token binding if it were a problem. The other is Authentication in openID Connect. This is using id_token JWT that are returned to the client. In principal it may be desirable in some cases to hide the client from the AS. That impacts client_id and redirect registration. The aud is already the client_id so there is no new resource parameter for that. How to do this securely for Connect is a big question. For access tokens I would like to see a use case for a completely decoupled and anonymous RS that is not just a misuse of OAuth for Authentication, before trying to add a feature like this. John B. > On Jul 31, 2017, at 3:27 AM, Denis <denis.i...@free.fr> wrote: > > This is a follow-up of the OAuth workshop held in Zurich on July 13 th. > > At the end of the first day, Sven Hammann made a presentation on the > following topic: > "A private mode for OpenID Connect" > > Slide 14 indicated the motivation of the presentation : > > The IdP learns at which Relying Parties (RPs) the user logs in > This does not respect the user's privacy > User's activities over multiple RPs can be tracked > User might not want anyone to know which service they are using > Especially if using the RP might provide sensitive information > I Alcoholics Anonymous > I Medical Forums > Slide 22 indicated: > > Privacy and Security Goals > Privacy towards IdP: IdP cannot distinguish between logins to different RPs. > > Slides 33 indicated the problem to be solved (hence the title of this email): > > How can the IdP create an id token for one audience RP without knowing for > which RP? > > In the previous presentation from John Bradley and Torsten Lodderstedt > (Access token phishing), > made on the same day, the same problem was considered with the final slide > asking: " What do you think ? " > > I believe that it is the time to agree on a solution for this problem. > > As I already said on the WG list, the audience parameter does not allow to > respect privacy. > However, there are cases where both an access token MUST be targeted and > privacy MUST be supported. > > Draft "JSON Web Token Best Current Practices" recently became > draft-ietf-oauth-jwt-bcp-00. > One major problem (with respect to privacy) is that it mandates the use of > the audience parameter: > > 3.8. Use and Validate Audience > If the same issuer can issue JWTs that are intended for use by more than one > relying party or application, > the JWT MUST contain an "aud"(audience) claim that can be used to determine > whether the JWT is being > used by an intended party or was substituted by an attacker at an unintended > party. > With such a wording, as soon as the "aud" claim will be used, privacy will be > violated since the AS will be able > to act as Big Brother. > > Similarly, in a token request the use of the OPTIONAL resource parameter is > also violating privacy : it indicates > the physical location of the target service or resource where the client > intends to use the requested security token. > The value of the "resource" parameter MUST be an absolute URI, as specified > by Section 4.3 of [RFC3986], > > During the workshop, it has been proposed to use some signature on some data > placed outside the access token. > I propose a different approach where both a new parameter placed inside the > access token will be used and > a new structure placed outside the access token will be used. This means : > > - the addition of a tid (target identifier) parameter inside the > access token, and > - the definition of a new data structure placed outside the access > token (which does not require the computation > of a digital signature and does not require the demonstration of a proof of > possession of a key). > > Once the basic principles have been explained, let us now explain how the > mechanism would work. > The client chooses the URI of the target service. For every access token > request (and for every target service, see later on > the case of multiple targets), it generates a random number (rdn). It then > computes tid = OWHF (rdn, URI) where the rdn > comes first and where the URI comes after. OWHF is a One Way Hash Function. > > The client communicates to the Authorisation Server a method which includes > two parameters: the OID of the OWHF to be used > (e.g. SHA 256) and the value of tid that it has computed. The AS blindly > copies and pastes this information into the access token. > > The client communicates to the Target Server (outside the access token): the > method, the OID of the OWHF, the value of the rdn > and the value for the URI. > > The Target Server first verifies that the data structure placed outside the > access token matches with the data placed inside > the access token: same method and same OID for the OWHF. Then after, it > verifies that the URI (placed outside the access token) > matches with one of the expected values and then using the method, the > designated OID of the OWHF, the received rdn and > the received URI computes OWHF (rdn, URI). It finally verifies that the > result of this computation is identical to the tid parameter > contained in the access token. If the verification is successful, the access > token is accepted by the Target Server, otherwise it is rejected. > > Note that an access token MAY include several target identifiers. This should > be used with care since such an access token might be usable > by one designated Target Server towards another designated Target Server. > However, there are circumstances where this is a desirable feature. > As indicated earlier, each target identifier (tid) is computed using a > different rdn. > > Comments ? > > Denis > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
