Hi OAuth-ers, Just a heads-up that ACE is doing a quick WGLC to confirm that we should register a new "cti" introspection parameter in our core spec, to match up with the CWT token identifier claim of that name. The document is already in the RFC Editor's queue, so I wanted to raise visibility of this "last-minute" change.
Please send any comments to a...@ietf.org or me directly. Thanks, Ben ----- Forwarded message from Daniel Migault <mglt.i...@gmail.com> ----- Date: Tue, 17 Aug 2021 11:25:10 -0400 From: Daniel Migault <mglt.i...@gmail.com> To: Ludwig Seitz <ludwig.se...@combitech.com> Cc: "a...@ietf.org" <a...@ietf.org> Subject: Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz Thanks Ludwig for raising the question. If anyone has an objection, please express your concern by August 24. Expressing support is also more than welcome! Yours, Daniel On Tue, Aug 17, 2021 at 10:24 AM Ludwig Seitz <ludwig.se...@combitech.com> wrote: > Hello ACE, > > I want to raise one issue for group comments that has come up in > conjunction with fixing the IANA nits for draft-ietf-ace-oauth-authz: > In figure 16 we define mappings from OAuth Token introspection parameters > to CBOR abbreviations. These parameters (should) correspond to the claims > that could be found in e.g., a CWT. > CWT renamed one token claim, namely 'jti' (JWT ID) into 'cti' for CWT ID. > However, this is not reflected in the registered Introspection parameters > ( > https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response) > where only 'jti' is registered. This was overlooked when we originally > defined the mappings in figure 16. > > I would therefore put the following question to the group: > > Does anyone object to this draft adding 'cti' as an OAuth introspection > parameter? > > The corresponding text would go into the list of additional parameters in > section 5.9.2 and be something along the lines of: > "cti OPTIONAL. The CWT ID parameter has the same meaning and processing > rules as the "jti" parameter defined in section 3.1.2. of [RFC 7662] except > that the value is a byte string. " > > Regards, > > Ludwig > > -- > Ludwig Seitz > Infrastructure Security Analyst > Combitech AB > Djäknegatan 31 . SE-211 35 Malmö . Sweden > Phone: +46 102 160 846 > ludwig.se...@combitech.com . combitech.com This e-mail is private and > confidential between the sender and the addressee. In the event of > misdirection, the recipient is prohibited from using, copying or > disseminating it or any information in it. Please notify the above of any > such misdirection Please consider the environment before printing this > e-mail! > > > _______________________________________________ > Ace mailing list > a...@ietf.org > https://www.ietf.org/mailman/listinfo/ace > -- Daniel Migault Ericsson _______________________________________________ Ace mailing list a...@ietf.org https://www.ietf.org/mailman/listinfo/ace ----- End forwarded message ----- _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
