Re: [OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread Phil Hunt
The recent scim notify draft does pub sub using jwts. Phil > On Apr 14, 2015, at 15:02, Prabath Siriwardena wrote: > > It can be a JSON payload over JMS or even MQTT.. > > I have seen some effort to create an MQTT binding for OAuth 2.0 - but then > again for each transport we need to have a

Re: [OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread Bill Mills
Yes, Microsoft supports this on Hotmail/Outlook.com and the Outlook client supports it. On Tuesday, April 14, 2015 2:42 PM, John Bradley wrote: There is a OAuth binding to SASL  https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 Google supports it for IMAP/SMTP,  I think th

Re: [OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread Prabath Siriwardena
It can be a JSON payload over JMS or even MQTT.. I have seen some effort to create an MQTT binding for OAuth 2.0 - but then again for each transport we need to have a binding.. But - creating a message level binding would be much better IMHO.. Thanks & regards, -Prabath On Tue, Apr 14, 2015 at

Re: [OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread John Bradley
Most of the pub sub things I have seen use HTTP transport. Do you have a pointer to the protocol? > On Apr 14, 2015, at 6:48 PM, Prabath Siriwardena wrote: > > Thanks John for the pointer - will have look.. > > I am looking this for a pub/sub scenario.. Having JWT binding would benefit > th

Re: [OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread Prabath Siriwardena
Thanks John for the pointer - will have look.. I am looking this for a pub/sub scenario.. Having JWT binding would benefit that.. Also - why I want access token to be inside a JWT is - when we send a JSON payload in this case, we already have the JWT envelope and the access token needs to be car

Re: [OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread John Bradley
There is a OAuth binding to SASL https://tools.ietf.org/html/draft-ietf-kitten-sasl-oauth-19 Google supports it for IMAP/SMTP, I think the latest iOS and OSX mail client updates use it rather than passwords for Google. I also notice

[OAUTH-WG] JWT binding for OAuth 2.0

2015-04-14 Thread Prabath Siriwardena
At the moment we only HTTP binding to transport the access token (please correct me if not).. This creates a dependency on the transport. How about creating a JWT binding for OAuth 2.0..? We can transport the access token as an encrypted JWT header parameter..? Thanks & Regards, Prabath Twitte

[OAUTH-WG] Milestones changed for oauth WG

2015-04-14 Thread IETF Secretariat
Changed milestone "Submit 'OAuth 2.0 Token Exchange' to the IESG for consideration as a Proposed Standard", set due date to August 2015 from May 2015. Changed milestone "Submit 'Request by JWS ver.1.0 for OAuth 2.0' to the IESG for consideration as a Proposed Standard", set due date to September 2

[OAUTH-WG] Milestones changed for oauth WG

2015-04-14 Thread IETF Secretariat
Changed milestone "Submit 'OAuth 2.0 Dynamic Client Registration Management Protocol' to the IESG for consideration as an Experimental RFC", resolved as "Done". Changed milestone "Submit 'Symmetric Proof of Possession (SPOP) for the OAuth Authorization Code Grant' to the IESG for consideration as