[OAUTH-WG] I-D Action: draft-ietf-oauth-step-up-authn-challenge-00.txt

2022-05-11 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Step-up Authentication Challenge Protocol Authors : Vittorio Bertocci

Re: [OAUTH-WG] Call for adoption - Step-up Authentication

2022-05-11 Thread Brian Campbell
Thanks Rifaat, I've submitted the -00 WG version of the document. On Tue, May 10, 2022 at 7:03 AM Rifaat Shekh-Yusef wrote: > Based on the feedback so far, the WG decided to adopt this draft. > > > Vittorio, Brian, > > Feel free to submit a WG version of the document at your convenience. > > Reg

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

2022-05-11 Thread David Waite
On May 11, 2022, at 6:45 AM, Rifaat Shekh-Yusef wrote: > On Wed, May 11, 2022 at 4:53 AM David Waite > wrote: > The information dropping of the canonicalization in JWK thumbprints results > in a few important properties - in particular, a local JWK document

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

2022-05-11 Thread Rifaat Shekh-Yusef
On Wed, May 11, 2022 at 4:53 AM David Waite wrote: > RFC 7517 does define an "application/jwk+json" media type which could be > used with the ct= query parameter for ni-scheme uri. The resulting > ni-scheme URI could be used to refer to a specific generated JWK document. > > However, I do not bel

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

2022-05-11 Thread Rifaat Shekh-Yusef
Yeah, I agree that the syntax defined by this specification is better. Regards, Rifaat On Wed, May 11, 2022 at 4:07 AM Mike Jones wrote: > I’m queasy about the interop implications of using a query parameter. > Questions then arise like “What if I receive an ni: URI without the query > parame

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

2022-05-11 Thread David Waite
RFC 7517 does define an "application/jwk+json" media type which could be used with the ct= query parameter for ni-scheme uri. The resulting ni-scheme URI could be used to refer to a specific generated JWK document. However, I do not believe this would be a sufficient way to indicate that this i

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

2022-05-11 Thread Mike Jones
I’m queasy about the interop implications of using a query parameter. Questions then arise like “What if I receive an ni: URI without the query parameter. Should I accept it as valid or reject it?” and “What if the query parameter is different than the one I expected? Should I accept it or re