Thank you! Sent from my iPhone
> On Dec 13, 2015, at 11:33 PM, Mike Jones <michael.jo...@microsoft.com> wrote: > > Done in -09. > > -----Original Message----- > From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com] > Sent: Sunday, December 13, 2015 8:09 PM > To: Mike Jones <michael.jo...@microsoft.com> > Cc: Manger, James <james.h.man...@team.telstra.com>; oauth@ietf.org > Subject: Re: [OAUTH-WG] implementations of > draft-ietf-oauth-proof-of-possession > > I just added the ballot for these drafts, can this be fixed quickly? > > Thanks. > Kathleen > >> On Sun, Dec 13, 2015 at 11:07 PM, Mike Jones <michael.jo...@microsoft.com> >> wrote: >> Good eye, James! Thanks for catching this. I’ll fix it right away. >> >> >> >> It turns out that examples are based on the trace captured in February >> 2013 – well before the Xbox One launch in November 2013. I’d actually >> noticed this then and had Xbox correct their code. But silly me, I >> failed to uniformly correct it in the draft. >> >> >> >> Thanks again! >> >> -- Mike >> >> >> >> From: Manger, James [mailto:james.h.man...@team.telstra.com] >> Sent: Sunday, December 13, 2015 8:04 PM >> To: Mike Jones <michael.jo...@microsoft.com>; Kathleen Moriarty >> <kathleen.moriarty.i...@gmail.com>; oauth@ietf.org >> Subject: RE: [OAUTH-WG] implementations of >> draft-ietf-oauth-proof-of-possession >> >> >> >> That value uses strings for expiry and not-before dates so it is not a >> valid JWT; these dates need to be numbers. >> >> >> >> 3 of the examples in draft-ietf-oauth-proof-of-possession are >> similarly invalid (“exp” and “iat”); 1 example gets it right. >> >> >> >> -- >> >> James Manger >> >> >> >> -----Original Message----- >> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones >> Sent: Monday, 14 December 2015 2:40 PM >> To: Kathleen Moriarty <kathleen.moriarty.i...@gmail.com>; >> oauth@ietf.org >> Subject: Re: [OAUTH-WG] implementations of >> draft-ietf-oauth-proof-of-possession >> >> >> >> Yes. Xbox One and its partners have been using this since its launch. >> The following token claims are from a production trace captured in early >> 2013: >> >> >> >> { >> >> "iss":"xas.xboxlive.com", >> >> "aud":"http://auth.xboxlive.com";, >> >> "exp":"1361398824", >> >> "nbf":"1360189224", >> >> "cnf":{ >> >> "jwk":{ >> >> "kty":"EC", >> >> "use":"sig", >> >> "crv":"P-256", >> >> "x":"18wHLeIgW9wVN6VD1Txgpqy2LszYkMf6J8njVAibvhM", >> >> "y":"-V4dS4UaLMgP_4fY4j8ir7cl1TXlFdAgcx55o7TkcSA" >> >> } >> >> } >> >> } >> >> >> >> -- >> Mike >> >> >> >> -----Original Message----- >> >> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Kathleen >> Moriarty >> >> Sent: Sunday, December 13, 2015 7:14 PM >> >> To: oauth@ietf.org >> >> Subject: [OAUTH-WG] implementations of >> draft-ietf-oauth-proof-of-possession >> >> >> >> Hi, >> >> >> >> Are there any implementations of draft-ietf-oauth-proof-of-possession? >> >> >> >> Thanks! >> >> >> >> -- >> >> >> >> Best regards, >> >> Kathleen >> >> >> >> _______________________________________________ >> >> OAuth mailing list >> >> OAuth@ietf.org >> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> _______________________________________________ >> >> OAuth mailing list >> >> OAuth@ietf.org >> >> https://www.ietf.org/mailman/listinfo/oauth > > > > -- > > Best regards, > Kathleen _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
