This draft has similar issues to https://tools.ietf.org/html/draft-richer-oauth-signed-http-request-01
Rather than *try* sign HTTP, a signed JWT object is more reliably returned. Phil > On Mar 19, 2018, at 8:25 AM, LARMIGNAT Louis <louis.larmig...@wavestone.com> > wrote: > > Hi, > > The draft Signing HTTP Messages <> > (https://tools.ietf.org/html/draft-cavage-http-signatures-09 > <https://tools.ietf.org/html/draft-cavage-http-signatures-09>) could not meet > this requirement in a more generic way ? > > Regards, > Louis > > De : OAuth <oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>> De la > part de Brock Allen > Envoyé : dimanche 18 mars 2018 20:40 > À : Torsten Lodderstedt <tors...@lodderstedt.net > <mailto:tors...@lodderstedt.net>>; oauth@ietf.org <mailto:oauth@ietf.org> > Objet : Re: [OAUTH-WG] Fwd: New Version Notification for > draft-lodderstedt-oauth-jwt-introspection-response-00.txt > > Why is TLS to the intospection endpoint not sufficient? Are you thinking > there needs to be some multi-tenancy support of some kind? > > -Brock > > On 3/18/2018 3:33:16 PM, Torsten Lodderstedt <tors...@lodderstedt.net > <mailto:tors...@lodderstedt.net>> wrote: > > Hi all, > > I just submitted a new draft that Vladimir Dzhuvinov and I have written. It > proposes a JWT-based response type for Token Introspection. The objective is > to provide resource servers with signed tokens in case they need > cryptographic evidence that the AS created the token (e.g. for liability). > > I will present the new draft in the session on Wednesday. > > kind regards, > Torsten. > > > Anfang der weitergeleiteten Nachricht: > > Von: internet-dra...@ietf.org <mailto:internet-dra...@ietf.org> > Betreff: New Version Notification for > draft-lodderstedt-oauth-jwt-introspection-response-00.txt > Datum: 18. März 2018 um 20:19:37 MEZ > An: "Vladimir Dzhuvinov" <vladi...@connect2id.com > <mailto:vladi...@connect2id.com>>, "Torsten Lodderstedt" > <tors...@lodderstedt.net <mailto:tors...@lodderstedt.net>> > > > A new version of I-D, > draft-lodderstedt-oauth-jwt-introspection-response-00.txt > has been successfully submitted by Torsten Lodderstedt and posted to the > IETF repository. > > Name: draft-lodderstedt-oauth-jwt-introspection-response > Revision: 00 > Title: JWT Response for OAuth Token Introspection > Document date: 2018-03-15 > Group: Individual Submission > Pages: 5 > URL: > https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt > > <https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt> > Status: > https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/ > > <https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/> > Htmlized: > https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00 > > <https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00> > Htmlized: > https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response > > <https://datatracker..ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response> > > > Abstract: > This draft proposes an additional JSON Web Token (JWT) based response > for OAuth 2.0 Token Introspection. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org > <http://tools.ietf.org/>. > > The IETF Secretariat > > > The information transmitted in the present email including the attachment is > intended only for the person to whom or entity to which it is addressed and > may contain confidential and/or privileged material. Any review, > retransmission, dissemination or other use of, or taking of any action in > reliance upon this information by persons or entities other than the intended > recipient is prohibited. If you received this in error, please contact the > sender and delete all copies of the material. > > Ce message et toutes les pièces qui y sont éventuellement jointes sont > confidentiels et transmis à l'intention exclusive de son destinataire. Toute > modification, édition, utilisation ou diffusion par toute personne ou entité > autre que le destinataire est interdite. Si vous avez reçu ce message par > erreur, nous vous remercions de nous en informer immédiatement et de le > supprimer ainsi que les pièces qui y sont éventuellement jointes. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth