Re: [Ace] CWT - Scope Claim
+1 CWT should not add claims. I also created an issue to register the claim with JWT. On Tue, Oct 31, 2017 at 9:08 PM, Mike Jones wrote: > I agree that CWT shouldn't define claims beyond those that correspond to > the JWT claims. Other specs can do that via the registry established for > that purpose. > > -- Mike > -- > *From:* Ace on behalf of Jim Schaad < > i...@augustcellars.com> > *Sent:* Tuesday, October 31, 2017 8:06:04 AM > *To:* Hannes Tschofenig; 'Samuel Erdtman' > > *Cc:* ace@ietf.org > *Subject:* Re: [Ace] CWT - Scope Claim > > > I have an outstanding comment to the effect that I want a binary scope > value – specifically to allow for a CBOR encoded object – on the framework > document. > > > > In terms of defining it in this document rather than in the framework, my > first response would be ‘no’ only because this was designed to be a direct > copy of the JWT document and it was not defined there. Other than that I > would not care one way or the other. > > > > Jim > > > > > > *From:* Ace [mailto:ace-boun...@ietf.org] *On Behalf Of *Hannes Tschofenig > *Sent:* Tuesday, October 31, 2017 2:58 AM > *To:* Samuel Erdtman > *Cc:* ace@ietf.org > *Subject:* Re: [Ace] CWT - Scope Claim > > > > Hi Samuel, > > > > You are correct that we should register it also with the JWT. > > > > Additionally, I wonder whether the string representation of the claim for > the CWT is the most efficient way to represent the scope. Shouldn’t we > rather use CBOR capabilities here since we are trying to optimize 2 bytes > in other areas? > > > > Ciao > > Hannes > > > > *From:* Samuel Erdtman [mailto:sam...@erdtman.se ] > *Sent:* 31 October 2017 10:46 > *To:* Hannes Tschofenig > *Cc:* ace@ietf.org > *Subject:* Re: [Ace] CWT - Scope Claim > > > > The framework does register a CWT 'scoop' claim, but I think it has to > register it with JWT too to be correct. > > > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 > > > > //Samuel > > > > On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig < > hannes.tschofe...@arm.com> wrote: > > Hi all, > > > > I was wondering whether we should define a claim, scope, that captures the > scope that was granted by the authorization server. > > > > Ciao > > Hannes > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > > ___ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] CWT - Scope Claim
On 2017-10-31 16:06, Jim Schaad wrote: I have an outstanding comment to the effect that I want a binary scope value – specifically to allow for a CBOR encoded object – on the framework document. Fixed in the editor's draft. Will submit an update soon. (See: https://github.com/ace-wg/ace-oauth/issues/122) /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] CWT - Scope Claim
I agree that CWT shouldn't define claims beyond those that correspond to the JWT claims. Other specs can do that via the registry established for that purpose. -- Mike From: Ace on behalf of Jim Schaad Sent: Tuesday, October 31, 2017 8:06:04 AM To: Hannes Tschofenig; 'Samuel Erdtman' Cc: ace@ietf.org Subject: Re: [Ace] CWT - Scope Claim I have an outstanding comment to the effect that I want a binary scope value – specifically to allow for a CBOR encoded object – on the framework document. In terms of defining it in this document rather than in the framework, my first response would be ‘no’ only because this was designed to be a direct copy of the JWT document and it was not defined there. Other than that I would not care one way or the other. Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Tuesday, October 31, 2017 2:58 AM To: Samuel Erdtman Cc: ace@ietf.org Subject: Re: [Ace] CWT - Scope Claim Hi Samuel, You are correct that we should register it also with the JWT. Additionally, I wonder whether the string representation of the claim for the CWT is the most efficient way to represent the scope. Shouldn’t we rather use CBOR capabilities here since we are trying to optimize 2 bytes in other areas? Ciao Hannes From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: 31 October 2017 10:46 To: Hannes Tschofenig Cc: ace@ietf.org<mailto:ace@ietf.org> Subject: Re: [Ace] CWT - Scope Claim The framework does register a CWT 'scoop' claim, but I think it has to register it with JWT too to be correct. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 //Samuel On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig mailto:hannes.tschofe...@arm.com>> wrote: Hi all, I was wondering whether we should define a claim, scope, that captures the scope that was granted by the authorization server. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] CWT - Scope Claim
I have an outstanding comment to the effect that I want a binary scope value – specifically to allow for a CBOR encoded object – on the framework document. In terms of defining it in this document rather than in the framework, my first response would be ‘no’ only because this was designed to be a direct copy of the JWT document and it was not defined there. Other than that I would not care one way or the other. Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Tuesday, October 31, 2017 2:58 AM To: Samuel Erdtman Cc: ace@ietf.org Subject: Re: [Ace] CWT - Scope Claim Hi Samuel, You are correct that we should register it also with the JWT. Additionally, I wonder whether the string representation of the claim for the CWT is the most efficient way to represent the scope. Shouldn’t we rather use CBOR capabilities here since we are trying to optimize 2 bytes in other areas? Ciao Hannes From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: 31 October 2017 10:46 To: Hannes Tschofenig Cc: ace@ietf.org <mailto:ace@ietf.org> Subject: Re: [Ace] CWT - Scope Claim The framework does register a CWT 'scoop' claim, but I think it has to register it with JWT too to be correct. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 //Samuel On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig mailto:hannes.tschofe...@arm.com> > wrote: Hi all, I was wondering whether we should define a claim, scope, that captures the scope that was granted by the authorization server. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org <mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] CWT - Scope Claim
Hi Samuel, You are correct that we should register it also with the JWT. Additionally, I wonder whether the string representation of the claim for the CWT is the most efficient way to represent the scope. Shouldn’t we rather use CBOR capabilities here since we are trying to optimize 2 bytes in other areas? Ciao Hannes From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: 31 October 2017 10:46 To: Hannes Tschofenig Cc: ace@ietf.org Subject: Re: [Ace] CWT - Scope Claim The framework does register a CWT 'scoop' claim, but I think it has to register it with JWT too to be correct. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 //Samuel On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig mailto:hannes.tschofe...@arm.com>> wrote: Hi all, I was wondering whether we should define a claim, scope, that captures the scope that was granted by the authorization server. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] CWT - Scope Claim
An additional though: would it make sense to put the scope claim into the CWT instead of putting it into the oauth-authz framework? From: Samuel Erdtman [mailto:sam...@erdtman.se] Sent: 31 October 2017 10:46 To: Hannes Tschofenig Cc: ace@ietf.org Subject: Re: [Ace] CWT - Scope Claim The framework does register a CWT 'scoop' claim, but I think it has to register it with JWT too to be correct. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 //Samuel On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig mailto:hannes.tschofe...@arm.com>> wrote: Hi all, I was wondering whether we should define a claim, scope, that captures the scope that was granted by the authorization server. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
Re: [Ace] CWT - Scope Claim
The framework does register a CWT 'scoop' claim, but I think it has to register it with JWT too to be correct. https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-08#section-8.5 //Samuel On Tue, Oct 31, 2017 at 10:28 AM, Hannes Tschofenig < hannes.tschofe...@arm.com> wrote: > Hi all, > > > > I was wondering whether we should define a claim, scope, that captures the > scope that was granted by the authorization server. > > > > Ciao > > Hannes > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > ___ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
[Ace] CWT - Scope Claim
Hi all, I was wondering whether we should define a claim, scope, that captures the scope that was granted by the authorization server. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace