[OAUTH-WG] Refreshing tokens on the RS

2020-05-05 Thread Jim Schaad
Over in the ACE working group we are currently having a discussion about refreshing tokens on an RS. I want to make sure that this is not something that this working group has already solved. The basic scenario is: 1. Client gets token T1 and posts it to the RS 2. After some time the RS

Re: [OAUTH-WG] Question for encrypted POP Key

2020-01-20 Thread Jim Schaad
Never mind, I just saw the answer. -Original Message- From: Jim Schaad Sent: Monday, January 20, 2020 10:57 AM To: 'draft-ietf-oauth-proof-of-possess...@ietf.org' Cc: 'oauth' Subject: Question for encrypted POP Key I am trying to deal with some of the various confirmation methods

[OAUTH-WG] Question for encrypted POP Key

2020-01-20 Thread Jim Schaad
I am trying to deal with some of the various confirmation methods for a POP token. The question that I have is about the format of the JOSE Encrypted value to be used. The document has an example of a compact serialization for this concept, it does not have an example of a JSON serialization.

Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq

2018-11-01 Thread Jim Schaad
OAuth design and thus part of the OAuth registry? Jim From: Mike Jones Sent: Wednesday, October 31, 2018 9:18 AM To: Jim Schaad ; draft-ietf-oauth-jws...@ietf.org Cc: 'oauth' Subject: RE: [OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq JWT defines a number of standard claims

[OAUTH-WG] Mail regarding draft-ietf-oauth-jwsreq

2018-10-31 Thread Jim Schaad
As part of looking at the issues of using CWTs for this purpose I did some more reading of the document. I am having a problem with the understanding the reasons for using JWT as opposed to just saying that you are going to use JWS and JWE. There is nothing in this section that I can see that

Re: [OAUTH-WG] [jose] preventing confusion of one kind of JWT for another in JWT BCP

2017-07-27 Thread Jim Schaad
One simple way to implement it would be to have an call which says “I will deal with the following items if they exist”. This means that all the application needs to do is to say that it will process p and not what values are acceptable. Jim From: jose [mailto:jose-boun...@ietf.org]

Re: [OAUTH-WG] [Ace] New OAuth client credentials RPK and PSK

2017-05-14 Thread Jim Schaad
How is this draft supposed to interact with draft-gerdes-ace-dtls-authorize? Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman Sent: Friday, May 12, 2017 1:03 AM To: ; ace Cc: Ludwig Seitz

[OAUTH-WG] FW: [jose] Cross group Working Group Last Call - draft-ietf-jose-jws-sigining-input-otpions

2015-10-21 Thread Jim Schaad
> -Original Message- > From: Jim Schaad [mailto:i...@augustcellars.com] > Sent: Wednesday, October 21, 2015 3:33 PM > To: 'o...@ietf.org' <o...@ietf.org> > Cc: 'j...@ietf.org' <j...@ietf.org> > Subject: RE: [jose] Cross group Working Group Last Call - d