Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-22 Thread Rifaat Shekh-Yusef
on to > the end user exposure. In fact, the by-value access token when involving > some PII is by definition leaking information and violating the data > minimization principle. This should be clearly delineated. My gut feeling > is that it should be encrypted unless it is certain that it do

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-16 Thread Schanzenbach, Martin
t; -Original Message- >>> From: OAuth On Behalf Of Anthony Nadalin >>> Sent: Wednesday, April 10, 2019 8:12 PM >>> To: Hannes Tschofenig ; oauth@ietf.org >>> Subject: Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens >>> >&g

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-15 Thread Sascha Preibisch
not include sensitive > > PII as judging whether a claim may form a PII is too hard for an average > > developer.. > > > > -Original Message- > > From: OAuth On Behalf Of Anthony Nadalin > > Sent: Wednesday, April 10, 2019 8:12 PM > > To: Hannes Tsc

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-13 Thread Schanzenbach, Martin
ge > developer.. > > -Original Message----- > From: OAuth On Behalf Of Anthony Nadalin > Sent: Wednesday, April 10, 2019 8:12 PM > To: Hannes Tschofenig ; oauth@ietf.org > Subject: Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens > > I support adop

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-12 Thread Dag Helge Østerhagen
it is certain that it does not include sensitive >> PII as judging whether a claim may form a PII is too hard for an average >> developer.. >> >> -Original Message- >> From: OAuth On Behalf Of Anthony Nadalin >> Sent: Wednesday, April 10, 2019 8:12 PM >

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-11 Thread Sascha Preibisch
tion tokens 2. The > privacy issues must be addressed 3. Needs to be extensible, much like > ID-Token, can't be 100% fixed > > > -Original Message----- > From: OAuth On Behalf Of Hannes Tschofenig > Sent: Monday, April 8, 2019 10:07 AM > To: oauth@ietf.org >

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-10 Thread Pedro Igor Silva
ID-Token, can't be 100% fixed > > > -Original Message- > From: OAuth On Behalf Of Hannes Tschofenig > Sent: Monday, April 8, 2019 10:07 AM > To: oauth@ietf.org > Subject: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens > > Hi all, > > thi

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-10 Thread Dick Hardt
+1 On Mon, Apr 8, 2019 at 10:07 AM Hannes Tschofenig wrote: > Hi all, > > this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens' > document following the positive feedback at the last IETF meeting in Prague. > > Here is the document: > https://tools.ietf.org/html/draft-bertocci

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-10 Thread n-sakimura
hard for an average developer. -Original Message- From: OAuth On Behalf Of Anthony Nadalin Sent: Wednesday, April 10, 2019 8:12 PM To: Hannes Tschofenig ; oauth@ietf.org Subject: Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens I support adoption of this draft as a

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-10 Thread Anthony Nadalin
From: OAuth On Behalf Of Hannes Tschofenig Sent: Monday, April 8, 2019 10:07 AM To: oauth@ietf.org Subject: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens Hi all, this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens' document following the positive

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-09 Thread Lars Wilhelmsen
+1 Lars Wilhelmsen Thales -Original Message- From: OAuth On Behalf Of Neil Madden Sent: tirsdag 9. april 2019 10:43 To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens I support adoption of this draft. — Neil > O

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-09 Thread Neil Madden
I support adoption of this draft. — Neil > On 8 Apr 2019, at 18:07, Hannes Tschofenig wrote: > > Hi all, > > this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens' > document following the positive feedback at the last IETF meeting in Prague. > > Here is the document: > ht

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-09 Thread Scott Brady
+1 On Tue, Apr 9, 2019 at 5:45 AM Dominick Baier wrote: > +1 > > ——— > Dominick > > On 8. April 2019 at 20:21:21, William Denniss ( > wdenniss=40google@dmarc.ietf.org) wrote: > > I support adoption of this draft as a working group document. > > On Mon, Apr 8, 2019 at 11:11 AM George Fletcher

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-08 Thread Dominick Baier
+1 ——— Dominick On 8. April 2019 at 20:21:21, William Denniss ( wdenniss=40google@dmarc.ietf.org) wrote: I support adoption of this draft as a working group document. On Mon, Apr 8, 2019 at 11:11 AM George Fletcher wrote: > +1 for me as well :) > > On 4/8/19 1:38 PM, Hans Zandbelt wrote:

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-08 Thread George Fletcher
+1 for me as well :) On 4/8/19 1:38 PM, Hans Zandbelt wrote: +1 Hans. On Mon, Apr 8, 2019, 19:34 John Bradley > wrote: I agree this should be adopted as a working group document. On 4/8/2019 7:07 PM, Hannes Tschofenig wrote: > Hi all, > > this

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-08 Thread Hans Zandbelt
+1 Hans. On Mon, Apr 8, 2019, 19:34 John Bradley wrote: > I agree this should be adopted as a working group document. > > > On 4/8/2019 7:07 PM, Hannes Tschofenig wrote: > > Hi all, > > > > this is the call for adoption of the 'JWT Usage in OAuth2 Access > Tokens' document following the positi

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-08 Thread John Bradley
I agree this should be adopted as a working group document. On 4/8/2019 7:07 PM, Hannes Tschofenig wrote: Hi all, this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens' document following the positive feedback at the last IETF meeting in Prague. Here is the document: https

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-08 Thread Filip Skokan
I support the draft's adoption. Best, *Filip Skokan* On Mon, 8 Apr 2019 at 19:07, Hannes Tschofenig wrote: > Hi all, > > this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens' > document following the positive feedback at the last IETF meeting in Prague. > > Here is the docum

[OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

2019-04-08 Thread Hannes Tschofenig
Hi all, this is the call for adoption of the 'JWT Usage in OAuth2 Access Tokens' document following the positive feedback at the last IETF meeting in Prague. Here is the document: https://tools.ietf.org/html/draft-bertocci-oauth-access-token-jwt-00 Please let us know by April 22nd whether you