draft-ietf-oauth-jwt-introspection-response-01.txt   draft-ietf-oauth-jwt-introspection-response-02.txt 
Open Authentication Protocol T. Lodderstedt, Ed. Open Authentication Protocol T. Lodderstedt, Ed.
Internet-Draft YES.com AG Internet-Draft yes.com AG
Intended status: Standards Track V. Dzhuvinov Intended status: Standards Track V. Dzhuvinov
Expires: February 23, 2019 Connect2id Ltd. Expires: August 23, 2019 Connect2id Ltd.
August 22, 2018 February 19, 2019
JWT Response for OAuth Token Introspection JWT Response for OAuth Token Introspection
draft-ietf-oauth-jwt-introspection-response-01 draft-ietf-oauth-jwt-introspection-response-02
Abstract Abstract
This draft proposes an additional JSON Web Token (JWT) based response This draft proposes an additional JSON Web Token (JWT) based response
for OAuth 2.0 Token Introspection. for OAuth 2.0 Token Introspection.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 23, 2019. This Internet-Draft will expire on August 23, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 7, line 43 skipping to change at page 7, line 43
introspection response encryption algorithm (enc value). introspection response encryption algorithm (enc value).
o Change Controller: IESG o Change Controller: IESG
o Specification Document(s): Section 4 of [[ this specification ]] o Specification Document(s): Section 4 of [[ this specification ]]
8.2. OAuth Authorization Server Metadata Registration 8.2. OAuth Authorization Server Metadata Registration
This specification requests registration of the following value in This specification requests registration of the following value in
the IANA "OAuth Authorization Server Metadata" registry the IANA "OAuth Authorization Server Metadata" registry
[IANA.OAuth.Parameters] established by [I-D.ietf-oauth-discovery]. [IANA.OAuth.Parameters] established by [RFC8414].
8.2.1. Registry Contents 8.2.1. Registry Contents
o Metadata Name: "introspection_signing_alg_values_supported" o Metadata Name: "introspection_signing_alg_values_supported"
o Metadata Description: JSON array containing a list of algorithms o Metadata Description: JSON array containing a list of algorithms
supported by the authorization server for introspection response supported by the authorization server for introspection response
signing. signing.
o Change Controller: IESG o Change Controller: IESG
skipping to change at page 8, line 37 skipping to change at page 8, line 37
o Specification Document(s): Section 5 of [[ this specification ]] o Specification Document(s): Section 5 of [[ this specification ]]
8.3. OAuth Token Introspection Response 8.3. OAuth Token Introspection Response
TBD: add all OpenID Connect standard claims. TBD: add all OpenID Connect standard claims.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-oauth-discovery]
Jones, M., Sakimura, N., and J. Bradley, "OAuth 2.0
Authorization Server Metadata", draft-ietf-oauth-
discovery-10 (work in progress), March 2018.
[I-D.ietf-oauth-jwt-bcp] [I-D.ietf-oauth-jwt-bcp]
Sheffer, Y., Hardt, D., and M. Jones, "JSON Web Token Best Sheffer, Y., Hardt, D., and M. Jones, "JSON Web Token Best
Current Practices", draft-ietf-oauth-jwt-bcp-03 (work in Current Practices", draft-ietf-oauth-jwt-bcp-04 (work in
progress), May 2018. progress), November 2018.
[I-D.ietf-oauth-security-topics] [I-D.ietf-oauth-security-topics]
Lodderstedt, T., Bradley, J., Labunets, A., and D. Fett, Lodderstedt, T., Bradley, J., Labunets, A., and D. Fett,
"OAuth 2.0 Security Best Current Practice", draft-ietf- "OAuth 2.0 Security Best Current Practice", draft-ietf-
oauth-security-topics-06 (work in progress), May 2018. oauth-security-topics-11 (work in progress), December
2018.
[OpenID.Core] [OpenID.Core]
NRI, Ping Identity, Microsoft, Google, and Salesforce, NRI, Ping Identity, Microsoft, Google, and Salesforce,
"OpenID Connect Core 1.0 incorporating errata set 1", Nov "OpenID Connect Core 1.0 incorporating errata set 1", Nov
2014, 2014,
<http://openid.net/specs/openid-connect-core-1_0.html>. <http://openid.net/specs/openid-connect-core-1_0.html>.
[OpenID.Registration] [OpenID.Registration]
NRI, Ping Identity, and Microsoft, "OpenID Connect Dynamic NRI, Ping Identity, and Microsoft, "OpenID Connect Dynamic
Client Registration 1.0 incorporating errata set 1", Nov Client Registration 1.0 incorporating errata set 1", Nov
skipping to change at page 10, line 20 skipping to change at page 10, line 15
9.2. Informative References 9.2. Informative References
[IANA.OAuth.Parameters] [IANA.OAuth.Parameters]
IANA, "OAuth Parameters", IANA, "OAuth Parameters",
<http://www.iana.org/assignments/oauth-parameters>. <http://www.iana.org/assignments/oauth-parameters>.
Appendix A. Document History Appendix A. Document History
[[ To be removed from the final specification ]] [[ To be removed from the final specification ]]
-02
o updated references
-01 -01
o adapted wording to preclude any accept header except "application/ o adapted wording to preclude any accept header except "application/
jwt" if encrypted responses are required jwt" if encrypted responses are required
o use registered alg value RS256 for default signing algorithm o use registered alg value RS256 for default signing algorithm
o added text on claims in the token introspection response o added text on claims in the token introspection response
-00 -00
skipping to change at page 11, line 18 skipping to change at page 11, line 18
o Stylistic and clarifying edits, updates references o Stylistic and clarifying edits, updates references
-00 -00
o initial version o initial version
Authors' Addresses Authors' Addresses
Torsten Lodderstedt (editor) Torsten Lodderstedt (editor)
YES.com AG yes.com AG
Email: torsten@lodderstedt.net Email: torsten@lodderstedt.net
Vladimir Dzhuvinov Vladimir Dzhuvinov
Connect2id Ltd. Connect2id Ltd.
Email: vladimir@connect2id.com Email: vladimir@connect2id.com
 End of changes. 11 change blocks. 
16 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/