draft-ietf-oauth-proof-of-possession-06.txt   draft-ietf-oauth-proof-of-possession-07.txt 
OAuth Working Group M. Jones OAuth Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track J. Bradley Intended status: Standards Track J. Bradley
Expires: May 7, 2016 Ping Identity Expires: May 27, 2016 Ping Identity
H. Tschofenig H. Tschofenig
ARM Limited ARM Limited
November 4, 2015 November 24, 2015
Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
draft-ietf-oauth-proof-of-possession-06 draft-ietf-oauth-proof-of-possession-07
Abstract Abstract
This specification defines how to express a declaration in a JSON Web This specification defines how to express a declaration in a JSON Web
Token (JWT) that the presenter of the JWT possesses a particular key Token (JWT) that the presenter of the JWT possesses a particular key
and that the recipient can cryptographically confirm proof-of- and that the recipient can cryptographically confirm proof-of-
possession of the key by the presenter. Being able to prove possession of the key by the presenter. Being able to prove
possession of a key is also sometimes described as the presenter possession of a key is also sometimes described as the presenter
being a holder-of-key. being a holder-of-key.
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 7, 2016. This Internet-Draft will expire on May 27, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 18 skipping to change at page 2, line 18
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 5
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Representations for Proof-of-Possession Keys . . . . . . . . . 6 3. Representations for Proof-of-Possession Keys . . . . . . . . . 6
3.1. Confirmation Claim . . . . . . . . . . . . . . . . . . . . 6 3.1. Confirmation Claim . . . . . . . . . . . . . . . . . . . . 6
3.2. Representation of an Asymmetric Proof-of-Possession Key . 7 3.2. Representation of an Asymmetric Proof-of-Possession Key . 7
3.3. Representation of an Encrypted Symmetric 3.3. Representation of an Encrypted Symmetric
Proof-of-Possession Key . . . . . . . . . . . . . . . . . 7 Proof-of-Possession Key . . . . . . . . . . . . . . . . . 8
3.4. Representation of a Key ID for a Proof-of-Possession 3.4. Representation of a Key ID for a Proof-of-Possession
Key . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Key . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.5. Representation of a URL for a Proof-of-Possession Key . . 9 3.5. Representation of a URL for a Proof-of-Possession Key . . 9
3.6. Specifics Intentionally Not Specified . . . . . . . . . . 9 3.6. Specifics Intentionally Not Specified . . . . . . . . . . 10
4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10
5. Privacy Considerations . . . . . . . . . . . . . . . . . . . . 11 5. Privacy Considerations . . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
6.1. JSON Web Token Claims Registration . . . . . . . . . . . . 12 6.1. JSON Web Token Claims Registration . . . . . . . . . . . . 12
6.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 12 6.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 12
6.2. JWT Confirmation Methods Registry . . . . . . . . . . . . 12 6.2. JWT Confirmation Methods Registry . . . . . . . . . . . . 12
6.2.1. Registration Template . . . . . . . . . . . . . . . . 12 6.2.1. Registration Template . . . . . . . . . . . . . . . . 12
6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 13 6.2.2. Initial Registry Contents . . . . . . . . . . . . . . 13
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.1. Normative References . . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . . 13
7.2. Informative References . . . . . . . . . . . . . . . . . . 14 7.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 15 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 15
Appendix B. Document History . . . . . . . . . . . . . . . . . . 15 Appendix B. Document History . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction 1. Introduction
This specification defines how a JSON Web Token (JWT) [JWT] can This specification defines how a JSON Web Token (JWT) [JWT] can
declare that the presenter of the JWT possesses a key and that the declare that the presenter of the JWT possesses a key and that the
recipient can cryptographically confirm that the presenter possesses recipient can cryptographically confirm that the presenter possesses
that key. Proof-of-possession of a key is also sometimes described that key. Proof-of-possession of a key is also sometimes described
as the presenter being a holder-of-key. The as the presenter being a holder-of-key. The
[I-D.ietf-oauth-pop-architecture] specification describes key [I-D.ietf-oauth-pop-architecture] specification describes key
confirmation, among other confirmation mechanisms. This confirmation, among other confirmation mechanisms. This
specification defines how to communicate key confirmation key specification defines how to communicate key confirmation key
information in JWTs. information in JWTs.
Envision the following two use cases. The first use case employs a Envision the following two use cases. The first use case employs a
symmetric proof-of-possession key and the second use case employs an symmetric proof-of-possession key and the second use case employs an
asymmetric proof-of-possession key. asymmetric proof-of-possession key.
+--------------+ +--------------+
| | +--------------+ | | +--------------+
| |--(4) Presentation of -->| | | |--(3) Presentation of -->| |
| | JWT w/ Encrypted | | | | JWT w/ Encrypted | |
| Presenter | PoP Key | | | Presenter | PoP Key | |
| | | | | | | |
| |<-(5) Communication ---->| | | |<-(4) Communication ---->| |
| | Authenticated by | | | | Authenticated by | |
+--------------+ PoP Key | | +--------------+ PoP Key | |
| ^ | | ^ ^ | |
| | | | | | | |
(1) Sym. (3) JWT w/ | Recipient | (1) Sym. (2) JWT w/ | Recipient |
| PoP | Encrypted | | | PoP | Encrypted | |
| Key | PoP Key | | | Key | PoP Key | |
v | | | v | | |
+--------------+ | | +--------------+ | |
| | | | | | | |
| | | | | | | |
| |<-(2) Key Exchange for ->| | | |<-(0) Key Exchange for ->| |
| Issuer | Key Encryption Key | | | Issuer | Key Encryption Key | |
| | | | | | | |
| | | | | | | |
| | +--------------+ | | +--------------+
+--------------+ +--------------+
Figure 1: Proof-of-Possession with a Symmetric Key Figure 1: Proof-of-Possession with a Symmetric Key
In the case illustrated in Figure 1, the presenter generates a In the case illustrated in Figure 1, either the presenter generates a
symmetric key and (1) privately sends it to the issuer. The issuer symmetric key and privately sends it to the issuer (1) or the issuer
generates a JWT with an encrypted copy of this symmetric key in the generates a symmetric key and privately sends it to the presenter
newly introduced confirmation claim. This symmetric key is encrypted (1). The issuer generates a JWT with an encrypted copy of this
with a key known only to the issuer and the recipient, which is symmetric key in the confirmation claim. This symmetric key is
established in step (2), if it doesn't already exist. The entire JWT encrypted with a key known only to the issuer and the recipient,
is integrity protected by the issuer. The JWT is then (3) sent to which was previously established in step (0). The entire JWT is
the presenter. Now, the presenter is in possession of the symmetric integrity protected by the issuer. The JWT is then (2) sent to the
key as well as the JWT (which includes the confirmation claim). When presenter. Now, the presenter is in possession of the symmetric key
the presenter (4) presents the JWT to the recipient, it also needs to as well as the JWT (which includes the confirmation claim). When the
presenter (3) presents the JWT to the recipient, it also needs to
demonstrate possession of the symmetric key; the presenter, for demonstrate possession of the symmetric key; the presenter, for
example, (5) uses the symmetric key in a challenge/response protocol example, (4) uses the symmetric key in a challenge/response protocol
with the recipient. The recipient is then able to verify that it is with the recipient. The recipient is then able to verify that it is
interacting with the genuine presenter by decrypting the key in the interacting with the genuine presenter by decrypting the key in the
confirmation claim of the JWT. By doing this, the recipient obtains confirmation claim of the JWT. By doing this, the recipient obtains
the symmetric key, which it then uses to verify cryptographically the symmetric key, which it then uses to verify cryptographically
protected messages exchanged with the presenter (5). This symmetric protected messages exchanged with the presenter (4). This symmetric
key mechanism described above is conceptually similar to the use of key mechanism described above is conceptually similar to the use of
Kerberos tickets. Kerberos tickets.
+--------------+ +--------------+
| | +--------------+ | | +--------------+
| |--(3) Presentation of -->| | | |--(3) Presentation of -->| |
| | JWT w/ Public | | | | JWT w/ Public | |
| Presenter | PoP Key | | | Presenter | PoP Key | |
| | | | | | | |
| |<-(4) Communication ---->| | | |<-(4) Communication ---->| |
skipping to change at page 4, line 49 skipping to change at page 4, line 50
| | | | | | | |
| | | | | | | |
| | +--------------+ | | +--------------+
+--------------+ +--------------+
Figure 2: Proof-of-Possession with an Asymmetric Key Figure 2: Proof-of-Possession with an Asymmetric Key
In the case illustrated in Figure 2, the presenter generates a In the case illustrated in Figure 2, the presenter generates a
public/private key pair and (1) sends the public key to the issuer, public/private key pair and (1) sends the public key to the issuer,
which creates a JWT that contains the public key (or an identifier which creates a JWT that contains the public key (or an identifier
for it) in the newly introduced confirmation claim. The entire JWT for it) in the confirmation claim. The entire JWT is integrity
is integrity protected using a digital signature to protect it protected using a digital signature to protect it against
against modifications. The JWT is then (2) sent to the presenter. modifications. The JWT is then (2) sent to the presenter. When the
presenter (3) presents the JWT to the recipient, it also needs to
When the presenter (3) presents the JWT to the recipient, it also demonstrate possession of the private key. The presenter, for
needs to demonstrate possession of the private key. The presenter, example, (4) uses the private key in a TLS exchange with the
for example, (4) uses the private key in a TLS exchange with the
recipient or (4) signs a nonce with the private key. The recipient recipient or (4) signs a nonce with the private key. The recipient
is able to verify that it is interacting with the genuine presenter is able to verify that it is interacting with the genuine presenter
by extracting the public key from the confirmation claim of the JWT by extracting the public key from the confirmation claim of the JWT
(after verifying the digital signature of the JWT) and utilizing it (after verifying the digital signature of the JWT) and utilizing it
with the private key in the TLS exchange or by checking the nonce with the private key in the TLS exchange or by checking the nonce
signature. signature.
In both cases, the JWT may contain other claims that are needed by In both cases, the JWT may contain other claims that are needed by
the application. the application.
skipping to change at page 6, line 40 skipping to change at page 6, line 40
3.1. Confirmation Claim 3.1. Confirmation Claim
The "cnf" (confirmation) claim is used in the JWT to contain members The "cnf" (confirmation) claim is used in the JWT to contain members
used to identify the proof-of-possession key. Other members of the used to identify the proof-of-possession key. Other members of the
"cnf" object may be defined because a proof-of-possession key may not "cnf" object may be defined because a proof-of-possession key may not
be the only means of confirming the authenticity of the token. This be the only means of confirming the authenticity of the token. This
is analogous to the SAML 2.0 [OASIS.saml-core-2.0-os] is analogous to the SAML 2.0 [OASIS.saml-core-2.0-os]
SubjectConfirmation element, in which a number of different subject SubjectConfirmation element, in which a number of different subject
confirmation methods can be included, including proof-of-possession confirmation methods can be included, including proof-of-possession
key information. When a recipient receives a "cnf" claim with a key information.
member that it does not understand, it MUST ignore that member.
The set of confirmation members that a JWT must contain to be
considered valid is context dependent and is outside the scope of
this specification. Specific applications of JWTs will require
implementations to understand and process some confirmation members
in particular ways. However, in the absence of such requirements,
all confirmation members that are not understood by implementations
MUST be ignored.
This specification establishes the IANA "JWT Confirmation Methods" This specification establishes the IANA "JWT Confirmation Methods"
registry for these members in Section 6.2 and registers the members registry for these members in Section 6.2 and registers the members
defined by this specification. Other specifications can register defined by this specification. Other specifications can register
other members used for confirmation, including other members for other members used for confirmation, including other members for
conveying proof-of-possession keys, possibly using different key conveying proof-of-possession keys, possibly using different key
representations. representations.
Note that if an application needs to represent multiple proof-of- The "cnf" claim value MUST represent only a single proof-of-
possession keys in the same JWT, one way for it to achieve this is to possession key; thus, at most one of the "jwk", "jwe", and "jku"
use other claim names, in addition to "cnf", to hold the additional confirmation values defined below may be present. Note that if an
proof-of-possession key information. These claims could use the same application needs to represent multiple proof-of-possession keys in
syntax and semantics as the "cnf" claim. Those claims would be the same JWT, one way for it to achieve this is to use other claim
defined by applications or other specifications and could be names, in addition to "cnf", to hold the additional proof-of-
registered in the IANA "JSON Web Token Claims" registry possession key information. These claims could use the same syntax
[IANA.JWT.Claims]. and semantics as the "cnf" claim. Those claims would be defined by
applications or other specifications and could be registered in the
IANA "JSON Web Token Claims" registry [IANA.JWT.Claims].
3.2. Representation of an Asymmetric Proof-of-Possession Key 3.2. Representation of an Asymmetric Proof-of-Possession Key
When the key held by the presenter is an asymmetric private key, the When the key held by the presenter is an asymmetric private key, the
"jwk" member is a JSON Web Key (JWK) [JWK] representing the "jwk" member is a JSON Web Key (JWK) [JWK] representing the
corresponding asymmetric public key. The following example corresponding asymmetric public key. The following example
demonstrates such a declaration in the JWT Claims Set of a JWT: demonstrates such a declaration in the JWT Claims Set of a JWT:
{ {
"iss": "https://server.example.com", "iss": "https://server.example.com",
skipping to change at page 10, line 21 skipping to change at page 10, line 38
Note that another means of proving possession of the key when it is a Note that another means of proving possession of the key when it is a
symmetric key is to encrypt the key to the recipient. The means of symmetric key is to encrypt the key to the recipient. The means of
obtaining a key for the recipient is likewise protocol-specific. obtaining a key for the recipient is likewise protocol-specific.
For examples using the mechanisms defined in this specification, see For examples using the mechanisms defined in this specification, see
[I-D.ietf-oauth-pop-architecture]. [I-D.ietf-oauth-pop-architecture].
4. Security Considerations 4. Security Considerations
All of the normal security issues, especially in relationship to All of the security considerations that are discussed in JWT [JWT]
comparing URIs and dealing with unrecognized values, that are also apply here. In addition, proof-of-possession introduces its own
discussed in JWT [JWT] also apply here. unique security issues. Possessing a key is only valuable if it is
kept secret. Appropriate means must be used to ensure that
In addition, proof-of-possession introduces its own unique security unintended parties do not learn private key or symmetric key values.
issues. Possessing the key is only valuable if it is kept secret.
Appropriate means must be used to ensure that unintended parties do
not learn the private key or symmetric key value.
Proof-of-possession via encrypted symmetric secrets is subject to Proof-of-possession via encrypted symmetric secrets is subject to
replay attacks. This attack can be avoided when a signed nonce or replay attacks. This attack can be avoided when a signed nonce or
challenge is used, since the recipient can use a distinct nonce or challenge is used, since the recipient can use a distinct nonce or
challenged for each interaction. challenged for each interaction.
Similarly to other information included in a JWT, it is necessary to Similarly to other information included in a JWT, it is necessary to
apply data origin authentication and integrity protection (via a apply data origin authentication and integrity protection (via a
keyed message digest or a digital signature). Data origin keyed message digest or a digital signature). Data origin
authentication ensures that the recipient of the JWT learns about the authentication ensures that the recipient of the JWT learns about the
entity that created the JWT, since this will be important for any entity that created the JWT, since this will be important for any
policy decisions. Integrity protection prevents an adversary from policy decisions. Integrity protection prevents an adversary from
changing any elements conveyed within the JWT payload. Special care changing any elements conveyed within the JWT payload. Special care
has to be applied when carrying symmetric keys inside the JWT, since has to be applied when carrying symmetric keys inside the JWT, since
those not only require integrity protection, but also confidentiality those not only require integrity protection, but also confidentiality
protection. protection.
A recipient may not understand the newly introduced "cnf" claim and A recipient might not understand the "cnf" claim, in which case it
may consequently treat it as a bearer token. While this is a will typically be ignored. Unless this is acceptable behavior,
legitimate concern, it is outside the scope of this specification, applications that need the proof-of-possession keys communicated with
since demonstration the possession of the key associated with the it to be understood and processed must require that the parts of this
"cnf" claim is not covered by this specification. For more details, specification that they use be implemented.
please consult [I-D.ietf-oauth-pop-architecture].
5. Privacy Considerations 5. Privacy Considerations
A proof-of-possession key can be used as a correlation handle if the A proof-of-possession key can be used as a correlation handle if the
same key is used with multiple parties. Thus, for privacy reasons, same key is used with multiple parties. Thus, for privacy reasons,
it is recommended that different proof-of-possession keys be used it is recommended that different proof-of-possession keys be used
when interacting with different parties. when interacting with different parties.
6. IANA Considerations 6. IANA Considerations
skipping to change at page 13, line 43 skipping to change at page 14, line 6
7. References 7. References
7.1. Normative References 7.1. Normative References
[IANA.JWT.Claims] [IANA.JWT.Claims]
IANA, "JSON Web Token Claims", IANA, "JSON Web Token Claims",
<http://www.iana.org/assignments/jwt>. <http://www.iana.org/assignments/jwt>.
[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", [JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
RFC 7516, May 2015, RFC 7516, DOI 10.17487/RFC7156, May 2015,
<http://www.rfc-editor.org/info/rfc7516>. <http://www.rfc-editor.org/info/rfc7516>.
[JWK] Jones, M., "JSON Web Key (JWK)", RFC 7517, May 2015, [JWK] Jones, M., "JSON Web Key (JWK)", RFC 7517, DOI 10.17487/
RFC7157, May 2015,
<http://www.rfc-editor.org/info/rfc7517>. <http://www.rfc-editor.org/info/rfc7517>.
[JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token [JWT] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", RFC 7519, May 2015, (JWT)", RFC 7519, DOI 10.17487/RFC7159, May 2015,
<http://www.rfc-editor.org/info/rfc7519>. <http://www.rfc-editor.org/info/rfc7519>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629,
November 2003, <http://www.rfc-editor.org/info/rfc3629>. November 2003, <http://www.rfc-editor.org/info/rfc3629>.
skipping to change at page 14, line 41 skipping to change at page 15, line 4
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, Security (TLS)", RFC 6125, DOI 10.17487/RFC6125,
March 2011, <http://www.rfc-editor.org/info/rfc6125>. March 2011, <http://www.rfc-editor.org/info/rfc6125>.
7.2. Informative References 7.2. Informative References
[I-D.ietf-oauth-pop-architecture] [I-D.ietf-oauth-pop-architecture]
Hunt, P., Richer, J., Mills, W., Mishra, P., and H. Hunt, P., Richer, J., Mills, W., Mishra, P., and H.
Tschofenig, "OAuth 2.0 Proof-of-Possession (PoP) Security Tschofenig, "OAuth 2.0 Proof-of-Possession (PoP) Security
Architecture", draft-ietf-oauth-pop-architecture-03 (work Architecture", draft-ietf-oauth-pop-architecture-05 (work
in progress), September 2015. in progress), October 2015.
[JWK.Thumbprint] [JWK.Thumbprint]
Jones, M. and N. Sakimura, "JSON Web Key (JWK) Jones, M. and N. Sakimura, "JSON Web Key (JWK)
Thumbprint", draft-ietf-jose-jwk-thumbprint (work in Thumbprint", RFC 7638, DOI 10.17487/RFC7638,
progress), July 2015, <http://tools.ietf.org/html/ September 2015, <http://www.rfc-editor.org/info/rfc7638>.
draft-ietf-jose-jwk-thumbprint-08>.
[OASIS.saml-core-2.0-os] [OASIS.saml-core-2.0-os]
Cantor, S., Kemp, J., Philpott, R., and E. Maler, Cantor, S., Kemp, J., Philpott, R., and E. Maler,
"Assertions and Protocol for the OASIS Security Assertion "Assertions and Protocol for the OASIS Security Assertion
Markup Language (SAML) V2.0", OASIS Standard saml-core- Markup Language (SAML) V2.0", OASIS Standard saml-core-
2.0-os, March 2005. 2.0-os, March 2005.
[OpenID.Core] [OpenID.Core]
Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and
C. Mortimore, "OpenID Connect Core 1.0", November 2014, C. Mortimore, "OpenID Connect Core 1.0", November 2014,
<http://openid.net/specs/openid-connect-core-1_0.html>. <http://openid.net/specs/openid-connect-core-1_0.html>.
Appendix A. Acknowledgements Appendix A. Acknowledgements
The authors wish to thank Brian Campbell, Kepeng Li, James Manger, The authors wish to thank Brian Campbell, Kepeng Li, James Manger,
Justin Richer, and Nat Sakimura for their reviews of the Kathleen Moriarty, Justin Richer, and Nat Sakimura for their reviews
specification. of the specification.
Appendix B. Document History Appendix B. Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-07
o Addressed review comments by Hannes Tschofenig, Kathleen Moriarty,
and Justin Richer. Changes were:
o Clarified that symmetric proof-of-possession keys can be generated
by either the presenter or the issuer.
o Clarified that confirmation members that are not understood must
be ignored unless otherwise specified by the application.
-06 -06
o Added diagrams to the introduction. o Added diagrams to the introduction.
-05 -05
o Addressed review comments by Kepeng Li. o Addressed review comments by Kepeng Li.
-04 -04
o Allowed the use of "jwk" for symmetric keys when the JWT is o Allowed the use of "jwk" for symmetric keys when the JWT is
encrypted. encrypted.
o Added the "jku" (JWK Set URL) member. o Added the "jku" (JWK Set URL) member.
o Added privacy considerations. o Added privacy considerations.
 End of changes. 29 change blocks. 
67 lines changed or deleted 82 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/