[Openid-specs-ab] Draft note to IETF

Brian Campbell bcampbell at pingidentity.com
Thu Jun 13 16:32:11 UTC 2013 

Also, FWIW, Ping Identity's initial OpenID Connect product support went
from just "announced" to actually "generally available" yesterday.

https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050


On Thu, Jun 13, 2013 at 10:26 AM, Nat Sakimura <sakimura at gmail.com> wrote:

> Not Amazon yet. They are waiting for us. Paypal, yes.
>
> =nat via iPhone
>
> Jun 14, 2013 1:19¡¢Mike Jones <Michael.Jones at microsoft.com> ¤Î¥á¥Ã¥»©`¥¸:
>
>  Yes.  Updated below¡­
>
>
>
> To: jose-chairs at tools.ietf.org; oauth-chairs at tools.ietf.org
>
> Cc: iesg at ietf.org; draft-ietf-oauth-json-web-token at tools.ietf.org;
> draft-ietf-jose-json-web-encryption at tools.ietf.org
>
> Subject: Liaison statement from OpenID Foundation to IETF on JWT and JOSE
>
>
>
> I¡¯m writing on behalf of the OpenID Connect Working Group, in the OpenID
> Foundation.  We have been working for three years on specifying this
> identity-federation protocol. Our specifications have reached stability
> (what we call ¡°Implementer¡¯s Drafts¡±) and we anticipate a final vote and
> approval in the coming months.  We¡¯re confident approval will be
> forthcoming since OpenID Connect is already in production at Google and
> Amazon, a product has been announced by Ping Identity, a JWT product has
> shipped from Microsoft, and we expect numerous OpenID Connect and JWT
> deployments in the coming months.
>
>
>
> Our work is dependent on the JSON Web Token (JWT) and the JSON Object
> Signing and Encryption (JOSE) specifications, products of the IETF OAuth
> and JOSE working groups.  JWTs have been stable for some time, and code to
> parse and validate them is widely available in libraries for popular
> programming languages.  However, progress towards an RFC in JOSE seems
> slow, which is holding up the JWT RFC in OAuth, and we do not have a clear
> feeling when this work is likely to complete.  As chartered, the JOSE
> documents were to have gone to working group last call a year ago and this
> still has not happened.
>
>
>
> Unfortunately, it¡¯s not practical for our membership to wait indefinitely,
> and thus our most likely course of action will be to take dependencies
> on draft-ietf-oauth-json-web-token-08 and the -11 versions of the JOSE
> specifications or subsequent versions that are compatible with them when
> the time comes to publish our final specifications.  It would obviously be
> preferable for the JWT and JOSE RFCs to be completed in a timely fashion
> instead.
>
>
>
> We bring this to your attention simply because if some other organization
> were planning to lock in a dependency on one of our earlier drafts, we¡¯d
> like to hear about it.
>
>
>
> -- Tim Bray for the OpenID Connect Working Group and the OpenID Foundation
>
>
>
> *From:* Brian Campbell [mailto:bcampbell at pingidentity.com<bcampbell at pingidentity.com>]
>
> *Sent:* Thursday, June 13, 2013 9:13 AM
> *To:* Mike Jones
> *Cc:* Tim Bray; <openid-specs-ab at lists.openid.net>
> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>
>
>
> "were have gone" -> "were to have gone" ... ?
>
>
>
> On Thu, Jun 13, 2013 at 9:30 AM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>
> Tim ¨C a slightly revised note follows.  The working group agreed for you
> to circulate it privately to insiders for feedback.  We also need to run
> this by the board before formally sending it, since it¡¯s speaking on behalf
> of the foundation.  If you can let us know what kinds of informal feedback
> you receive, that would be great.
>
>
>
>                                                             -- Mike
>
>
>
> To: jose-chairs at tools.ietf.org; oauth-chairs at tools.ietf.org
>
> Cc: iesg at ietf.org; draft-ietf-oauth-json-web-token at tools.ietf.org;
> draft-ietf-jose-json-web-encryption at tools.ietf.org
>
> Subject: Liaison statement from OpenID Foundation to IETF on JWT and JOSE
>
>
>
> I¡¯m writing on behalf of the OpenID Connect Working Group, in the OpenID
> Foundation.  We have been working for three years on specifying this
> identity-federation protocol. Our specifications have reached stability
> (what we call ¡°Implementer¡¯s Drafts¡±) and we anticipate a final vote and
> approval in the coming months.  We¡¯re confident approval will be
> forthcoming since OpenID Connect is already in production at Google, a
> product has been announced by Ping Identity, a JWT product has shipped from
> Microsoft, and we expect numerous OpenID Connect and JWT deployments in the
> coming months.
>
>
>
> Our work is dependent on the JSON Web Token (JWT) and the JSON Object
> Signing and Encryption (JOSE) specifications, products of the IETF OAuth
> and JOSE working groups.  JWTs have been stable for some time, and code to
> parse and validate them is widely available in libraries for popular
> programming languages.  However, progress towards an RFC in JOSE seems
> slow, which is holding up the JWT RFC in OAuth, and we do not have a clear
> feeling when this work is likely to complete.  As chartered, the JOSE
> documents were have gone to working group last call a year ago and this
> still has not happened.
>
>
>
> Unfortunately, it¡¯s not practical for our membership to wait indefinitely,
> and thus our most likely course of action will be to take dependencies
> on draft-ietf-oauth-json-web-token-08 and the -11 versions of the JOSE
> specifications or subsequent versions that are compatible with them when
> the time comes to publish our final specifications.  It would obviously be
> preferable for the JWT and JOSE RFCs to be completed in a timely fashion
> instead.
>
>
>
> We bring this to your attention simply because if some other organization
> were planning to lock in a dependency on one of our earlier drafts, we¡¯d
> like to hear about it.
>
>
>
> -- Tim Bray for the OpenID Connect Working Group and the OpenID Foundation
>
>
>
> *From:* openid-specs-ab-bounces at lists.openid.net [mailto:
> openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Brian Campbell
> *Sent:* Thursday, June 13, 2013 6:30 AM
> *To:* Tim Bray
> *Cc:* <openid-specs-ab at lists.openid.net>
> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>
>
>
> While somewhat esoteric, it's probably important in this context to be
> accurate about the various documents and the WGs that are responsible for
> them.
>
> Though JWT does depend heavily on JOSE work, it itself isn't a JOSE WG
> item.  Rather it is a product of the OAUTH WG and, as such, asking the
> JOSE WG to do anything with JWT doesn't make a lot of sense.
>
> The broader issue remains though and I support the Connect  group
> providing some encouragement to the IETF towards progressing the
> dependencies. But we probably need to acknowledge that even within the IETF
> the document and WG relationships are somewhat complicated by dependencies.
>
>
>
>
>
> On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray <tbray at textuality.com> wrote:
>
> This should go to the JOSE WG chair, the ADs for that area, and the IESG
>
>
>
> I¡¯m writing on behalf of the OpenID Connect Working Group, in the OpenID
> Foundation.  We have been working for <insert-time-period> on specifying
> this identity-federation protocol. Our specifications have reached
> stability (what we call ¡°implementor¡¯s draft¡±) and we anticipate a final
> vote and approval in the coming months.  We¡¯re confident approval will be
> forthcoming since OIDC is already in production at Google,
> <insert-other-deployments> and we expect deployments at
> <insert-other-predictions>.
>
>
>
> Our work is dependent on JWT, a product of the IETF ¡°jose¡± working group.
>  JWTs have been stable for some time, and code to parse and validate them
> is widely available in libraries for popular programming languages.
>  However, progress towards an RFC in jose seems slow, and we do not have a
> feeling when this work is likely to stabilize.
>
>
>
> Unfortunately, it¡¯s not practical for our membership to wait, and thus our
> most likely course of action will be to take a dependency
> on draft-ietf-oauth-json-web-token-08 when the time comes to publish our
> specification.
>
>
>
> We bring this to your attention simply because if some other organization
> were planning to lock in a dependency on one of our earlier drafts, we¡¯d
> like to hear about it.
>
>
>
> [I¡¯m going to unofficially run this by some of my IETF-insider contacts,
> but thought I should sanity-check the content here first]
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130613/cf29d74f/attachment.html>

More information about the Openid-specs-ab mailing list