[Openid-specs-ab] Draft note to IETF

Michael Schwartz mike at gluu.org
Fri Jun 14 14:52:06 UTC 2013 

OpenID WG,

Regarding the IETF note, could we add a note about Gluu's deployment of OX 
to enable Toshiba Cloud TV service. See press release:
    http://www.gluu.co/.fwre

My edit below adds:

"Gluu's open source OX platform is being used to deliver authentication 
for Toshiba Cloud TV service in Japan"

thx!!!

Mike


--------------------------------------------------------------------------------------

Michael Schwartz
Gluu
Founder, CEO




-----------------------------------------

To: jose-chairs at tools.ietf.org; oauth-chairs at tools.ietf.org

Cc: iesg at ietf.org; draft-ietf-oauth-json-web-token at tools.ietf.org;
draft-ietf-jose-json-web-encryption at tools.ietf.org

Subject: Liaison statement from OpenID Foundation to IETF on JWT and JOSE



Im writing on behalf of the OpenID Connect Working Group, in the OpenID
Foundation.  We have been working for three years on specifying this
identity-federation protocol. Our specifications have reached stability
(what we call Implementers Drafts) and we anticipate a final vote and
approval in the coming months.  Were confident approval will be
forthcoming since OpenID Connect is already in production at Google and
Amazon, a product has been announced by Ping Identity, a JWT product has
shipped from Microsoft, Gluu's open source OX platform is being used to 
deliver authentication for Toshiba Cloud TV service in Japan, and we 
expect numerous OpenID Connect and JWT deployments in the coming months.



Our work is dependent on the JSON Web Token (JWT) and the JSON Object
Signing and Encryption (JOSE) specifications, products of the IETF OAuth
and JOSE working groups.  JWTs have been stable for some time, and code to
parse and validate them is widely available in libraries for popular
programming languages.  However, progress towards an RFC in JOSE seems
slow, which is holding up the JWT RFC in OAuth, and we do not have a clear
feeling when this work is likely to complete.  As chartered, the JOSE
documents were to have gone to working group last call a year ago and this
still has not happened.



Unfortunately, its not practical for our membership to wait indefinitely,
and thus our most likely course of action will be to take dependencies
on draft-ietf-oauth-json-web-token-08 and the -11 versions of the JOSE
specifications or subsequent versions that are compatible with them when
the time comes to publish our final specifications.  It would obviously be
preferable for the JWT and JOSE RFCs to be completed in a timely fashion
instead.



We bring this to your attention simply because if some other organization
were planning to lock in a dependency on one of our earlier drafts, wed
like to hear about it.



-- Tim Bray for the OpenID Connect Working Group and the OpenID Foundation

More information about the Openid-specs-ab mailing list