[Openid-specs-ab] Draft note to IETF
Justin Richer
jricher at mitre.org
Mon Jun 17 14:09:12 UTC 2013
MITRE's implementation has been live on our public server for nearly a
year now, and a number of other groups have used the MITREid Connect
open source project in their own deployments.
-- Justin
On 06/15/2013 02:53 AM, Torsten Lodderstedt wrote:
> Deutsche Telekom's implementation is available in production since
> last Wednesday.
>
> Regards,
> Torsten.
>
> Am 13.06.2013 um 18:32 schrieb Brian Campbell
> <bcampbell at pingidentity.com <mailto:bcampbell at pingidentity.com>>:
>
>> Also, FWIW, Ping Identity's initial OpenID Connect product support
>> went from just "announced" to actually "generally available" yesterday.
>>
>> https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050
>>
>>
>> On Thu, Jun 13, 2013 at 10:26 AM, Nat Sakimura <sakimura at gmail.com
>> <mailto:sakimura at gmail.com>> wrote:
>>
>> Not Amazon yet. They are waiting for us. Paypal, yes.
>>
>> =nat via iPhone
>>
>> Jun 14, 2013 1:19?Mike Jones <Michael.Jones at microsoft.com
>> <mailto:Michael.Jones at microsoft.com>> ??????:
>>
>>> Yes. Updated below...
>>>
>>> To: jose-chairs at tools.ietf.org
>>> <mailto:jose-chairs at tools.ietf.org>; oauth-chairs at tools.ietf.org
>>> <mailto:oauth-chairs at tools.ietf.org>
>>>
>>> Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>> draft-ietf-oauth-json-web-token at tools.ietf.org
>>> <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>> draft-ietf-jose-json-web-encryption at tools.ietf.org
>>> <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>
>>> Subject: Liaison statement from OpenID Foundation to IETF on JWT
>>> and JOSE
>>>
>>> I'm writing on behalf of the OpenID Connect Working Group, in
>>> the OpenID Foundation. We have been working for three years on
>>> specifying this identity-federation protocol. Our specifications
>>> have reached stability (what we call "Implementer's Drafts") and
>>> we anticipate a final vote and approval in the coming months.
>>> We're confident approval will be forthcoming since OpenID
>>> Connect is already in production at Google and Amazon, a product
>>> has been announced by Ping Identity, a JWT product has shipped
>>> from Microsoft, and we expect numerous OpenID Connect and JWT
>>> deployments in the coming months.
>>>
>>> Our work is dependent on the JSON Web Token (JWT) and the JSON
>>> Object Signing and Encryption (JOSE) specifications, products of
>>> the IETF OAuth and JOSE working groups. JWTs have been stable
>>> for some time, and code to parse and validate them is widely
>>> available in libraries for popular programming languages.
>>> However, progress towards an RFC in JOSE seems slow, which is
>>> holding up the JWT RFC in OAuth, and we do not have a clear
>>> feeling when this work is likely to complete. As chartered, the
>>> JOSE documents were to have gone to working group last call a
>>> year ago and this still has not happened.
>>>
>>> Unfortunately, it's not practical for our membership to wait
>>> indefinitely, and thus our most likely course of action will be
>>> to take dependencies on draft-ietf-oauth-json-web-token-08 and
>>> the -11 versions of the JOSE specifications or subsequent
>>> versions that are compatible with them when the time comes to
>>> publish our final specifications. It would obviously be
>>> preferable for the JWT and JOSE RFCs to be completed in a timely
>>> fashion instead.
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of our
>>> earlier drafts, we'd like to hear about it.
>>>
>>> -- Tim Bray for the OpenID Connect Working Group and the OpenID
>>> Foundation
>>>
>>> *From:*Brian Campbell [mailto:bcampbell at pingidentity.com]
>>> *Sent:* Thursday, June 13, 2013 9:13 AM
>>> *To:* Mike Jones
>>> *Cc:* Tim Bray; <openid-specs-ab at lists.openid.net
>>> <mailto:openid-specs-ab at lists.openid.net>>
>>> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>> "were have gone" -> "were to have gone" ... ?
>>>
>>> On Thu, Jun 13, 2013 at 9:30 AM, Mike Jones
>>> <Michael.Jones at microsoft.com
>>> <mailto:Michael.Jones at microsoft.com>> wrote:
>>>
>>> Tim -- a slightly revised note follows. The working group
>>> agreed for you to circulate it privately to insiders for
>>> feedback. We also need to run this by the board before formally
>>> sending it, since it's speaking on behalf of the foundation. If
>>> you can let us know what kinds of informal feedback you receive,
>>> that would be great.
>>>
>>> -- Mike
>>>
>>> To: jose-chairs at tools.ietf.org
>>> <mailto:jose-chairs at tools.ietf.org>; oauth-chairs at tools.ietf.org
>>> <mailto:oauth-chairs at tools.ietf.org>
>>>
>>> Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>> draft-ietf-oauth-json-web-token at tools.ietf.org
>>> <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>> draft-ietf-jose-json-web-encryption at tools.ietf.org
>>> <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>
>>> Subject: Liaison statement from OpenID Foundation to IETF on JWT
>>> and JOSE
>>>
>>> I'm writing on behalf of the OpenID Connect Working Group, in
>>> the OpenID Foundation. We have been working for three years on
>>> specifying this identity-federation protocol. Our specifications
>>> have reached stability (what we call "Implementer's Drafts") and
>>> we anticipate a final vote and approval in the coming months.
>>> We're confident approval will be forthcoming since OpenID
>>> Connect is already in production at Google, a product has been
>>> announced by Ping Identity, a JWT product has shipped from
>>> Microsoft, and we expect numerous OpenID Connect and JWT
>>> deployments in the coming months.
>>>
>>> Our work is dependent on the JSON Web Token (JWT) and the JSON
>>> Object Signing and Encryption (JOSE) specifications, products of
>>> the IETF OAuth and JOSE working groups. JWTs have been stable
>>> for some time, and code to parse and validate them is widely
>>> available in libraries for popular programming languages.
>>> However, progress towards an RFC in JOSE seems slow, which is
>>> holding up the JWT RFC in OAuth, and we do not have a clear
>>> feeling when this work is likely to complete. As chartered, the
>>> JOSE documents were have gone to working group last call a year
>>> ago and this still has not happened.
>>>
>>> Unfortunately, it's not practical for our membership to wait
>>> indefinitely, and thus our most likely course of action will be
>>> to take dependencies on draft-ietf-oauth-json-web-token-08 and
>>> the -11 versions of the JOSE specifications or subsequent
>>> versions that are compatible with them when the time comes to
>>> publish our final specifications. It would obviously be
>>> preferable for the JWT and JOSE RFCs to be completed in a timely
>>> fashion instead.
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of our
>>> earlier drafts, we'd like to hear about it.
>>>
>>> -- Tim Bray for the OpenID Connect Working Group and the OpenID
>>> Foundation
>>>
>>> *From:*openid-specs-ab-bounces at lists.openid.net
>>> <mailto:openid-specs-ab-bounces at lists.openid.net>
>>> [mailto:openid-specs-ab-bounces at lists.openid.net
>>> <mailto:openid-specs-ab-bounces at lists.openid.net>] *On Behalf Of
>>> *Brian Campbell
>>> *Sent:* Thursday, June 13, 2013 6:30 AM
>>> *To:* Tim Bray
>>> *Cc:* <openid-specs-ab at lists.openid.net
>>> <mailto:openid-specs-ab at lists.openid.net>>
>>> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>> While somewhat esoteric, it's probably important in this context
>>> to be accurate about the various documents and the WGs that are
>>> responsible for them.
>>>
>>> Though JWT does depend heavily on JOSE work, it itself isn't a
>>> JOSE WG item. Rather it is a product of the OAUTH WGand, as
>>> such, asking the JOSE WG to do anything with JWT doesn't make a
>>> lot of sense.
>>>
>>> The broader issue remains though and I support the Connect
>>> group providing some encouragement to the IETF towards
>>> progressing the dependencies. But we probably need to
>>> acknowledge that even within the IETF the document and WG
>>> relationships are somewhat complicated by dependencies.
>>>
>>> On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray <tbray at textuality.com
>>> <mailto:tbray at textuality.com>> wrote:
>>>
>>> This should go to the JOSE WG chair, the ADs for that area, and
>>> the IESG
>>>
>>> I'm writing on behalf of the OpenID Connect Working Group, in
>>> the OpenID Foundation. We have been working for
>>> <insert-time-period> on specifying this identity-federation
>>> protocol. Our specifications have reached stability (what we
>>> call "implementor's draft") and we anticipate a final vote and
>>> approval in the coming months. We're confident approval will be
>>> forthcoming since OIDC is already in production at Google,
>>> <insert-other-deployments> and we expect deployments at
>>> <insert-other-predictions>.
>>>
>>> Our work is dependent on JWT, a product of the IETF "jose"
>>> working group. JWTs have been stable for some time, and code to
>>> parse and validate them is widely available in libraries for
>>> popular programming languages. However, progress towards an RFC
>>> in jose seems slow, and we do not have a feeling when this work
>>> is likely to stabilize.
>>>
>>> Unfortunately, it's not practical for our membership to wait,
>>> and thus our most likely course of action will be to take a
>>> dependency on draft-ietf-oauth-json-web-token-08 when the time
>>> comes to publish our specification.
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of our
>>> earlier drafts, we'd like to hear about it.
>>>
>>> [I'm going to unofficially run this by some of my IETF-insider
>>> contacts, but thought I should sanity-check the content here first]
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130617/e33e987e/attachment.html>
More information about the Openid-specs-ab
mailing list