[Openid-specs-ab] Fwd: Re: Draft note to IETF
Justin Richer
jricher at mitre.org
Mon Jun 17 16:06:17 UTC 2013
Forwarding Nat's response out to the wider list, as I believe that was
his intent.
-------- Original Message --------
Subject: Re: [Openid-specs-ab] Draft note to IETF
Date: Tue, 18 Jun 2013 00:04:36 +0900
From: Nat Sakimura <sakimura at gmail.com>
To: Justin Richer <jricher at mitre.org>
... and so is NRI; NRI has implemented OpenID Connect for several major
identity providers in Japan.
2013/6/17 Justin Richer <jricher at mitre.org <mailto:jricher at mitre.org>>
MITRE's implementation has been live on our public server for nearly
a year now, and a number of other groups have used the MITREid
Connect open source project in their own deployments.
-- Justin
On 06/15/2013 02:53 AM, Torsten Lodderstedt wrote:
> Deutsche Telekom's implementation is available in production since
> last Wednesday.
>
> Regards,
> Torsten.
>
> Am 13.06.2013 um 18:32 schrieb Brian Campbell
> <bcampbell at pingidentity.com <mailto:bcampbell at pingidentity.com>>:
>
>> Also, FWIW, Ping Identity's initial OpenID Connect product
>> support went from just "announced" to actually "generally
>> available" yesterday.
>>
>> https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050
>>
>>
>> On Thu, Jun 13, 2013 at 10:26 AM, Nat Sakimura
>> <sakimura at gmail.com <mailto:sakimura at gmail.com>> wrote:
>>
>> Not Amazon yet. They are waiting for us. Paypal, yes.
>>
>> =nat via iPhone
>>
>> Jun 14, 2013 1:19、Mike Jones <Michael.Jones at microsoft.com
>> <mailto:Michael.Jones at microsoft.com>> のメッセージ:
>>
>>> Yes. Updated below…
>>>
>>> To: jose-chairs at tools.ietf.org
>>> <mailto:jose-chairs at tools.ietf.org>;
>>> oauth-chairs at tools.ietf.org <mailto:oauth-chairs at tools.ietf.org>
>>>
>>> Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>> draft-ietf-oauth-json-web-token at tools.ietf.org
>>> <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>> draft-ietf-jose-json-web-encryption at tools.ietf.org
>>> <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>
>>> Subject: Liaison statement from OpenID Foundation to IETF on
>>> JWT and JOSE
>>>
>>> I’m writing on behalf of the OpenID Connect Working Group,
>>> in the OpenID Foundation. We have been working for three
>>> years on specifying this identity-federation protocol. Our
>>> specifications have reached stability (what we call
>>> “Implementer’s Drafts”) and we anticipate a final vote and
>>> approval in the coming months. We’re confident approval will
>>> be forthcoming since OpenID Connect is already in production
>>> at Google and Amazon, a product has been announced by Ping
>>> Identity, a JWT product has shipped from Microsoft, and we
>>> expect numerous OpenID Connect and JWT deployments in the
>>> coming months.
>>>
>>> Our work is dependent on the JSON Web Token (JWT) and the
>>> JSON Object Signing and Encryption (JOSE) specifications,
>>> products of the IETF OAuth and JOSE working groups. JWTs
>>> have been stable for some time, and code to parse and
>>> validate them is widely available in libraries for popular
>>> programming languages. However, progress towards an RFC in
>>> JOSE seems slow, which is holding up the JWT RFC in OAuth,
>>> and we do not have a clear feeling when this work is likely
>>> to complete. As chartered, the JOSE documents were to have
>>> gone to working group last call a year ago and this still
>>> has not happened.
>>>
>>> Unfortunately, it’s not practical for our membership to wait
>>> indefinitely, and thus our most likely course of action will
>>> be to take dependencies on
>>> draft-ietf-oauth-json-web-token-08 and the -11 versions of
>>> the JOSE specifications or subsequent versions that are
>>> compatible with them when the time comes to publish our
>>> final specifications. It would obviously be preferable for
>>> the JWT and JOSE RFCs to be completed in a timely fashion
>>> instead.
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of
>>> our earlier drafts, we’d like to hear about it.
>>>
>>> -- Tim Bray for the OpenID Connect Working Group and the
>>> OpenID Foundation
>>>
>>> *From:*Brian Campbell [mailto:bcampbell at pingidentity.com]
>>> *Sent:* Thursday, June 13, 2013 9:13 AM
>>> *To:* Mike Jones
>>> *Cc:* Tim Bray; <openid-specs-ab at lists.openid.net
>>> <mailto:openid-specs-ab at lists.openid.net>>
>>> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>> "were have gone" -> "were to have gone" ... ?
>>>
>>> On Thu, Jun 13, 2013 at 9:30 AM, Mike Jones
>>> <Michael.Jones at microsoft.com
>>> <mailto:Michael.Jones at microsoft.com>> wrote:
>>>
>>> Tim -- a slightly revised note follows. The working group
>>> agreed for you to circulate it privately to insiders for
>>> feedback. We also need to run this by the board before
>>> formally sending it, since it’s speaking on behalf of the
>>> foundation. If you can let us know what kinds of informal
>>> feedback you receive, that would be great.
>>>
>>> -- Mike
>>>
>>> To: jose-chairs at tools.ietf.org
>>> <mailto:jose-chairs at tools.ietf.org>;
>>> oauth-chairs at tools.ietf.org <mailto:oauth-chairs at tools.ietf.org>
>>>
>>> Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>> draft-ietf-oauth-json-web-token at tools.ietf.org
>>> <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>> draft-ietf-jose-json-web-encryption at tools.ietf.org
>>> <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>
>>> Subject: Liaison statement from OpenID Foundation to IETF on
>>> JWT and JOSE
>>>
>>> I’m writing on behalf of the OpenID Connect Working Group,
>>> in the OpenID Foundation. We have been working for three
>>> years on specifying this identity-federation protocol. Our
>>> specifications have reached stability (what we call
>>> “Implementer’s Drafts”) and we anticipate a final vote and
>>> approval in the coming months. We’re confident approval will
>>> be forthcoming since OpenID Connect is already in production
>>> at Google, a product has been announced by Ping Identity, a
>>> JWT product has shipped from Microsoft, and we expect
>>> numerous OpenID Connect and JWT deployments in the coming
>>> months.
>>>
>>> Our work is dependent on the JSON Web Token (JWT) and the
>>> JSON Object Signing and Encryption (JOSE) specifications,
>>> products of the IETF OAuth and JOSE working groups. JWTs
>>> have been stable for some time, and code to parse and
>>> validate them is widely available in libraries for popular
>>> programming languages. However, progress towards an RFC in
>>> JOSE seems slow, which is holding up the JWT RFC in OAuth,
>>> and we do not have a clear feeling when this work is likely
>>> to complete. As chartered, the JOSE documents were have gone
>>> to working group last call a year ago and this still has not
>>> happened.
>>>
>>> Unfortunately, it’s not practical for our membership to wait
>>> indefinitely, and thus our most likely course of action will
>>> be to take dependencies on
>>> draft-ietf-oauth-json-web-token-08 and the -11 versions of
>>> the JOSE specifications or subsequent versions that are
>>> compatible with them when the time comes to publish our
>>> final specifications. It would obviously be preferable for
>>> the JWT and JOSE RFCs to be completed in a timely fashion
>>> instead.
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of
>>> our earlier drafts, we’d like to hear about it.
>>>
>>> -- Tim Bray for the OpenID Connect Working Group and the
>>> OpenID Foundation
>>>
>>> *From:*openid-specs-ab-bounces at lists.openid.net
>>> <mailto:openid-specs-ab-bounces at lists.openid.net>
>>> [mailto:openid-specs-ab-bounces at lists.openid.net
>>> <mailto:openid-specs-ab-bounces at lists.openid.net>] *On
>>> Behalf Of *Brian Campbell
>>> *Sent:* Thursday, June 13, 2013 6:30 AM
>>> *To:* Tim Bray
>>> *Cc:* <openid-specs-ab at lists.openid.net
>>> <mailto:openid-specs-ab at lists.openid.net>>
>>> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>> While somewhat esoteric, it's probably important in this
>>> context to be accurate about the various documents and the
>>> WGs that are responsible for them.
>>>
>>> Though JWT does depend heavily on JOSE work, it itself isn't
>>> a JOSE WG item. Rather it is a product of the OAUTH WGand,
>>> as such, asking the JOSE WG to do anything with JWT doesn't
>>> make a lot of sense.
>>>
>>> The broader issue remains though and I support the Connect
>>> group providing some encouragement to the IETF towards
>>> progressing the dependencies. But we probably need to
>>> acknowledge that even within the IETF the document and WG
>>> relationships are somewhat complicated by dependencies.
>>>
>>> On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray
>>> <tbray at textuality.com <mailto:tbray at textuality.com>> wrote:
>>>
>>> This should go to the JOSE WG chair, the ADs for that area,
>>> and the IESG
>>>
>>> I’m writing on behalf of the OpenID Connect Working Group,
>>> in the OpenID Foundation. We have been working for
>>> <insert-time-period> on specifying this identity-federation
>>> protocol. Our specifications have reached stability (what we
>>> call “implementor’s draft”) and we anticipate a final vote
>>> and approval in the coming months. We’re confident approval
>>> will be forthcoming since OIDC is already in production at
>>> Google, <insert-other-deployments> and we expect deployments
>>> at <insert-other-predictions>.
>>>
>>> Our work is dependent on JWT, a product of the IETF “jose”
>>> working group. JWTs have been stable for some time, and code
>>> to parse and validate them is widely available in libraries
>>> for popular programming languages. However, progress towards
>>> an RFC in jose seems slow, and we do not have a feeling when
>>> this work is likely to stabilize.
>>>
>>> Unfortunately, it’s not practical for our membership to
>>> wait, and thus our most likely course of action will be to
>>> take a dependency on draft-ietf-oauth-json-web-token-08 when
>>> the time comes to publish our specification.
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of
>>> our earlier drafts, we’d like to hear about it.
>>>
>>> [I’m going to unofficially run this by some of my
>>> IETF-insider contacts, but thought I should sanity-check the
>>> content here first]
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
<mailto:Openid-specs-ab at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-ab
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130617/a48d3b16/attachment.html>
More information about the Openid-specs-ab
mailing list