[Openid-specs-ab] Draft note to IETF

Justin Richer jricher at mitre.org
Mon Jun 17 14:09:12 UTC 2013


MITRE's implementation has been live on our public server for nearly a 
year now, and a number of other groups have used the MITREid Connect 
open source project in their own deployments.

  -- Justin

On 06/15/2013 02:53 AM, Torsten Lodderstedt wrote:
> Deutsche Telekom's implementation is available in production since 
> last Wednesday.
>
> Regards,
> Torsten.
>
> Am 13.06.2013 um 18:32 schrieb Brian Campbell 
> <bcampbell at pingidentity.com <mailto:bcampbell at pingidentity.com>>:
>
>> Also, FWIW, Ping Identity's initial OpenID Connect product support 
>> went from just "announced" to actually "generally available" yesterday.
>>
>> https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050
>>
>>
>> On Thu, Jun 13, 2013 at 10:26 AM, Nat Sakimura <sakimura at gmail.com 
>> <mailto:sakimura at gmail.com>> wrote:
>>
>>     Not Amazon yet. They are waiting for us. Paypal, yes.
>>
>>     =nat via iPhone
>>
>>     Jun 14, 2013 1:19?Mike Jones <Michael.Jones at microsoft.com
>>     <mailto:Michael.Jones at microsoft.com>> ??????:
>>
>>>     Yes. Updated below...
>>>
>>>     To: jose-chairs at tools.ietf.org
>>>     <mailto:jose-chairs at tools.ietf.org>; oauth-chairs at tools.ietf.org
>>>     <mailto:oauth-chairs at tools.ietf.org>
>>>
>>>     Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>>     draft-ietf-oauth-json-web-token at tools.ietf.org
>>>     <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>>     draft-ietf-jose-json-web-encryption at tools.ietf.org
>>>     <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>
>>>     Subject: Liaison statement from OpenID Foundation to IETF on JWT
>>>     and JOSE
>>>
>>>     I'm writing on behalf of the OpenID Connect Working Group, in
>>>     the OpenID Foundation.  We have been working for three years on
>>>     specifying this identity-federation protocol. Our specifications
>>>     have reached stability (what we call "Implementer's Drafts") and
>>>     we anticipate a final vote and approval in the coming months.
>>>      We're confident approval will be forthcoming since OpenID
>>>     Connect is already in production at Google and Amazon, a product
>>>     has been announced by Ping Identity, a JWT product has shipped
>>>     from Microsoft, and we expect numerous OpenID Connect and JWT
>>>     deployments in the coming months.
>>>
>>>     Our work is dependent on the JSON Web Token (JWT) and the JSON
>>>     Object Signing and Encryption (JOSE) specifications, products of
>>>     the IETF OAuth and JOSE working groups.  JWTs have been stable
>>>     for some time, and code to parse and validate them is widely
>>>     available in libraries for popular programming languages.
>>>      However, progress towards an RFC in JOSE seems slow, which is
>>>     holding up the JWT RFC in OAuth, and we do not have a clear
>>>     feeling when this work is likely to complete.  As chartered, the
>>>     JOSE documents were to have gone to working group last call a
>>>     year ago and this still has not happened.
>>>
>>>     Unfortunately, it's not practical for our membership to wait
>>>     indefinitely, and thus our most likely course of action will be
>>>     to take dependencies on draft-ietf-oauth-json-web-token-08 and
>>>     the -11 versions of the JOSE specifications or subsequent
>>>     versions that are compatible with them when the time comes to
>>>     publish our final specifications.  It would obviously be
>>>     preferable for the JWT and JOSE RFCs to be completed in a timely
>>>     fashion instead.
>>>
>>>     We bring this to your attention simply because if some other
>>>     organization were planning to lock in a dependency on one of our
>>>     earlier drafts, we'd like to hear about it.
>>>
>>>     -- Tim Bray for the OpenID Connect Working Group and the OpenID
>>>     Foundation
>>>
>>>     *From:*Brian Campbell [mailto:bcampbell at pingidentity.com]
>>>     *Sent:* Thursday, June 13, 2013 9:13 AM
>>>     *To:* Mike Jones
>>>     *Cc:* Tim Bray; <openid-specs-ab at lists.openid.net
>>>     <mailto:openid-specs-ab at lists.openid.net>>
>>>     *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>>     "were have gone" -> "were to have gone" ... ?
>>>
>>>     On Thu, Jun 13, 2013 at 9:30 AM, Mike Jones
>>>     <Michael.Jones at microsoft.com
>>>     <mailto:Michael.Jones at microsoft.com>> wrote:
>>>
>>>     Tim -- a slightly revised note follows.  The working group
>>>     agreed for you to circulate it privately to insiders for
>>>     feedback.  We also need to run this by the board before formally
>>>     sending it, since it's speaking on behalf of the foundation.  If
>>>     you can let us know what kinds of informal feedback you receive,
>>>     that would be great.
>>>
>>>     -- Mike
>>>
>>>     To: jose-chairs at tools.ietf.org
>>>     <mailto:jose-chairs at tools.ietf.org>; oauth-chairs at tools.ietf.org
>>>     <mailto:oauth-chairs at tools.ietf.org>
>>>
>>>     Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>>     draft-ietf-oauth-json-web-token at tools.ietf.org
>>>     <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>>     draft-ietf-jose-json-web-encryption at tools.ietf.org
>>>     <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>
>>>     Subject: Liaison statement from OpenID Foundation to IETF on JWT
>>>     and JOSE
>>>
>>>     I'm writing on behalf of the OpenID Connect Working Group, in
>>>     the OpenID Foundation.  We have been working for three years on
>>>     specifying this identity-federation protocol. Our specifications
>>>     have reached stability (what we call "Implementer's Drafts") and
>>>     we anticipate a final vote and approval in the coming months.
>>>      We're confident approval will be forthcoming since OpenID
>>>     Connect is already in production at Google, a product has been
>>>     announced by Ping Identity, a JWT product has shipped from
>>>     Microsoft, and we expect numerous OpenID Connect and JWT
>>>     deployments in the coming months.
>>>
>>>     Our work is dependent on the JSON Web Token (JWT) and the JSON
>>>     Object Signing and Encryption (JOSE) specifications, products of
>>>     the IETF OAuth and JOSE working groups.  JWTs have been stable
>>>     for some time, and code to parse and validate them is widely
>>>     available in libraries for popular programming languages.
>>>      However, progress towards an RFC in JOSE seems slow, which is
>>>     holding up the JWT RFC in OAuth, and we do not have a clear
>>>     feeling when this work is likely to complete.  As chartered, the
>>>     JOSE documents were have gone to working group last call a year
>>>     ago and this still has not happened.
>>>
>>>     Unfortunately, it's not practical for our membership to wait
>>>     indefinitely, and thus our most likely course of action will be
>>>     to take dependencies on draft-ietf-oauth-json-web-token-08 and
>>>     the -11 versions of the JOSE specifications or subsequent
>>>     versions that are compatible with them when the time comes to
>>>     publish our final specifications.  It would obviously be
>>>     preferable for the JWT and JOSE RFCs to be completed in a timely
>>>     fashion instead.
>>>
>>>     We bring this to your attention simply because if some other
>>>     organization were planning to lock in a dependency on one of our
>>>     earlier drafts, we'd like to hear about it.
>>>
>>>     -- Tim Bray for the OpenID Connect Working Group and the OpenID
>>>     Foundation
>>>
>>>     *From:*openid-specs-ab-bounces at lists.openid.net
>>>     <mailto:openid-specs-ab-bounces at lists.openid.net>
>>>     [mailto:openid-specs-ab-bounces at lists.openid.net
>>>     <mailto:openid-specs-ab-bounces at lists.openid.net>] *On Behalf Of
>>>     *Brian Campbell
>>>     *Sent:* Thursday, June 13, 2013 6:30 AM
>>>     *To:* Tim Bray
>>>     *Cc:* <openid-specs-ab at lists.openid.net
>>>     <mailto:openid-specs-ab at lists.openid.net>>
>>>     *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>>     While somewhat esoteric, it's probably important in this context
>>>     to be accurate about the various documents and the WGs that are
>>>     responsible for them.
>>>
>>>     Though JWT does depend heavily on JOSE work, it itself isn't a
>>>     JOSE WG item.  Rather it is a product of the OAUTH WGand, as
>>>     such, asking the JOSE WG to do anything with JWT doesn't make a
>>>     lot of sense.
>>>
>>>     The broader issue remains though and I support the Connect 
>>>     group providing some encouragement to the IETF towards
>>>     progressing the dependencies. But we probably need to
>>>     acknowledge that even within the IETF the document and WG
>>>     relationships are somewhat complicated by dependencies.
>>>
>>>     On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray <tbray at textuality.com
>>>     <mailto:tbray at textuality.com>> wrote:
>>>
>>>     This should go to the JOSE WG chair, the ADs for that area, and
>>>     the IESG
>>>
>>>     I'm writing on behalf of the OpenID Connect Working Group, in
>>>     the OpenID Foundation.  We have been working for
>>>     <insert-time-period> on specifying this identity-federation
>>>     protocol. Our specifications have reached stability (what we
>>>     call "implementor's draft") and we anticipate a final vote and
>>>     approval in the coming months.  We're confident approval will be
>>>     forthcoming since OIDC is already in production at Google,
>>>     <insert-other-deployments> and we expect deployments at
>>>     <insert-other-predictions>.
>>>
>>>     Our work is dependent on JWT, a product of the IETF "jose"
>>>     working group.  JWTs have been stable for some time, and code to
>>>     parse and validate them is widely available in libraries for
>>>     popular programming languages.  However, progress towards an RFC
>>>     in jose seems slow, and we do not have a feeling when this work
>>>     is likely to stabilize.
>>>
>>>     Unfortunately, it's not practical for our membership to wait,
>>>     and thus our most likely course of action will be to take a
>>>     dependency on draft-ietf-oauth-json-web-token-08 when the time
>>>     comes to publish our specification.
>>>
>>>     We bring this to your attention simply because if some other
>>>     organization were planning to lock in a dependency on one of our
>>>     earlier drafts, we'd like to hear about it.
>>>
>>>     [I'm going to unofficially run this by some of my IETF-insider
>>>     contacts, but thought I should sanity-check the content here first]
>>>
>>>
>>>     _______________________________________________
>>>     Openid-specs-ab mailing list
>>>     Openid-specs-ab at lists.openid.net
>>>     <mailto:Openid-specs-ab at lists.openid.net>
>>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>     _______________________________________________
>>>     Openid-specs-ab mailing list
>>>     Openid-specs-ab at lists.openid.net
>>>     <mailto:Openid-specs-ab at lists.openid.net>
>>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>     _______________________________________________
>>>     Openid-specs-ab mailing list
>>>     Openid-specs-ab at lists.openid.net
>>>     <mailto:Openid-specs-ab at lists.openid.net>
>>>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net 
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130617/e33e987e/attachment-0001.html>


More information about the Openid-specs-ab mailing list