[Openid-specs-ab] Fwd: Re: Draft note to IETF

Nat Sakimura sakimura at gmail.com
Mon Jun 17 23:10:42 UTC 2013


Thanks Justing. Yes, that was the idea :-)


2013/6/18 Justin Richer <jricher at mitre.org>

>  Forwarding Nat's response out to the wider list, as I believe that was
> his intent.
>
>
> -------- Original Message --------  Subject: Re: [Openid-specs-ab] Draft
> note to IETF  Date: Tue, 18 Jun 2013 00:04:36 +0900  From: Nat Sakimura
> <sakimura at gmail.com> <sakimura at gmail.com>  To: Justin Richer
> <jricher at mitre.org> <jricher at mitre.org>
>
>
> ... and so is NRI; NRI has implemented OpenID Connect for several major
> identity providers in Japan.
>
>
> 2013/6/17 Justin Richer <jricher at mitre.org>
>
>>  MITRE's implementation has been live on our public server for nearly a
>> year now, and a number of other groups have used the MITREid Connect open
>> source project in their own deployments.
>>
>>  -- Justin
>>
>>
>> On 06/15/2013 02:53 AM, Torsten Lodderstedt wrote:
>>
>> Deutsche Telekom's implementation is available in production since last
>> Wednesday.
>>
>>  Regards,
>> Torsten.
>>
>> Am 13.06.2013 um 18:32 schrieb Brian Campbell <bcampbell at pingidentity.com
>> >:
>>
>>   Also, FWIW, Ping Identity's initial OpenID Connect product support
>> went from just "announced" to actually "generally available" yesterday.
>>
>>
>> https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050
>>
>>
>> On Thu, Jun 13, 2013 at 10:26 AM, Nat Sakimura <sakimura at gmail.com>wrote:
>>
>>>  Not Amazon yet. They are waiting for us. Paypal, yes.
>>>
>>> =nat via iPhone
>>>
>>> Jun 14, 2013 1:19、Mike Jones <Michael.Jones at microsoft.com> のメッセージ:
>>>
>>>    Yes.  Updated below…
>>>
>>>
>>>
>>> To: jose-chairs at tools.ietf.org; oauth-chairs at tools.ietf.org
>>>
>>> Cc: iesg at ietf.org; draft-ietf-oauth-json-web-token at tools.ietf.org;
>>> draft-ietf-jose-json-web-encryption at tools.ietf.org
>>>
>>> Subject: Liaison statement from OpenID Foundation to IETF on JWT and JOSE
>>>
>>>
>>>
>>> I’m writing on behalf of the OpenID Connect Working Group, in the OpenID
>>> Foundation.  We have been working for three years on specifying this
>>> identity-federation protocol. Our specifications have reached stability
>>> (what we call “Implementer’s Drafts”) and we anticipate a final vote and
>>> approval in the coming months.  We’re confident approval will be
>>> forthcoming since OpenID Connect is already in production at Google and
>>> Amazon, a product has been announced by Ping Identity, a JWT product has
>>> shipped from Microsoft, and we expect numerous OpenID Connect and JWT
>>> deployments in the coming months.
>>>
>>>
>>>
>>> Our work is dependent on the JSON Web Token (JWT) and the JSON Object
>>> Signing and Encryption (JOSE) specifications, products of the IETF OAuth
>>> and JOSE working groups.  JWTs have been stable for some time, and code to
>>> parse and validate them is widely available in libraries for popular
>>> programming languages.  However, progress towards an RFC in JOSE seems
>>> slow, which is holding up the JWT RFC in OAuth, and we do not have a clear
>>> feeling when this work is likely to complete.  As chartered, the JOSE
>>> documents were to have gone to working group last call a year ago and this
>>> still has not happened.
>>>
>>>
>>>
>>> Unfortunately, it’s not practical for our membership to wait
>>> indefinitely, and thus our most likely course of action will be to take
>>> dependencies on draft-ietf-oauth-json-web-token-08 and the -11 versions of
>>> the JOSE specifications or subsequent versions that are compatible with
>>> them when the time comes to publish our final specifications.  It would
>>> obviously be preferable for the JWT and JOSE RFCs to be completed in a
>>> timely fashion instead.
>>>
>>>
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of our earlier
>>> drafts, we’d like to hear about it.
>>>
>>>
>>>
>>> -- Tim Bray for the OpenID Connect Working Group and the OpenID
>>> Foundation
>>>
>>>
>>>
>>> *From:* Brian Campbell [mailto:bcampbell at pingidentity.com<bcampbell at pingidentity.com>]
>>>
>>> *Sent:* Thursday, June 13, 2013 9:13 AM
>>> *To:* Mike Jones
>>> *Cc:* Tim Bray; <openid-specs-ab at lists.openid.net>
>>> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>>
>>>
>>> "were have gone" -> "were to have gone" ... ?
>>>
>>>
>>>
>>> On Thu, Jun 13, 2013 at 9:30 AM, Mike Jones <Michael.Jones at microsoft.com>
>>> wrote:
>>>
>>> Tim - a slightly revised note follows.  The working group agreed for you
>>> to circulate it privately to insiders for feedback.  We also need to run
>>> this by the board before formally sending it, since it’s speaking on behalf
>>> of the foundation.  If you can let us know what kinds of informal feedback
>>> you receive, that would be great.
>>>
>>>
>>>
>>>                                                             -- Mike
>>>
>>>
>>>
>>> To: jose-chairs at tools.ietf.org; oauth-chairs at tools.ietf.org
>>>
>>> Cc: iesg at ietf.org; draft-ietf-oauth-json-web-token at tools.ietf.org;
>>> draft-ietf-jose-json-web-encryption at tools.ietf.org
>>>
>>> Subject: Liaison statement from OpenID Foundation to IETF on JWT and JOSE
>>>
>>>
>>>
>>> I’m writing on behalf of the OpenID Connect Working Group, in the OpenID
>>> Foundation.  We have been working for three years on specifying this
>>> identity-federation protocol. Our specifications have reached stability
>>> (what we call “Implementer’s Drafts”) and we anticipate a final vote and
>>> approval in the coming months.  We’re confident approval will be
>>> forthcoming since OpenID Connect is already in production at Google, a
>>> product has been announced by Ping Identity, a JWT product has shipped from
>>> Microsoft, and we expect numerous OpenID Connect and JWT deployments in the
>>> coming months.
>>>
>>>
>>>
>>> Our work is dependent on the JSON Web Token (JWT) and the JSON Object
>>> Signing and Encryption (JOSE) specifications, products of the IETF OAuth
>>> and JOSE working groups.  JWTs have been stable for some time, and code to
>>> parse and validate them is widely available in libraries for popular
>>> programming languages.  However, progress towards an RFC in JOSE seems
>>> slow, which is holding up the JWT RFC in OAuth, and we do not have a clear
>>> feeling when this work is likely to complete.  As chartered, the JOSE
>>> documents were have gone to working group last call a year ago and this
>>> still has not happened.
>>>
>>>
>>>
>>> Unfortunately, it’s not practical for our membership to wait
>>> indefinitely, and thus our most likely course of action will be to take
>>> dependencies on draft-ietf-oauth-json-web-token-08 and the -11 versions of
>>> the JOSE specifications or subsequent versions that are compatible with
>>> them when the time comes to publish our final specifications.  It would
>>> obviously be preferable for the JWT and JOSE RFCs to be completed in a
>>> timely fashion instead.
>>>
>>>
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of our earlier
>>> drafts, we’d like to hear about it.
>>>
>>>
>>>
>>> -- Tim Bray for the OpenID Connect Working Group and the OpenID
>>> Foundation
>>>
>>>
>>>
>>> *From:* openid-specs-ab-bounces at lists.openid.net [mailto:
>>> openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Brian Campbell
>>> *Sent:* Thursday, June 13, 2013 6:30 AM
>>> *To:* Tim Bray
>>> *Cc:* <openid-specs-ab at lists.openid.net>
>>> *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>
>>>
>>>
>>> While somewhat esoteric, it's probably important in this context to be
>>> accurate about the various documents and the WGs that are responsible for
>>> them.
>>>
>>> Though JWT does depend heavily on JOSE work, it itself isn't a JOSE WG
>>> item.  Rather it is a product of the OAUTH WG and, as such, asking the
>>> JOSE WG to do anything with JWT doesn't make a lot of sense.
>>>
>>> The broader issue remains though and I support the Connect  group
>>> providing some encouragement to the IETF towards progressing the
>>> dependencies. But we probably need to acknowledge that even within the IETF
>>> the document and WG relationships are somewhat complicated by dependencies.
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray <tbray at textuality.com> wrote:
>>>
>>> This should go to the JOSE WG chair, the ADs for that area, and the IESG
>>>
>>>
>>>
>>> I’m writing on behalf of the OpenID Connect Working Group, in the OpenID
>>> Foundation.  We have been working for <insert-time-period> on specifying
>>> this identity-federation protocol. Our specifications have reached
>>> stability (what we call “implementor’s draft”) and we anticipate a final
>>> vote and approval in the coming months.  We’re confident approval will be
>>> forthcoming since OIDC is already in production at Google,
>>> <insert-other-deployments> and we expect deployments at
>>> <insert-other-predictions>.
>>>
>>>
>>>
>>> Our work is dependent on JWT, a product of the IETF “jose” working
>>> group.  JWTs have been stable for some time, and code to parse and validate
>>> them is widely available in libraries for popular programming languages.
>>>  However, progress towards an RFC in jose seems slow, and we do not have a
>>> feeling when this work is likely to stabilize.
>>>
>>>
>>>
>>> Unfortunately, it’s not practical for our membership to wait, and thus
>>> our most likely course of action will be to take a dependency
>>> on draft-ietf-oauth-json-web-token-08 when the time comes to publish our
>>> specification.
>>>
>>>
>>>
>>> We bring this to your attention simply because if some other
>>> organization were planning to lock in a dependency on one of our earlier
>>> drafts, we’d like to hear about it.
>>>
>>>
>>>
>>> [I’m going to unofficially run this by some of my IETF-insider contacts,
>>> but thought I should sanity-check the content here first]
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>
>>>  _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>   _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>
>
>  --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130618/5902b213/attachment-0001.html>


More information about the Openid-specs-ab mailing list