[Openid-specs-ab] Fwd: Re: Draft note to IETF

n-sakimura n-sakimura at nri.co.jp
Tue Jun 18 01:40:47 UTC 2013


sorry, s/Justing/Justin/.

I need to get a better reading glass...

Nat

(2013/06/18 8:10), Nat Sakimura wrote:
> Thanks Justing. Yes, that was the idea :-)
>
>
> 2013/6/18 Justin Richer <jricher at mitre.org <mailto:jricher at mitre.org>>
>
>     Forwarding Nat's response out to the wider list, as I believe that
>     was his intent.
>
>
>     -------- Original Message --------
>     Subject: 	Re: [Openid-specs-ab] Draft note to IETF
>     Date: 	Tue, 18 Jun 2013 00:04:36 +0900
>     From: 	Nat Sakimura <sakimura at gmail.com> <mailto:sakimura at gmail.com>
>     To: 	Justin Richer <jricher at mitre.org> <mailto:jricher at mitre.org>
>
>
>
>     ... and so is NRI; NRI has implemented OpenID Connect for several
>     major identity providers in Japan.
>
>
>     2013/6/17 Justin Richer <jricher at mitre.org <mailto:jricher at mitre.org>>
>
>         MITRE's implementation has been live on our public server for
>         nearly a year now, and a number of other groups have used the
>         MITREid Connect open source project in their own deployments.
>
>         -- Justin
>
>
>         On 06/15/2013 02:53 AM, Torsten Lodderstedt wrote:
>>         Deutsche Telekom's implementation is available in production
>>         since last Wednesday.
>>
>>         Regards,
>>         Torsten.
>>
>>         Am 13.06.2013 um 18:32 schrieb Brian Campbell
>>         <bcampbell at pingidentity.com <mailto:bcampbell at pingidentity.com>>:
>>
>>>         Also, FWIW, Ping Identity's initial OpenID Connect product
>>>         support went from just "announced" to actually "generally
>>>         available" yesterday.
>>>
>>>         https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050
>>>
>>>
>>>         On Thu, Jun 13, 2013 at 10:26 AM, Nat Sakimura
>>>         <sakimura at gmail.com <mailto:sakimura at gmail.com>> wrote:
>>>
>>>             Not Amazon yet. They are waiting for us. Paypal, yes.
>>>
>>>             =nat via iPhone
>>>
>>>             Jun 14, 2013 1:19、Mike Jones
>>>             <Michael.Jones at microsoft.com
>>>             <mailto:Michael.Jones at microsoft.com>> のメッセージ:
>>>
>>>>             Yes. Updated below…
>>>>
>>>>             To: jose-chairs at tools.ietf.org
>>>>             <mailto:jose-chairs at tools.ietf.org>;
>>>>             oauth-chairs at tools.ietf.org
>>>>             <mailto:oauth-chairs at tools.ietf.org>
>>>>
>>>>             Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>>>             draft-ietf-oauth-json-web-token at tools.ietf.org
>>>>             <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>>>             draft-ietf-jose-json-web-encryption at tools.ietf.org
>>>>             <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>>
>>>>             Subject: Liaison statement from OpenID Foundation to
>>>>             IETF on JWT and JOSE
>>>>
>>>>             I’m writing on behalf of the OpenID Connect Working
>>>>             Group, in the OpenID Foundation. We have been working
>>>>             for three years on specifying this identity-federation
>>>>             protocol. Our specifications have reached stability
>>>>             (what we call “Implementer’s Drafts”) and we anticipate
>>>>             a final vote and approval in the coming months. We’re
>>>>             confident approval will be forthcoming since OpenID
>>>>             Connect is already in production at Google and Amazon, a
>>>>             product has been announced by Ping Identity, a JWT
>>>>             product has shipped from Microsoft, and we expect
>>>>             numerous OpenID Connect and JWT deployments in the
>>>>             coming months.
>>>>
>>>>             Our work is dependent on the JSON Web Token (JWT) and
>>>>             the JSON Object Signing and Encryption (JOSE)
>>>>             specifications, products of the IETF OAuth and JOSE
>>>>             working groups. JWTs have been stable for some time, and
>>>>             code to parse and validate them is widely available in
>>>>             libraries for popular programming languages. However,
>>>>             progress towards an RFC in JOSE seems slow, which is
>>>>             holding up the JWT RFC in OAuth, and we do not have a
>>>>             clear feeling when this work is likely to complete. As
>>>>             chartered, the JOSE documents were to have gone to
>>>>             working group last call a year ago and this still has
>>>>             not happened.
>>>>
>>>>             Unfortunately, it’s not practical for our membership to
>>>>             wait indefinitely, and thus our most likely course of
>>>>             action will be to take dependencies on
>>>>             draft-ietf-oauth-json-web-token-08 and the -11 versions
>>>>             of the JOSE specifications or subsequent versions that
>>>>             are compatible with them when the time comes to publish
>>>>             our final specifications. It would obviously be
>>>>             preferable for the JWT and JOSE RFCs to be completed in
>>>>             a timely fashion instead.
>>>>
>>>>             We bring this to your attention simply because if some
>>>>             other organization were planning to lock in a dependency
>>>>             on one of our earlier drafts, we’d like to hear about it.
>>>>
>>>>             -- Tim Bray for the OpenID Connect Working Group and the
>>>>             OpenID Foundation
>>>>
>>>>             *From:*Brian Campbell [mailto:bcampbell at pingidentity.com]
>>>>             *Sent:* Thursday, June 13, 2013 9:13 AM
>>>>             *To:* Mike Jones
>>>>             *Cc:* Tim Bray; <openid-specs-ab at lists.openid.net
>>>>             <mailto:openid-specs-ab at lists.openid.net>>
>>>>             *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>>
>>>>             "were have gone" -> "were to have gone" ... ?
>>>>
>>>>             On Thu, Jun 13, 2013 at 9:30 AM, Mike Jones
>>>>             <Michael.Jones at microsoft.com
>>>>             <mailto:Michael.Jones at microsoft.com>> wrote:
>>>>
>>>>             Tim – a slightly revised note follows. The working group
>>>>             agreed for you to circulate it privately to insiders for
>>>>             feedback. We also need to run this by the board before
>>>>             formally sending it, since it’s speaking on behalf of
>>>>             the foundation. If you can let us know what kinds of
>>>>             informal feedback you receive, that would be great.
>>>>
>>>>             -- Mike
>>>>
>>>>             To: jose-chairs at tools.ietf.org
>>>>             <mailto:jose-chairs at tools.ietf.org>;
>>>>             oauth-chairs at tools.ietf.org
>>>>             <mailto:oauth-chairs at tools.ietf.org>
>>>>
>>>>             Cc: iesg at ietf.org <mailto:iesg at ietf.org>;
>>>>             draft-ietf-oauth-json-web-token at tools.ietf.org
>>>>             <mailto:draft-ietf-oauth-json-web-token at tools.ietf.org>;
>>>>             draft-ietf-jose-json-web-encryption at tools.ietf.org
>>>>             <mailto:draft-ietf-jose-json-web-encryption at tools.ietf.org>
>>>>
>>>>             Subject: Liaison statement from OpenID Foundation to
>>>>             IETF on JWT and JOSE
>>>>
>>>>             I’m writing on behalf of the OpenID Connect Working
>>>>             Group, in the OpenID Foundation. We have been working
>>>>             for three years on specifying this identity-federation
>>>>             protocol. Our specifications have reached stability
>>>>             (what we call “Implementer’s Drafts”) and we anticipate
>>>>             a final vote and approval in the coming months. We’re
>>>>             confident approval will be forthcoming since OpenID
>>>>             Connect is already in production at Google, a product
>>>>             has been announced by Ping Identity, a JWT product has
>>>>             shipped from Microsoft, and we expect numerous OpenID
>>>>             Connect and JWT deployments in the coming months.
>>>>
>>>>             Our work is dependent on the JSON Web Token (JWT) and
>>>>             the JSON Object Signing and Encryption (JOSE)
>>>>             specifications, products of the IETF OAuth and JOSE
>>>>             working groups. JWTs have been stable for some time, and
>>>>             code to parse and validate them is widely available in
>>>>             libraries for popular programming languages. However,
>>>>             progress towards an RFC in JOSE seems slow, which is
>>>>             holding up the JWT RFC in OAuth, and we do not have a
>>>>             clear feeling when this work is likely to complete. As
>>>>             chartered, the JOSE documents were have gone to working
>>>>             group last call a year ago and this still has not happened.
>>>>
>>>>             Unfortunately, it’s not practical for our membership to
>>>>             wait indefinitely, and thus our most likely course of
>>>>             action will be to take dependencies on
>>>>             draft-ietf-oauth-json-web-token-08 and the -11 versions
>>>>             of the JOSE specifications or subsequent versions that
>>>>             are compatible with them when the time comes to publish
>>>>             our final specifications. It would obviously be
>>>>             preferable for the JWT and JOSE RFCs to be completed in
>>>>             a timely fashion instead.
>>>>
>>>>             We bring this to your attention simply because if some
>>>>             other organization were planning to lock in a dependency
>>>>             on one of our earlier drafts, we’d like to hear about it.
>>>>
>>>>             -- Tim Bray for the OpenID Connect Working Group and the
>>>>             OpenID Foundation
>>>>
>>>>             *From:*openid-specs-ab-bounces at lists.openid.net
>>>>             <mailto:openid-specs-ab-bounces at lists.openid.net>
>>>>             [mailto:openid-specs-ab-bounces at lists.openid.net
>>>>             <mailto:openid-specs-ab-bounces at lists.openid.net>] *On
>>>>             Behalf Of *Brian Campbell
>>>>             *Sent:* Thursday, June 13, 2013 6:30 AM
>>>>             *To:* Tim Bray
>>>>             *Cc:* <openid-specs-ab at lists.openid.net
>>>>             <mailto:openid-specs-ab at lists.openid.net>>
>>>>             *Subject:* Re: [Openid-specs-ab] Draft note to IETF
>>>>
>>>>             While somewhat esoteric, it's probably important in this
>>>>             context to be accurate about the various documents and
>>>>             the WGs that are responsible for them.
>>>>
>>>>             Though JWT does depend heavily on JOSE work, it itself
>>>>             isn't a JOSE WG item. Rather it is a product of the
>>>>             OAUTH WGand, as such, asking the JOSE WG to do anything
>>>>             with JWT doesn't make a lot of sense.
>>>>
>>>>             The broader issue remains though and I support the
>>>>             Connect group providing some encouragement to the IETF
>>>>             towards progressing the dependencies. But we probably
>>>>             need to acknowledge that even within the IETF the
>>>>             document and WG relationships are somewhat complicated
>>>>             by dependencies.
>>>>
>>>>             On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray
>>>>             <tbray at textuality.com <mailto:tbray at textuality.com>> wrote:
>>>>
>>>>             This should go to the JOSE WG chair, the ADs for that
>>>>             area, and the IESG
>>>>
>>>>             I’m writing on behalf of the OpenID Connect Working
>>>>             Group, in the OpenID Foundation. We have been working
>>>>             for <insert-time-period> on specifying this
>>>>             identity-federation protocol. Our specifications have
>>>>             reached stability (what we call “implementor’s draft”)
>>>>             and we anticipate a final vote and approval in the
>>>>             coming months. We’re confident approval will be
>>>>             forthcoming since OIDC is already in production at
>>>>             Google, <insert-other-deployments> and we expect
>>>>             deployments at <insert-other-predictions>.
>>>>
>>>>             Our work is dependent on JWT, a product of the IETF
>>>>             “jose” working group. JWTs have been stable for some
>>>>             time, and code to parse and validate them is widely
>>>>             available in libraries for popular programming
>>>>             languages. However, progress towards an RFC in jose
>>>>             seems slow, and we do not have a feeling when this work
>>>>             is likely to stabilize.
>>>>
>>>>             Unfortunately, it’s not practical for our membership to
>>>>             wait, and thus our most likely course of action will be
>>>>             to take a dependency on
>>>>             draft-ietf-oauth-json-web-token-08 when the time comes
>>>>             to publish our specification.
>>>>
>>>>             We bring this to your attention simply because if some
>>>>             other organization were planning to lock in a dependency
>>>>             on one of our earlier drafts, we’d like to hear about it.
>>>>
>>>>             [I’m going to unofficially run this by some of my
>>>>             IETF-insider contacts, but thought I should sanity-check
>>>>             the content here first]
>>>>
>>>>
>>>>             _______________________________________________
>>>>             Openid-specs-ab mailing list
>>>>             Openid-specs-ab at lists.openid.net
>>>>             <mailto:Openid-specs-ab at lists.openid.net>
>>>>             http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>>
>>>>             _______________________________________________
>>>>             Openid-specs-ab mailing list
>>>>             Openid-specs-ab at lists.openid.net
>>>>             <mailto:Openid-specs-ab at lists.openid.net>
>>>>             http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>>             _______________________________________________
>>>>             Openid-specs-ab mailing list
>>>>             Openid-specs-ab at lists.openid.net
>>>>             <mailto:Openid-specs-ab at lists.openid.net>
>>>>             http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>         _______________________________________________
>>>         Openid-specs-ab mailing list
>>>         Openid-specs-ab at lists.openid.net
>>>         <mailto:Openid-specs-ab at lists.openid.net>
>>>         http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>         _______________________________________________
>>         Openid-specs-ab mailing list
>>         Openid-specs-ab at lists.openid.net  <mailto:Openid-specs-ab at lists.openid.net>
>>         http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>         _______________________________________________
>         Openid-specs-ab mailing list
>         Openid-specs-ab at lists.openid.net
>         <mailto:Openid-specs-ab at lists.openid.net>
>         http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
>     --
>     Nat Sakimura (=nat)
>     Chairman, OpenID Foundation
>     http://nat.sakimura.org/
>     @_nat_en
>
>
>
>     _______________________________________________
>     Openid-specs-ab mailing list
>     Openid-specs-ab at lists.openid.net
>     <mailto:Openid-specs-ab at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


-- 
Nat Sakimura (n-sakimura at nri.co.jp)
Nomura Research Institute, Ltd.
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547

本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信 
することを意図しております。意図された受取人以外の方によるこれらの情報の 
開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メール 
を受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受 
信されたメールを削除していただきますようお願い致します。
PLEASE READ:
The information contained in this e-mail is confidential and intended 
for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby 
notified that any review, dissemination, distribution or duplication of 
this message is strictly prohibited. If you have received this message 
in error, please notify the sender immediately and delete your copy from 
your system.



More information about the Openid-specs-ab mailing list