<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<base href="x-msg://270/"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Times;
panose-1:2 2 6 3 5 4 5 2 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#002060;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">Correct – good catch. I’ll update the draft. The intent was for there to be no pad character in that case.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> -- Mike<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> John Bradley [mailto:ve7jtb@ve7jtb.com]
<br>
<b>Sent:</b> Monday, March 28, 2011 3:00 PM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> oauth@ietf.org; woes@ietf.org; openid-specs-ab@lists.openid.net; openid-specs@lists.openid.net<br>
<b>Subject:</b> Re: [Openid-specs-ab] [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mike in JWT 6.7 if the alg is none.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<pre style="word-wrap: break-word;white-space:pre-wrap">Otherwise, if the "alg" value<o:p></o:p></pre>
<pre> is ""none"", the JWT Claim Segment is the empty string.<o:p></o:p></pre>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">I may be missing something. If the Alg is none then the Claim segment is still the claim segment. It is the Crypto segment that would just be padding to maintain the format.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">In 8 10 the decoding has it correct.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">So in the event the signature alg is none do we make the cripto segment a pad character?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">So normally it would be <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">xxxxxxx.xxxxxxxx.xxxxx<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">Dropping the cripto segment looks like<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">xxxxxxx.xxxxxxxx.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">Or with a pad char to be ignored <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">xxxxxxx.xxxxxxxxx.0<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">Or something like that.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times","serif"">John B.<o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal">On 2011-03-28, at 5:28 AM, Mike Jones wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">These are now published as IETF drafts. The IETF .txt version links are:</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> <span class="apple-converted-space"> </span><a href="http://www.ietf.org/id/draft-jones-json-web-token-03.txt">http://www.ietf.org/id/draft-jones-json-web-token-03.txt</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> <span class="apple-converted-space"> </span><a href="http://www.ietf.org/id/draft-jones-json-web-signature-01.txt">http://www.ietf.org/id/draft-jones-json-web-signature-01.txt</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> -- Mike</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in;border-width:initial;border-color:initial">
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span class="apple-converted-space"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> </span></span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><a href="mailto:oauth-bounces@ietf.org">oauth-bounces@ietf.org</a><span class="apple-converted-space"> </span>[mailto:oauth-bounces@ietf.org]<span class="apple-converted-space"> </span><b>On
Behalf Of<span class="apple-converted-space"> </span></b>Mike Jones<br>
<b>Sent:</b><span class="apple-converted-space"> </span>Friday, March 25, 2011 10:26 PM<br>
<b>To:</b><span class="apple-converted-space"> </span><a href="mailto:oauth@ietf.org">oauth@ietf.org</a>;<span class="apple-converted-space"> </span><a href="mailto:woes@ietf.org">woes@ietf.org</a>;<span class="apple-converted-space"> </span><a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Cc:</b><span class="apple-converted-space"> </span><a href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a><br>
<b>Subject:</b><span class="apple-converted-space"> </span>[OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now in separate specs</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p></o:p></span></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">As promised, I have split the contents of the JWT spec<span class="apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-token-01.html">draft-jones-json-web-token-01</a><span class="apple-converted-space"> </span>into
two simpler specs:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <span class="apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-token-02.html">draft-jones-json-web-token-02</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <span class="apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-signature-00.html">draft-jones-json-web-signature-00</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">These should have introduced no semantic changes from the previous spec.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I then applied the feedback that I received since JWT -01 and created revised versions of the split specs:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <span class="apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-token-03.html">draft-jones-json-web-token-03</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <span class="apple-converted-space"> </span><a href="http://self-issued.info/docs/draft-jones-json-web-signature-01.html">draft-jones-json-web-signature-01</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The only breaking change introduced was that x5t (X.509 Certificate Thumbprint) is now a SHA-1 hash of the DER-encoded certificate, rather than a SHA-256 has, as SHA-1 is
the prevailing existing practice for certificate thumbprint calculations. See the Document History sections for details on each change made.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">.txt and .xml versions are also available. I plan to publish these as IETF drafts once the submission window re-opens on Monday. Feedback welcome!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> -- Mike<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">P.S. Yes, work on the companion encryption spec is now under way…<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica","sans-serif"">_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>