<div dir="ltr"><div><div>While somewhat esoteric, it's probably important in this context to be accurate about the various documents and the WGs that are responsible for them.<br><br></div>Though JWT does depend heavily on JOSE work, it itself isn't a JOSE WG item. Rather it is a product of the OAUTH WG<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px"> and, as such, asking the JOSE WG to do anything with JWT doesn't make a lot of sense.<br>
<br></span></div><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">The broader issue remains though and I support the </span><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">Connect group providing </span>some encouragement to the IETF towards progressing the dependencies. But we probably need to acknowledge that even within the IETF the document and WG relationships are somewhat complicated by </span><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">dependencies</span>.</span><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px"><br>
</span><div><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px"><br>
<br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 12, 2013 at 3:00 PM, Tim Bray <span dir="ltr"><<a href="mailto:tbray@textuality.com" target="_blank">tbray@textuality.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;display:inline!important;font-weight:normal;float:none;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">This should go to the JOSE WG chair, the ADs for that area, and the IESG</span><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
<br></div><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
I’m writing on behalf of the OpenID Connect Working Group, in the OpenID Foundation. We have been working for <insert-time-period> on specifying this identity-federation protocol. Our specifications have reached stability (what we call “implementor’s draft”) and we anticipate a final vote and approval in the coming months. We’re confident approval will be forthcoming since OIDC is already in production at Google, <insert-other-deployments> and we expect deployments at <insert-other-predictions>.</div>
<div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
<br></div><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
Our work is dependent on JWT, a product of the IETF “jose” working group. JWTs have been stable for some time, and code to parse and validate them is widely available in libraries for popular programming languages. However, progress towards an RFC in jose seems slow, and we do not have a feeling when this work is likely to stabilize.</div>
<div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
<br></div><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
Unfortunately, it’s not practical for our membership to wait, and thus our most likely course of action will be to take a dependency on draft-ietf-oauth-json-web-token-08 when the time comes to publish our specification. </div>
<div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
<br></div><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
We bring this to your attention simply because if some other organization were planning to lock in a dependency on one of our earlier drafts, we’d like to hear about it. </div><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
<br></div><div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:start;font-style:normal;font-weight:normal;line-height:normal;color:rgb(34,34,34);text-transform:none;font-size:13px;white-space:normal;font-family:arial,sans-serif;word-spacing:0px">
[I’m going to unofficially run this by some of my IETF-insider contacts, but thought I should sanity-check the content here first]</div></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br></div>