<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">I think the point of signing is so that the audience can verify it. In the case that the azp is different from the audience the azp the token should be treated as opaque to the azp party.<div>I appreciate that clients may do content sniffing as they do in SAML in some cases.</div><div><br></div><div>In general it is best for the AS to use a asymmetric signature all the time to get around these issues.</div><div><br></div><div>The simple rule for symmetric keys is you is the one shared with the audience, the use of azp should not impact that. </div><div>If that is to confusing I am OK with saying tokens containing azp MUST be signed with a asymmetric key and forget this corner case.</div><div><br></div><div>I don't consider a token with azp one that necessarily has multiple audiences. It is possible to have two or more audiences where one is also the azp, that defiantly needs asymmetric signing.</div><div><br></div><div>John B.</div><div><br></div><div><div><div>On Oct 25, 2013, at 6:04 PM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com">Michael.Jones@microsoft.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div class="WordSection1" style="page: WordSection1;"><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);">John, your reply didn’t answer the question about which Client ID would be used if the “aud” and “azp” values refer to different parties. I could see arguments for either.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);"> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);">Partly for that reason, I’m prone to have us say that the behavior is unspecified if a MAC algorithm is used and the “aud” is multi-valued or if an “azp” value is present that is different than the “aud” value.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);"> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);">That would leave the door open to specify it later, but avoids us making important decisions about use cases we have no experience with now.<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);"> </span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);"> -- Mike<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="color: rgb(31, 73, 125);"> </span></div><div><div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in;"><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif;"><span class="Apple-converted-space"> </span>Torsten Lodderstedt [<a href="mailto:torsten@lodderstedt.net">mailto:torsten@lodderstedt.net</a>]<span class="Apple-converted-space"> </span><br><b>Sent:</b><span class="Apple-converted-space"> </span>Friday, October 25, 2013 1:59 PM<br><b>To:</b><span class="Apple-converted-space"> </span>John Bradley<br><b>Cc:</b><span class="Apple-converted-space"> </span>Mike Jones; <a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [Openid-specs-ab] Questions about multiple audiences for ID Tokens using MAC algorithms<o:p></o:p></span></div></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>Am 25.10.2013 um 21:40 schrieb John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" style="color: purple; text-decoration: underline;">ve7jtb@ve7jtb.com</a>>:<o:p></o:p></p></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;"><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">A token with a single audience that is different from the AZP is fine to integrity protect with mac as long as there the AZP is not expected to validate the token. <o:p></o:p></div></blockquote><div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">I think this is only possible for id tokens issued via code grant type, right?<o:p></o:p></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br><br><o:p></o:p></div><div><div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div></div><div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">I personally think symmetric key management argues that it is not scalable. However we should not preclude that use. <br><br>Sent from my iPhone<o:p></o:p></div></div><div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><br>On Oct 24, 2013, at 10:32 PM, Torsten Lodderstedt <<a href="mailto:torsten@lodderstedt.net" style="color: purple; text-decoration: underline;">torsten@lodderstedt.net</a>> wrote:<o:p></o:p></p></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;"><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="font-size: 12pt; font-family: 'Times New Roman', serif;">Hi all,<br><br>MAC as symmetric alg only makes sense (from a security perspective) for two parties. I consider sharing a symmetric key among more than two parties a bad design. So in my opinion this restriction makes sense.<span class="Apple-converted-space"> </span><br><br>Wrt 5. Yes, we should tighten it.<br><br>Regards,<br>Torsten.<o:p></o:p></span></p><div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="font-size: 12pt; font-family: 'Times New Roman', serif;"><br><br>Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" style="color: purple; text-decoration: underline;">Michael.Jones@microsoft.com</a>> schrieb:<o:p></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><a href="http://openid.bitbucket.org/openid-connect-core-1_0.html#IDTokenValidation" style="color: purple; text-decoration: underline;">http://openid.bitbucket.org/openid-connect-core-1_0.html#IDTokenValidation</a>contains this text that George asked about in his review:<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;">7. If the<span class="Apple-converted-space"> </span></span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">alg</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;"><span class="Apple-converted-space"> </span>parameter of the JWT header is a MAC based algorithm such as<span class="Apple-converted-space"> </span></span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">HS256</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;">,<span class="Apple-converted-space"> </span></span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">HS384</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;">, or<span class="Apple-converted-space"> </span></span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">HS512</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;">, the octets of the UTF-8 representation of the<span class="Apple-converted-space"> </span></span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">client_secret</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;"><span class="Apple-converted-space"> </span>corresponding to the<span class="Apple-converted-space"> </span></span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">client_id</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;"><span class="Apple-converted-space"> </span>contained in the</span><tt style="font-family: 'Courier New'; color: rgb(0, 51, 102);"><span lang="EN" style="font-size: 10pt;">aud</span></tt><span lang="EN" style="font-size: 10pt; font-family: Verdana, sans-serif;"><span class="Apple-converted-space"> </span>(audience) Claim are used as the key to validate the signature.<span style="background-color: yellow; background-position: initial initial; background-repeat: initial initial;">Multiple audiences are not supported for MAC based algorithms.</span></span><o:p></o:p></div><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif;"> <o:p></o:p></p><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">George wrote:<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif;">“Why not? Wouldn't the secret associated with the azp work for the client to validate the id_token? If we want interoperability across the use of audience and azp we are going to need to describe how it works in an extension document. It is not clear from this spec how it is to work and I was on most of the calls:)”<o:p></o:p></div><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif;"> <o:p></o:p></p><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">These questions arise:<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: -0.25in;"><span>1.<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman';"> <span class="Apple-converted-space"> </span></span></span>Does anyone remember the history behind the highlighted sentence? I’m pretty sure that this was written before we had an “azp” claim.<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: -0.25in;"><span>2.<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman';"> <span class="Apple-converted-space"> </span></span></span>If there’s an “azp” claim and an “aud” claim and the values are different, which Client Secret would be the right one to use as the key value? (George seems to be suggesting that it’s the one associated with the Client ID in the “azp” value.)<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: -0.25in;"><span>3.<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman';"> <span class="Apple-converted-space"> </span></span></span>If we did want to relax the restriction prohibiting multiple audiences, which value would be used for the key? And would all the parties that need to valid the ID Token signature actually have access to this value?<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: -0.25in;"><span>4.<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman';"> <span class="Apple-converted-space"> </span></span></span>Or should we leave the text above as-is for now, and deal with this case as an extension later, if a need for it ever comes up?<o:p></o:p></div><div style="margin: 0in 0in 0.0001pt 0.5in; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: -0.25in;"><span>5.<span style="font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-family: 'Times New Roman';"> <span class="Apple-converted-space"> </span></span></span>If we’re not defining how multi-valued audiences would work with MAC signatures for now, should we also tighten this be requiring that any “azp” value that is include have the same value as the single-valued audience value?<o:p></o:p></div><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif;"> <o:p></o:p></p><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"> -- Mike<o:p></o:p></div><p style="margin-right: 0in; margin-left: 0in; font-size: 12pt; font-family: 'Times New Roman', serif;"> <o:p></o:p></p><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New'; text-align: center;"><hr size="2" width="100%" align="center"></pre><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';"><br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" style="color: purple; text-decoration: underline;">Openid-specs-ab@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color: purple; text-decoration: underline;">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><o:p></o:p></pre></div></blockquote><blockquote style="margin-top: 5pt; margin-bottom: 5pt;"><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span style="font-size: 12pt; font-family: 'Times New Roman', serif;">_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" style="color: purple; text-decoration: underline;">Openid-specs-ab@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" style="color: purple; text-decoration: underline;">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span></div></blockquote></div></div></div></div></blockquote></div><br></div></body></html>