Mike Jones: self-issued

The two Security Event Token (SET) delivery specifications have been updated to address working group feedback received, in preparation for discussions at IETF 104 in Prague. The Push Delivery spec went through working group last call (WGLC). It has been updated to incorporate the WGLC comments. Changes made are summarized in the spec change log, the contents of which were also posted to the working group mailing list. Thanks to Annabelle Backman for the edits to the Push Delivery spec.

It’s worth noting that the Push Delivery spec and the Security Event Token (SET) are now being used in early Risk and Incident Sharing and Coordination (RISC) deployments, including between Google and Adobe. See the article about these deployments by Mat Honan of BuzzFeed.

Changes to the Poll Delivery spec are also summarized in that spec’s change log, which contains:

• Removed vestigial language remaining from when the push and poll delivery methods were defined in a common specification.
• Replaced remaining uses of the terms Event Transmitter and Event Recipient with the correct terms SET Transmitter and SET Recipient.
• Removed uses of the unnecessary term “Event Stream”.
• Removed dependencies between the semantics of maxEvents and returnImmediately.
• Said that PII in SETs is to be encrypted with TLS, JWE, or both.
• Corrected grammar and spelling errors.

The specifications are available at:

• https://tools.ietf.org/html/draft-ietf-secevent-http-push-05
• https://tools.ietf.org/html/draft-ietf-secevent-http-poll-02

HTML-formatted versions are also available at:

• http://self-issued.info/docs/draft-ietf-secevent-http-push-05.html
• http://self-issued.info/docs/draft-ietf-secevent-http-poll-02.html

No Comments » Posted under IETF & OpenID & Safety & Specifications

Responding to feedback from multiple parties that the title “OAuth 2.0 Device Flow for Browserless and Input Constrained Devices” was too much of a mouthful, the title of the specification has been simplified to “OAuth 2.0 Device Authorization Grant”. Likewise, we received feedback that “Device flow” was an insider term that caused more confusion than clarity, so its use has been removed from the specification. Finally, last minute feedback was received that client authorization and error handling were not explicitly spelled out. The specification now says that these occur in the same manner as in OAuth 2.0 [RFC 6749].

Many thanks to William Denniss for performing these edits! Hopefully this will be the draft that is sent to the RFC Editor.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-oauth-device-flow-15.html

No Comments » Posted under IETF & OAuth & Specifications

The new COSE working group charter includes this deliverable:

4. Define the algorithms needed for W3C Web Authentication for COSE using draft-jones-webauthn-cose-algorithms and draft-jones-webauthn-secp256k1 as a starting point (Informational).

I have written draft-jones-cose-additional-algorithms, which combines these starting points into a single draft, which registers these algorithms in the IANA COSE registries. When not already registered, this draft also registers these algorithms for use with JOSE in the IANA JOSE registries. I believe that this draft is ready for working group adoption to satisfy this deliverable.

The specification is available at:

• https://tools.ietf.org/html/draft-jones-cose-additional-algorithms-00

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-jones-cose-additional-algorithms-00.html

No Comments » Posted under CBOR & Cryptography & IETF & JSON & Specifications & W3C

The Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification has been updated to address issues identified by Roman Danyliw while writing his shepherd review. Thanks to Samuel Erdtman for fixing an incorrect example.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-06

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-ace-cwt-proof-of-possession-06.html

No Comments » Posted under CBOR & Claims & Cryptography & IETF & Specifications

Key ID confirmation method considerations suggested by Jim Schaad have been added to the Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification. Per discussions in the working group meeting in Bangkok, it’s now time for the shepherd review.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-05

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-ace-cwt-proof-of-possession-05.html

No Comments » Posted under CBOR & Claims & Cryptography & IETF & Specifications

The JSON Web Token (JWT) Best Current Practices (BCP) specification has been updated to address the review comments from Security Area Director (AD) Eric Rescorla. Thanks to Eric for the review and to Yaron Sheffer for working on the responses with me.

Note that IETF publication has already been requested. The next step is for the shepherd review to be submitted and responded to.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-04

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-oauth-jwt-bcp-04.html

No Comments » Posted under Claims & Cryptography & IETF & JSON & OAuth & Specifications

The Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification has been updated to addresses a few additional Working Group Last Call (WGLC) comments. All of the (few) changes were about improving the clarity of the exposition. I believe that this completes addressing the WGLC comments.

Thanks to Roman Danyliw for helping to categorize the remaining comments that needed to be addressed.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-04

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-ace-cwt-proof-of-possession-04.html

No Comments » Posted under CBOR & Claims & Cryptography & IETF & Specifications

Now that the Security Event Token (SET) specification is RFC 8417, the SecEvent working group is working on defining the SET delivery mechanisms. This week, both the push-based and poll-based SET delivery specs have been updated to simplify their exposition and reduce duplication of text between the drafts. Thanks to Annabelle Backman for doing the bulk of the recent work on the push-based delivery spec. The latest versions of both specs contain these updates:

• Addressed problems identified in my 18-Jul-18 review message titled “Issues for both the Push and Poll Specs”.
• Changes to align terminology with RFC 8417, for instance, by using the already defined term SET Recipient rather than SET Receiver.
• Applied editorial and minor normative corrections.
• Updated Marius Scurtescu’s contact information.

In addition, the latest version of the poll delivery spec also contains this update:

• Begun eliminating redundancies between this specification and “Push-Based Security Event Token (SET) Delivery Using HTTP”, referencing, rather that duplicating common normative text.

The specifications are available at:

• https://tools.ietf.org/html/draft-ietf-secevent-http-push-03
• https://tools.ietf.org/html/draft-ietf-secevent-http-poll-01

HTML-formatted versions are also available at:

• http://self-issued.info/docs/draft-ietf-secevent-http-push-03.html
• http://self-issued.info/docs/draft-ietf-secevent-http-poll-01.html

No Comments » Posted under IETF & Specifications

The IETF Token Binding working group has completed the core Token Binding specifications. These new standards are:

• RFC 8471: The Token Binding Protocol Version 1.0
• RFC 8472: Transport Layer Security (TLS) Extension for Token Binding Protocol Negotiation
• RFC 8473: Token Binding over HTTP

As Alex Simons recently wrote, it’s time for token binding. Especially now that the core specs are done, now’s the time for platforms and applications to deploy Token Binding. This will enable replacing bearer tokens, which can be stolen and reused, with Token Bound tokens, which are useless if stolen. This is a huge security benefit applicable to any tokens used over TLS, including browser cookies, OAuth access tokens and refresh tokens, and OpenID Connect ID Tokens.

Congratulations especially to the editors Andrei Popov, Dirk Balfanz, Jeff Hodges, Magnus Nyström, and Nick Harper and the chairs John Bradley and Leif Johansson for getting this done!

I likewise look forward to timely completion of related Token Binding specifications, which enable use of Token Binding with TLS 1.3, with OAuth 2.0, and with OpenID Connect.

No Comments » Posted under IETF & OAuth & OpenID & Specifications & Token Binding

Check out Alex Simons’ and Pamela Dingle’s blog post “It’s Time for Token Binding”. Now that the IETF Token Binding specs are essentially done, it’s time to ask those who write TLS software you use to ship Token Binding support soon, if they haven’t already done so.

Token Binding in a nutshell: When an attacker steals a bearer token sent over TLS, he can use it; when an attacker steals a Token Bound token, it’s useless to him.

No Comments » Posted under IETF & OAuth & OpenID & Specifications & Token Binding

The three core IETF Token Binding Specifications have been sent to the RFC Editor, which means that their normative content will no longer change. It’s time to move implementations to version 1.0! The abstract of the Token Binding over HTTP specification describes Token Binding as:

This document describes a collection of mechanisms that allow HTTP servers to cryptographically bind security tokens (such as cookies and OAuth tokens) to TLS connections.

We describe both first-party and federated scenarios. In a first-party scenario, an HTTP server is able to cryptographically bind the security tokens it issues to a client, and which the client subsequently returns to the server, to the TLS connection between the client and server. Such bound security tokens are protected from misuse since the server can generally detect if they are replayed inappropriately, e.g., over other TLS connections.

Federated token bindings, on the other hand, allow servers to cryptographically bind security tokens to a TLS connection that the client has with a different server than the one issuing the token.

This document is a companion document to The Token Binding Protocol.

This is a huge step towards cryptographically protecting data structures that had previously been bearer tokens, such as browser cookies, refresh tokens, access tokens, ID Tokens, etc., so that they can only be used by the intended party. Congratulations especially to the editors Andrei Popov, Dirk Balfanz, and Jeff Hodges, as well as the chairs John Bradley and Leif Johansson for getting us to this important milestone!

The three specifications are:

• Token Binding Protocol: https://tools.ietf.org/html/draft-ietf-tokbind-protocol
• Token Binding over HTTP: https://tools.ietf.org/html/draft-ietf-tokbind-https
• Token Binding Protocol Negotiation: https://tools.ietf.org/html/draft-ietf-tokbind-negotiation

No Comments » Posted under Cryptography & IETF & Phishing Resistance & Specifications

The Security Event Token (SET) specification is now RFC 8417. The abstract describes the specification as:

This specification defines the Security Event Token (SET) data structure. A SET describes statements of fact from the perspective of an issuer about a subject. These statements of fact represent an event that occurred directly to or about a security subject, for example, a statement about the issuance or revocation of a token on behalf of a subject. This specification is intended to enable representing security- and identity-related events. A SET is a JSON Web Token (JWT), which can be optionally signed and/or encrypted. SETs can be distributed via protocols such as HTTP.

SETs are already in use to represent OpenID Connect Back-Channel Logout tokens and to represent Risk and Incident Sharing and Coordination (RISC) events. Thanks to my co-editors, members of the IETF ID Events mailing list, and members of the IETF Security Events working group for making this standard a reality!

No Comments » Posted under Claims & IETF & JSON & OpenID & Specifications

A new draft of the Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) specification has been published that addresses the Working Group Last Call (WGLC) comments received. Changes were:

• Addressed review comments by Jim Schaad — see https://www.ietf.org/mail-archive/web/ace/current/msg02798.html.
• Removed unnecessary sentence in the introduction regarding the use any strings that could be case-sensitive.
• Clarified the terms Presenter and Recipient.
• Clarified text about the confirmation claim.

Thanks to Samuel Erdtman and Hannes Tschofenig for contributing to the editing for this version and to Jim Schaad and Roman Danyliw for their review comments.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-03

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-ace-cwt-proof-of-possession-03.html

No Comments » Posted under CBOR & Claims & Cryptography & IETF & Specifications

The OAuth 2.0 Authorization Server Metadata specification is now RFC 8414. The abstract describes the specification as:

This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and authorization server capabilities.

The specification defines a JSON metadata representation for OAuth 2.0 authorization servers that is compatible with OpenID Connect Discovery 1.0. This specification is a true instance of standardizing existing practice. OAuth 2.0 deployments have been using the OpenID Connect metadata format to describe their endpoints and capabilities for years. This RFC makes this existing practice a standard.

Having a standard OAuth metadata format makes it easier for OAuth clients to configure connections to OAuth authorization servers. See https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata for the initial set of registered metadata values.

Thanks to all of you who helped make this standard a reality!

No Comments » Posted under Claims & IETF & JSON & OAuth & OpenID & Specifications

The OAuth Device Flow specification (full name “OAuth 2.0 Device Flow for Browserless and Input Constrained Devices”) has been updated to address comments received to date from the IETF last call. Thanks to William Denniss for taking the pen for this set of revisions. Changes were:

• Added a missing definition of access_denied for use on the token endpoint.
• Corrected text documenting which error code should be returned for expired tokens (it’s “expired_token”, not “invalid_grant”).
• Corrected section reference to RFC 8252 (the section numbers had changed after the initial reference was made).
• Fixed line length of one diagram (was causing xml2rfc warnings).
• Added line breaks so the URN grant_type is presented on an unbroken line.
• Typos fixed and other stylistic improvements.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-oauth-device-flow-10

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-oauth-device-flow-10.html

No Comments » Posted under IETF & OAuth & Specifications

We’ve updated the Security Event Token (SET) specification to address feedback received from Internet Engineering Steering Group (IESG) members. We’ve actually published three versions in quick succession in preparation for tomorrow’s evaluation by the IESG.

Draft -11 incorporated feedback from Security Area Director Eric Rescorla and IANA Designated Expert Ned Freed. Changes were:

• Clarified “iss” claim language about the SET issuer versus the security subject issuer.
• Changed a “SHOULD” to a “MUST” in the “sub” claim description to be consistent with the Requirements for SET Profiles section.
• Described the use of the “events” claim to prevent attackers from passing off other kinds of JWTs as SETs.
• Stated that SETs are to be signed by an issuer that is trusted to do so for the use case.
• Added quotes in the phrase ‘”token revoked” SET to be issued’ in the Timing Issues section.
• Added section number references to the media type and media type suffix registrations.
• Changed the encodings of the media type and media type suffix registrations to binary (since no line breaks are allowed).
• Replaced a “TBD” in the media type registration with descriptive text.
• Acknowledged Eric Rescorla and Ned Freed.

Draft -12 incorporated feedback from Adam Roach, Alexey Melnikov, and Alissa Cooper. Changes were:

• Removed unused references to RFC 7009 and RFC 7517.
• Corrected name of RFC 8055 in Section 4.3 to “Session Initiation Protocol (SIP) Via Header Field Parameter to Indicate Received Realm”.
• Added normative references for base64url and UTF-8.
• Section 5.1 – Changed SHOULD to MUST in “personally identifiable information MUST be encrypted using JWE [RFC7516] or …”.
• Section 5.2 – Changed “MUST consider” to “must consider”.
• Acknowledged Adam Roach, Alexey Melnikov, and Alissa Cooper.

Draft -13 incorporated feedback from Martin Vigoureaux. Changes were:

• Changed a non-normative “MAY” to “may” in Section 1.1.
• Acknowledged Martin Vigoureux and Mirja Kühlewind.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-secevent-token-13

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-secevent-token-13.html

No Comments » Posted under Claims & IETF & JSON & Specifications

The JSON Web Token (JWT) Best Current Practices (BCP) specification has been updated to address the Working Group Last Call (WGLC) feedback received. Thanks to Neil Madden for his numerous comments and to Carsten Bormann and Brian Campbell for their reviews.

Assuming the chairs concur, the next step should be to request publication.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-03

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-oauth-jwt-bcp-03.html

No Comments » Posted under Claims & Cryptography & IETF & JSON & OAuth & Specifications

The “CBOR Web Token (CWT)” specification is now RFC 8392 – an IETF standard. The abstract for the specification is:

CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON.

Special thanks to Erik Wahlström for starting this work and to Samuel Erdtman for doing most of the heavy lifting involved in creating correct and useful CBOR and COSE examples.

Next up – finishing “Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)”, which provides the CWT equivalent of “Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)” [RFC 7800].

No Comments » Posted under CBOR & Claims & Cryptography & IETF & Specifications

The WebAuthn working group has published the “COSE Algorithms for Web Authentication (WebAuthn)” specification, which registers COSE algorithm identifiers for RSASSA-PKCS1-v1_5 signature algorithms with SHA-2 and SHA-1 hash algorithms. RSASSA-PKCS1-v1_5 with SHA-256 is used by several kinds of authenticators. RSASSA-PKCS1-v1_5 with SHA-1, while deprecated, is used by some Trusted Platform Modules (TPMs). See https://www.iana.org/assignments/cose/cose.xhtml#algorithms for the actual IANA registrations.

Thanks to John Fontana, Jeff Hodges, Tony Nadalin, Jim Schaad, Göran Selander, Wendy Seltzer, Sean Turner, and Samuel Weiler for their roles in registering these algorithm identifiers.

The specification is available at:

• https://tools.ietf.org/html/draft-jones-webauthn-cose-algorithms-01

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-jones-webauthn-cose-algorithms-01.html

No Comments » Posted under CBOR & Cryptography & IETF & Specifications & W3C

An updated Security Event Token (SET) specification has published to address recent review comments received. Changes were:

• Incorporated wording improvements resulting from Russ Housley’s additional SecDir comments.
• Registered +jwt structured syntax suffix.

The specification is available at:

• https://tools.ietf.org/html/draft-ietf-secevent-token-10

An HTML-formatted version is also available at:

• http://self-issued.info/docs/draft-ietf-secevent-token-10.html

No Comments » Posted under Claims & IETF & JSON & Specifications