idnits 2.17.1 draft-ietf-oauth-jwk-thumbprint-uri-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 10 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (January 28, 2022) is 813 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 OAuth Working Group M. Jones 3 Internet-Draft K. Yasuda 4 Intended status: Standards Track Microsoft 5 Expires: August 1, 2022 January 28, 2022 7 JWK Thumbprint URI 8 draft-ietf-oauth-jwk-thumbprint-uri-00 10 Abstract 12 This specification registers a kind of URI that represents a JSON Web 13 Key (JWK) Thumbprint value. JWK Thumbprints are defined in RFC 7638. 14 This enables JWK Thumbprints to be used, for instance, as key 15 identifiers in contexts requiring URIs. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on August 1, 2022. 34 Copyright Notice 36 Copyright (c) 2022 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. Requirements Notation and Conventions . . . . . . . . . . . . 2 53 3. JWK Thumbprint URI . . . . . . . . . . . . . . . . . . . . . 2 54 3.1. Example JWK Thumbprint URI . . . . . . . . . . . . . . . 3 55 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 56 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 57 5.1. OAuth URI Registration . . . . . . . . . . . . . . . . . 3 58 5.1.1. Registry Contents . . . . . . . . . . . . . . . . . . 3 59 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 6.1. Normative References . . . . . . . . . . . . . . . . . . 3 61 6.2. Informative References . . . . . . . . . . . . . . . . . 4 62 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 4 63 Appendix B. Document History . . . . . . . . . . . . . . . . . . 4 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 66 1. Introduction 68 A JSON Web Key (JWK) Thumbprint [RFC7638] is a URL-safe 69 representation of a hash value over a JSON Web Key (JWK) [RFC7517]. 70 This specification defines a URI prefix indicating that the portion 71 of the URI following the prefix is a JWK Thumbprint. This enables 72 JWK Thumbprints to be communicated in contexts requiring URIs, 73 including in specific JSON Web Token (JWT) [RFC7519] claims. 75 JWK Thumbprints URIs are being used in the [SIOPv2] specification as 76 one kind of subject identifier in a context requiring that the 77 identifier be a URI. In this case, the subject identifier is derived 78 from a public key represented as a JWK. Expressing the identifier as 79 JWK Thumbprint URI enables this kind of identifier to be 80 differentiated from other kinds of identifiers that are also URIs, 81 such as Decentralized Identifiers (DIDs) [DID-Core]. 83 2. Requirements Notation and Conventions 85 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 86 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 87 "OPTIONAL" in this document are to be interpreted as described in BCP 88 14 [RFC2119] [RFC8174] when, and only when, they appear in all 89 capitals, as shown here. 91 3. JWK Thumbprint URI 93 The following URI prefix is defined to indicate that the portion of 94 the URI following the prefix is a JWK Thumbprint: 96 o "urn:ietf:params:oauth:jwk-thumbprint" 97 The prefix is followed by a colon and a JWK Thumbprint value to form 98 a URI representing a JWK Thumbprint. 100 3.1. Example JWK Thumbprint URI 102 Section 3.1 of [RFC7638] contains the following example JWK 103 Thumbprint value: 105 NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs 107 A complete JWK Thumbprint URI using the above JWK Thumbprint is: 109 urn:ietf:params:oauth:jwk-thumbprint:NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs 111 4. Security Considerations 113 The security considerations of [RFC7638] also apply when using this 114 specification. 116 5. IANA Considerations 118 5.1. OAuth URI Registration 120 This specification registers the following value in the IANA "OAuth 121 URI" registry [IANA.OAuth.Parameters] established by [RFC6755]. 123 5.1.1. Registry Contents 125 o URN: urn:ietf:params:oauth:jwk-thumbprint 126 o Common Name: JWK Thumbprint URI 127 o Change controller: IESG 128 o Specification Document: [[ this specification ]] 130 6. References 132 6.1. Normative References 134 [IANA.OAuth.Parameters] 135 IANA, "OAuth Parameters", 136 . 138 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 139 Requirement Levels", BCP 14, RFC 2119, 140 DOI 10.17487/RFC2119, March 1997, 141 . 143 [RFC7638] Jones, M. and N. Sakimura, "JSON Web Key (JWK) 144 Thumbprint", RFC 7638, DOI 10.17487/RFC7638, September 145 2015, . 147 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 148 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 149 May 2017, . 151 6.2. Informative References 153 [DID-Core] 154 Sporny, M., Guy, A., Sabadello, M., and D. Reed, 155 "Decentralized Identifiers (DIDs) v1.0", Aug 2021, 156 . 158 [RFC6755] Campbell, B. and H. Tschofenig, "An IETF URN Sub-Namespace 159 for OAuth", RFC 6755, DOI 10.17487/RFC6755, October 2012, 160 . 162 [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, 163 DOI 10.17487/RFC7517, May 2015, 164 . 166 [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token 167 (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, 168 . 170 [SIOPv2] Yasuda, K. and M. B. Jones, "Self-Issued OpenID Provider 171 v2", December 2021, . 174 Appendix A. Acknowledgements 176 Use cases for this specification were developed in the OpenID Connect 177 Working Group of the OpenID Foundation. Specifically, it is being 178 used a key identifier in the [SIOPv2] specification. 180 The following individuals also contributed to this specification: 181 John Bradley and Adam Lemmon. 183 Appendix B. Document History 185 [[ to be removed by the RFC Editor before publication as an RFC ]] 187 -00 189 o Created initial working group draft from draft-jones-oauth-jwk- 190 thumbprint-uri-01. 192 Authors' Addresses 194 Michael B. Jones 195 Microsoft 197 Email: mbj@microsoft.com 198 URI: https://self-issued.info/ 200 Kristina Yasuda 201 Microsoft 203 Email: kryasuda@microsoft.com 204 URI: https://twitter.com/kristinayasuda