IETF
oauth@jabber.ietf.org
Thursday, July 28, 2022< ^ >
Meetecho has set the subject to: OAuth at IETF113
Room Configuration
Room Occupants

GMT+0
[18:06:21] <zulipbot> (Jaimandeep Singh) yes its okay
[18:07:00] <zulipbot> (Jaimandeep Singh) we can see at remote
[18:20:09] <zulipbot> (George Fletcher) Given values are json strings... are there any serialization requirements for those JSON strings to ensure the hashes match?
[18:23:50] <zulipbot> (Aaron Parecki) can the remote people hear us okay?
[18:24:03] <zulipbot> (Hirsch Singhal) Sounds good to me
[18:24:03] <zulipbot> (Aaron Parecki) 👍
[18:24:16] <zulipbot> (Joseph Heenan) yes, all good apart from when John didn't speak into the mic :)
[18:30:49] <zulipbot> (George Fletcher) Is it possible to add "blinded claim names" as an extension?
[18:56:02] <zulipbot> (George Fletcher) Open source that supports MLTS between services as well as OAuth MTLS bound OAuth tokens. https://www.athenz.io/
[19:03:12] <zulipbot> (George Fletcher) Netflix blog: https://netflixtechblog.com/edge-authentication-and-token-agnostic-identity-propagation-514e47e0b602
[19:03:36] <zulipbot> (George Fletcher) https://identiverse.gallery.video/detail/videos/standards/video/6185213758001/transaction-tokens:-solving-the-external-internal-authorization-problem?autoStart=true
[19:05:44] <zulipbot> (George Fletcher) Also, macaroons from Google might work in some cases here
[19:10:32] <zulipbot> (Brian Campbell) https://datatracker.ietf.org/doc/html/rfc8725
[19:10:58] <zulipbot> (Brian Campbell) is the JWT BCP
[19:13:01] <zulipbot> (Aaron Parecki) https://jwt.io/
[19:14:20] <zulipbot> (Joseph Heenan) Should specs that use JWTs (e.g. dpop) reference the JWT BCP?
[19:15:25] <zulipbot> (Benjamin Kaduk) Probably
[19:22:44] <zulipbot> (Brian Campbell) https://github.com/danielfett/draft-dpop/issues/167 as placeholder for dpop ref to JWT BCP FYI and FWIW
[19:24:59] <zulipbot> (George Fletcher) Anyone have the link to the NIST algorithm name list? I must searching on the incorrect terms :)
[19:25:58] <zulipbot> (Aaron Parecki) this maybe? https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
[19:27:11] <zulipbot> (George Fletcher) Thanks... that has the post quantum ones... I thought I heard someone say (during these side meetings) to a list where NIST defined full names like sha2-512.
[19:28:03] <zulipbot> (Benjamin Kaduk) Oh, that's not the question I heard either.
The relevant NIST standard will include names for the various algorithms.  Let me remember which one has hashes...
[19:28:49] <zulipbot> (Benjamin Kaduk) https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf would be (IMO) the "official" names
[19:30:35] <zulipbot> (George Fletcher) Thanks
[19:33:46] <zulipbot> (Aaron Parecki) bye!