From: Eric Sachs <esa...@google.com>Date: April 6, 2011 12:43:05 PM PDTTo: wo...@ietf.orgSubject: [woes] Native JWT support in Google App EngineGoogle has just added native support for JWT to Google App Engine. Here is the documentation:
Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems.Based on past industry discussion, we wroteup a description of some of the general interop use-cases:While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2 support for Google APIs. However we would prefer to get feedback from this group on a standard approach, including around key rotation/management.Eric SachsSenior Product Manager, Internet Identity_______________________________________________
woes mailing list
wo...@ietf.org
https://www.ietf.org/mailman/listinfo/woes
I think the market for a working PKI solution is much larger.
Such a solution would be great for clouds as well as for
banks and government agencies etc.
Anders
> FYI.
>
> Begin forwarded message:
>
>> *From: *Eric Sachs <esa...@google.com <mailto:esa...@google.com>>
>> *Date: *April 6, 2011 12:43:05 PM PDT
>> *To: *wo...@ietf.org <mailto:wo...@ietf.org>
>> *Subject: **[woes] Native JWT support in Google App Engine*
>>
>> Google has just added native support for JWT to Google App Engine. Here is the documentation:
>>
>> https://sites.google.com/site/oauthgoog/authenticate-google-app-engine-app
>>
>> Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems.
>>
>> Based on past industry discussion, we wroteup a description of some of the general interop use-cases:
>>
>> https://sites.google.com/site/oauthgoog/robotaccounts/cloudtoonpremise
>>
>> https://sites.google.com/site/oauthgoog/robotaccounts/onpremisetocloud
>>
>> While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2
>> support for Google APIs <http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html>. However we would prefer to get feedback from this group on a standard approach,
>> including around key rotation/management.
>>
>> Eric Sachs
>> Senior Product Manager, Internet Identity
>> Google
>>
>> _______________________________________________
>> woes mailing list
>> wo...@ietf.org <mailto:wo...@ietf.org>
>> https://www.ietf.org/mailman/listinfo/woes
>