Fwd: [woes] Native JWT support in Google App Engine

7 views

Skip to first unread message

Mike Hanson

unread,

Apr 6, 2011, 3:48:28 PM4/6/11

to Labs Staff List, mozilla-labs-o...@googlegroups.com

FYI.

Begin forwarded message:

From: Eric Sachs <esa...@google.com>
Date: April 6, 2011 12:43:05 PM PDT
To: wo...@ietf.org
Subject: [woes] Native JWT support in Google App Engine

Google has just added native support for JWT to Google App Engine. Here is the documentation:

https://sites.google.com/site/oauthgoog/authenticate-google-app-engine-app

Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems.

Based on past industry discussion, we wroteup a description of some of the general interop use-cases:

https://sites.google.com/site/oauthgoog/robotaccounts/cloudtoonpremise

https://sites.google.com/site/oauthgoog/robotaccounts/onpremisetocloud

While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2 support for Google APIs. However we would prefer to get feedback from this group on a standard approach, including around key rotation/management.

Eric Sachs

Senior Product Manager, Internet Identity

Google

_______________________________________________
woes mailing list
wo...@ietf.org
https://www.ietf.org/mailman/listinfo/woes

Anders Rundgren

unread,

Apr 6, 2011, 3:59:47 PM4/6/11

to mozilla-labs-o...@googlegroups.com

On 2011-04-06 21:48, Mike Hanson wrote:

I think the market for a working PKI solution is much larger.
Such a solution would be great for clouds as well as for
banks and government agencies etc.

Anders

> FYI.
>
> Begin forwarded message:
>
>> *From: *Eric Sachs <esa...@google.com <mailto:esa...@google.com>>
>> *Date: *April 6, 2011 12:43:05 PM PDT
>> *To: *wo...@ietf.org <mailto:wo...@ietf.org>
>> *Subject: **[woes] Native JWT support in Google App Engine*

>>
>> Google has just added native support for JWT to Google App Engine. Here is the documentation:
>>
>> https://sites.google.com/site/oauthgoog/authenticate-google-app-engine-app
>>
>> Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems.
>>
>> Based on past industry discussion, we wroteup a description of some of the general interop use-cases:
>>
>> https://sites.google.com/site/oauthgoog/robotaccounts/cloudtoonpremise
>>
>> https://sites.google.com/site/oauthgoog/robotaccounts/onpremisetocloud
>>
>> While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2

>> support for Google APIs <http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html>. However we would prefer to get feedback from this group on a standard approach,

>> including around key rotation/management.
>>
>> Eric Sachs
>> Senior Product Manager, Internet Identity
>> Google
>>
>> _______________________________________________
>> woes mailing list

>> wo...@ietf.org <mailto:wo...@ietf.org>
>> https://www.ietf.org/mailman/listinfo/woes
>

Reply all

Reply to author

Forward

0 new messages