I think the market for a working PKI solution is much larger.
Such a solution would be great for clouds as well as for
banks and government agencies etc.
> Begin forwarded message:
>> *From: *Eric Sachs <esa...@google.com <mailto:esa...@google.com>>
>> *Date: *April 6, 2011 12:43:05 PM PDT
>> *To: *wo...@ietf.org <mailto:wo...@ietf.org>
>> *Subject: **[woes] Native JWT support in Google App Engine*
>> Google has just added native support for JWT to Google App Engine. Here is the documentation:
>> Our hope is to work with other players in the cloud computing space to improve some elements of cloud security by using PKI, JWT & OAuth2 for interop between our systems.
>> Based on past industry discussion, we wroteup a description of some of the general interop use-cases:
>> While this new feature in Google App Engine is a significant step for Google, we realize there is more to do on our side such as adding support for JWT assertions in our recently announced OAuth2
>> support for Google APIs <http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html>. However we would prefer to get feedback from this group on a standard approach,
>> including around key rotation/management.
>> Eric Sachs
>> Senior Product Manager, Internet Identity
>> woes mailing list