[Ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-05.txt

Marco Tiloca <marco.tiloca@ri.se> Fri, 16 July 2021 12:23 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9575F3A34A6 for <ace@ietfa.amsl.com>; Fri, 16 Jul 2021 05:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lF6b_x7X42X6 for <ace@ietfa.amsl.com>; Fri, 16 Jul 2021 05:23:24 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2070.outbound.protection.outlook.com [40.107.20.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD3653A34A3 for <ace@ietf.org>; Fri, 16 Jul 2021 05:23:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Al1Z8tf4xrOYbt8g1ZVWwW+bziapMcVmPPlHi50+nQH1KKVSOGJOsoz7E4tscm22VEI5CRLYo+fhdU/WJyUPa3NsCL7gEClZwVHQn2QYmknSH2msZp2UcRMB4qEKS38VKDwbmkQln06073dhxqNpkxis/QHjPNB5YDfuqiIisRP1QlaYGbZxpIaAPUpTsOxymQ+s5Sf8MxrU8+pZxoNnmHFoo9LEQ+E6SNxoj3iITVxV6BXAL/uiApbvkrw9SRjpFUjdA5dgvxokV5Y9k/5QXovaQJaZyGkAR0zHyHJKGJMylYv8C7GXAoP1Cu+h4UjroJ3bkr/sCj3g3aIMaVTetQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pakimsulD0eQNZEseQ6Fks8J4WllajiQDugh4sNZCjY=; b=NHzK80V+X3IXpzqfGADg6+7FLuSC8+A4rjtSaA7DJAzpIpqCVSQbMpDo+T6+JJDQ0C1THIqhW9L0YISVe3VGejgsaALPLZmgZhqU9ZPHGYimlvy5lG2Y81noSSO1cVxItpgpRYJ4hiG3txtCJqFa+czCqL4WYaNqKDfNondcJq2S92zyikodj5Epukpa8KUUBK+0K9SPmR5cTOeVhMj+jMOFfH9Vb4GkFZfixpXOEg+zV0YG0wPnEvyyGvBQnQWXCXr+JlN491b0FK/V+KITK2X/UIynCqwzetzsYIiij7V81I+QsH1CZcVRrP9tidYpWlJQcAXAxbG3mdZRVCFiGg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pakimsulD0eQNZEseQ6Fks8J4WllajiQDugh4sNZCjY=; b=aOlPF07NmlXALUz+mutsZqX/JmbXDmoO8dqwCtEFRMlF9tJmf4NUlZ8OU344Psny1QwzkicJTTf79jbvK+h5s6pNtdC5Oeu0re4SrieBztMxfNaYZsQHqR0d/ILvEzqcOfPHnIJRDJKJVCglYCWXNzJSlm3+/WD9uKX1pCLBRNc=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DBBP189MB1419.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:1ed::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23; Fri, 16 Jul 2021 12:23:21 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::4837:ae94:28a8:8014]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::4837:ae94:28a8:8014%4]) with mapi id 15.20.4308.027; Fri, 16 Jul 2021 12:23:21 +0000
References: <162610576139.17669.13064275392161371782@ietfa.amsl.com>
To: ace@ietf.org
From: Marco Tiloca <marco.tiloca@ri.se>
X-Forwarded-Message-Id: <162610576139.17669.13064275392161371782@ietfa.amsl.com>
Message-ID: <0913965c-1f2c-e3b6-23ae-5fd1c251d209@ri.se>
Date: Fri, 16 Jul 2021 14:23:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <162610576139.17669.13064275392161371782@ietfa.amsl.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="GMbLI3ChZN5KsPoPzGSWjFInpH1u8rrKr"
X-ClientProxiedBy: HE1PR0502CA0012.eurprd05.prod.outlook.com (2603:10a6:3:e3::22) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.3] (185.219.140.159) by HE1PR0502CA0012.eurprd05.prod.outlook.com (2603:10a6:3:e3::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22 via Frontend Transport; Fri, 16 Jul 2021 12:23:20 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c956cfa3-cfb0-438e-07f4-08d948547feb
X-MS-TrafficTypeDiagnostic: DBBP189MB1419:
X-Microsoft-Antispam-PRVS: <DBBP189MB14198911BFC0B5DE3821CD3499119@DBBP189MB1419.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: YY4GYRtHcdNxtjuauJ6veEP18vVWAbU5MeFx7VqDYqYKDMZlFK8aXzev2b7g0W+3V64UgDI1iZl81M/ASQjL6C41nSxl+95ZQL5J1kj9ysjtWZiPMmySnsMeSsC7Usfap3iC1f6VKQv502lutypbcFIKV+6xX3JEek+00pU5rJk6iYn/m0Y97U4A+SjpEZU8RQjMWKxAu1ZLUlmzWWVj7wcGAfT7x6q21Exl1A5hchG1ozpnS/8QFtlowqpN4ksFlv6c/n7CvhPXzlcvkGsjLClafSpB6Hi8pIDfwWZPqZDJJVQhSYgupOAPhk7A5FbdAhdh5sJaMu4jja0Pxwd/0E9zcJVNQa0GG9KCn3VxJeQirBYlR/CLIjTCHxys5JQsqi9IYvAzrjSIBYEDjxIUhqnDVQViIOY3SeMfKyqzG6LeA93kaDB9qB0/aslXQUos56jP49SNeE7/mwd589QOL5H1sKgoxdcbEtWoYj0mqfT4hGLyJvHpYvMXxUgPtDakr/nVLD//JtD1hW+fUmxYPJWan7zdTJmtZKjtpNCRV3zwUVQ5+rP5i/Tf2mLjJrten5Xapyho2Qoq+ljRhMRXSI2lsc02YNLqKYUX7j3Fp48YlUx/83M+LFHbUGBUqlozTLnDIo4zPSyOqyv6SADLBWdOUt27992aXoh1V5GwE0C93+eiinNOQuMHGWWdn+dueAGK+9TBKp7Dm21uijag+8TwhUBugUEZTTwKlpfjy/k27h1BA0bgxnM80ktFeUEt5MKnoQh3KqKp5isi+yxyyJn3bUh1+0ZOa3ksnUXZqBh9iGK4+a7+NKnl+J81Mpwm
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(366004)(136003)(39860400002)(376002)(2906002)(31696002)(6486002)(45080400002)(26005)(966005)(31686004)(15650500001)(38100700002)(186003)(36756003)(478600001)(86362001)(83380400001)(21480400003)(6916009)(6666004)(66574015)(44832011)(956004)(2616005)(66556008)(5660300002)(235185007)(8936002)(66476007)(8676002)(166002)(33964004)(16576012)(66946007)(316002)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZkVkS0NuaC90YTM0a25NUTlJcTNkOVpDbkxGY3dJV1hPNG4zdE5waUIyRy9H?= =?utf-8?B?UFBma2xQSU9XdzNCcFJVOXF4QWs2QmlNbEJBZklQVXUwVFRnT1Y1N00vN0I1?= =?utf-8?B?RURCVVdyaHlFdW9TTUo0NjJTSjJxZWMySm1taFJHSlEwdkhRRStOWmRUOEFu?= =?utf-8?B?NE5mQjUrT2ZTVy94VXcrbUt4WUU2NzZua2F6YjBBVk9IOUlNWTErV3hWTHFp?= =?utf-8?B?OFZQQ1REMFgyNlV0V05xbXZnSTN3VXNrVENPdHc0SFdCZjJ4T1ZPMXpoQ3pn?= =?utf-8?B?TVFHOTJGMHREczR2RDlxWFg4eFVjSHRxcUd0YzNhWjlPQXlMdUxSLzdzMlI0?= =?utf-8?B?dUNMVTdUcnlVRERpS0x5Z1NtUHpYRTN2NkgwRFVFWm5QSU5ZS29kcGQ3S3o3?= =?utf-8?B?c1pDYzRpSHkzWlJPWXZlZXVodngwUjFLR3dCNzA0cEhScnNYVENyT3plSGJQ?= =?utf-8?B?NnBCWU4xVnF4Rktvc3o3S0ZkeFBZamEwSWhZZEdXcXFscWxnbjJ6U2VKMGFT?= =?utf-8?B?UDh5eUNVKzNFYUlsSHlNWFdmc2VKbzVBd0VuVU5HcDF3NHNCQVdGRDlPYUw2?= =?utf-8?B?MitHYnZEa2FGa09pdVhIaG5BT1RreEZydHREQUxMdXEwcXJzQnR5LzhDaitw?= =?utf-8?B?d1FDRmRSazZBOGdQajNpRnhITUZ2VU51UkpaL05lVUNYOWdObHJ2N3A3NHlJ?= =?utf-8?B?dU53S1dUZXVVZEN2QkdrZkUrSFFsYWpNVGp2a0MwQzczaTd6UGREamo0bFJI?= =?utf-8?B?M2RvZGhnVytLTnI3QWtTVFZLWEM5WnZTL015c01XdlJpWHp5dlBwMEE3czhI?= =?utf-8?B?N24wbmNZb3RCdS9wTW0wSnRyZEdJblN2emdqVXB3RCsvZDlpd1NaVWMrNExD?= =?utf-8?B?UjVGVmxYdnJ4NjJTVWVxOC8zNVFsOExSNytRbGx6Mis0UjUxa2xMcHNuZDQ2?= =?utf-8?B?bG5wODVvRDU0R1lST2thbDhJK2hMV01ueVVQWVJpOXZIM25mVW5jMUZ5Yk9Z?= =?utf-8?B?U2dvcWIrOE9DNjJ2dG9lTW4rRUM0NTA1bDhRRVUwRHNVdndNSDRCWVl2N1NW?= =?utf-8?B?YnRjM08zRXlZdjdlOEZ6Ry95Qlp2ZnVZZENDclRxOWw0eUN3LzV3dURxUnJO?= =?utf-8?B?emp2b1ozV3BETnE3UUZoekw3STJZUzE2TDNIeTJaUDRXSnJhYXZhNlVmRVlT?= =?utf-8?B?RTYxNDhzZHZWSHJsU3FIb2ZEemI3Q0tkSGxOZnFUSldqNkNqYXBORkM4UDJ1?= =?utf-8?B?bWQ4UUJpUk1Zd0NEM0wvM0xkNnAvdU81TVZ2TkNIUU02TjMrN29GS2J5Y2xl?= =?utf-8?B?UzNkTmpnZXlHMzVLSXZSYzBTMzBCUmRTeHJEUElZQ2JqbnhVMTVVU3BWcjEy?= =?utf-8?B?c1VwV3BOalAvUXhOZG9UWTZsaXRhODhxam9IZVhkQisvSDgxM0VhWGJ2Ulp1?= =?utf-8?B?UGgrZUNCTUhTQUhkajJQWlJndHp4VEk2cjQrT3poUnBtL29NNmRuck9Qam5a?= =?utf-8?B?bk9xUm5IcmkycDFrcnV5NUdXZXVhem9TME8zdjlxd0U4c2R4RmdxbVdsU0Uv?= =?utf-8?B?MUxSQ0RqZ0xrSnN4Sjk5cDl1eUViWGVoRy9pUW52T3Z6TGt0bWdMNlNGeEtq?= =?utf-8?B?S1kvbk1HbjJ3N2IwTG90K2E0dHVYT0IvMVlVQ0VibHhESkdmOE55T3NJQlhw?= =?utf-8?B?ZVhHaUdPVmxaWTJ4bzh2U0Jwd3QxWXJOVWNoeGNrYWZoSGgwL2U5V2w0WlBy?= =?utf-8?Q?w6FM9EYB6/k3/RK+/q/zAo7ITy8p880BkcqDP63?=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: c956cfa3-cfb0-438e-07f4-08d948547feb
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jul 2021 12:23:21.1791 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: TXLhXVN8YxRgNT5UB5q4O8Ks1pmvU3xGK4UXyupdAdpA6xPA1kMdTgQpwwvg1XpGhDcT+BX9SLUi8fxMVdohPg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBP189MB1419
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/2YVvVXWkwvKcgBUgbqCfaN6_3xo>
Subject: [Ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-05.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 12:23:31 -0000

Hello ACE,

We have submitted an updated version of 
draft-tiloca-ace-revoked-token-notification

https://datatracker.ietf.org/doc/html/draft-tiloca-ace-revoked-token-notification-05


The document describes how an Authorization Server can notify Clients 
and Resource Servers of revoked but yet not expired Access Tokens. This 
is achieved by means of a Token Revocation List (TRL) resource at the 
AS, that a device can access and observe by using resource observation 
for CoAP. The approach complements token introspection at the AS, and 
does not require additional endpoints on Clients and Resource Servers.

This update is especially about:

1) Addressing the comments from Michael Richardson [1] over the previous 
version - Thanks a lot!

2) Specifying the optional additional usage of the "pmax" conditional 
attribute from [2].


Comments are very welcome!

Best,
/Marco

[1] https://mailarchive.ietf.org/arch/msg/ace/4eg79d-ekcI--O5zXa3irpHxqrc/

[2] https://datatracker.ietf.org/doc/draft-ietf-core-conditional-attributes/


-------- Forwarded Message --------
Subject: 	New Version Notification for 
draft-tiloca-ace-revoked-token-notification-05.txt
Date: 	Mon, 12 Jul 2021 09:02:41 -0700
From: 	internet-drafts@ietf.org
To: 	Francesca Palombini <francesca.palombini@ericsson.com>om>, Grace Lewis 
<glewis@sei.cmu.edu>du>, Ludwig Seitz <ludwig.seitz@combitech.com>om>, Marco 
Tiloca <marco.tiloca@ri.se>se>, Sebastian Echeverria <secheverria@sei.cmu.edu>




A new version of I-D, draft-tiloca-ace-revoked-token-notification-05.txt
has been successfully submitted by Marco Tiloca and posted to the
IETF repository.

Name: draft-tiloca-ace-revoked-token-notification
Revision: 05
Title: Notification of Revoked Access Tokens in the Authentication and 
Authorization for Constrained Environments (ACE) Framework
Document date: 2021-07-12
Group: Individual Submission
Pages: 35
URL: 
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-revoked-token-notification-05.txt&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7C2d021471fe694f16d57708d9454e8eed%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637617025969303302%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ACbXo9gz8jqHJCTvW76YcsKHGLy%2B8SfqrOltqwMmEA8%3D&amp;reserved=0
Status: 
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-revoked-token-notification%2F&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7C2d021471fe694f16d57708d9454e8eed%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637617025969303302%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=VVp%2FQ5FjT6omk0rvPGHOtsdQcoAtk4JSZUtnqnvgb1w%3D&amp;reserved=0
Htmlized: 
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-revoked-token-notification&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7C2d021471fe694f16d57708d9454e8eed%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637617025969303302%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=w1gv6UXsCjsMvc6FbQg7c0hMa8VOx0BTmWmqTEboqao%3D&amp;reserved=0
Diff: 
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-tiloca-ace-revoked-token-notification-05&amp;data=04%7C01%7Cmarco.tiloca%40ri.se%7C2d021471fe694f16d57708d9454e8eed%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637617025969303302%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=iYNs2cRqNznbQMzyrb6fJPIy9zP82rYoPHouCSmvI2I%3D&amp;reserved=0

Abstract:
This document specifies a method of the Authentication and
Authorization for Constrained Environments (ACE) framework, which
allows an Authorization Server to notify Clients and Resource Servers
(i.e., registered devices) about revoked Access Tokens. The method
relies on resource observation for the Constrained Application
Protocol (CoAP), with Clients and Resource Servers observing a Token
Revocation List on the Authorization Server. Resulting unsolicited
notifications of revoked Access Tokens complement alternative
approaches such as token introspection, while not requiring
additional endpoints on Clients and Resource Servers.



The IETF Secretariat