Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Francesca Palombini <francesca.palombini@ericsson.com> Mon, 05 July 2021 16:59 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 657AE3A1F27; Mon, 5 Jul 2021 09:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52nJ-2cqB_vW; Mon, 5 Jul 2021 09:58:55 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70050.outbound.protection.outlook.com [40.107.7.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611393A1F25; Mon, 5 Jul 2021 09:58:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LvLXD9+H9SGf/ojbgRPYIAdKHcvpvUN2DnbzUoa1O/75p8HPlD7LL7beXyoZb2w5BF+EAvHXAq2jLOxGKelM4JwN8WEYMil1AyG4/Ljf/xTkDPPta4SyZwju98nEHgPup90/rXY3ntS1twLt2ngCsfo8I6cRpf4vlKXhZ4vgqllmFSLa/UAYiCP5Hav07Mj7sY3Qh6ZxZJQyoxrUQ6aXyUk/6bAQ9fawX5mlnXixcNm0zGnrBS7SKd/garHMbldx9PrFz3MaxyeFItD5fd4q80rzOQadlYWOC6ItJv4Ej6P/nQXm6gwUj9M0FWp7tcaJhksXGT1e/4uUknSdtgUhXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hjaSw14t1SAtJKFL3Qcv3RPhANHeseFjBdcufp38D4w=; b=Mm2uBCp+T/eJgwgnmkRmFZqJvALZ2kwxUY4EZqcgdpPEv/ZKkAY2HzYrJaala5magSXwOHhYGTC5y6bbBEU2VomeWsUQAF1OYk/VX0yuopK7KRV2ecMHaPGyGGdWUTCCSowoDxB/tQIixI5lSd8SI5nHzqIt3UI7FgD/3AQxHWDKkM2/cyskn4ie2RC3mrjVz4KPxSLtI7xo/Y0m2593CsWDB3AwZtURrz29JR70aQ0H39Hvx9gbSlr1aGI0uJp+gqne3LCk3AIyUuVnAubrfFgJjCYHyEWtYOCFdw1ebs191bl25gpEtqea/bA2mR7sBYW3CCnbMOIirDdOy0emvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hjaSw14t1SAtJKFL3Qcv3RPhANHeseFjBdcufp38D4w=; b=CPWhnXamH4hyT+iLfbEm0qvb8fedqTfHRvVpw+lcfyW/deJnKJjKnbWU3SDF5/+0ANNOCLo12oc6vZC+WmnzVqy+3SxVEEVJn+CDQRjXW8LDbGUdVF2136++84IM83QsrEFQjwPnBFg1INNYwmgb3SNE6nlvsxeU8m2JF0j5sWY=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0702MB3771.eurprd07.prod.outlook.com (2603:10a6:7:88::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.15; Mon, 5 Jul 2021 16:58:51 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::6ce5:7088:a9a8:15d9]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::6ce5:7088:a9a8:15d9%7]) with mapi id 15.20.4308.019; Mon, 5 Jul 2021 16:58:51 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Ludwig Seitz <ludwig.seitz@combitech.com>, Daniel Migault <mglt.ietf@gmail.com>, Cigdem Sengul <cigdem.sengul@gmail.com>, =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
Thread-Index: AQHXXP9PFhvEr4sObUqGUYCooE8rZ6sLf0QAgAsq0wCAFMBAgIAAPD4AgAjAu4CAAAkFAIAAO4SA///qeICAAAXLgIAASXuA
Date: Mon, 5 Jul 2021 16:58:51 +0000
Message-ID: <15769C3B-A3B5-46E6-AD3A-9FBA63783EAD@ericsson.com>
References: <161659738410.3239.3955409176349739508@ietfa.amsl.com> <5634f824f7b14878b5d7d1fdd3b2ed33@combitech.se> <EE1CBB56-8951-473C-A006-875D49BEE350@ericsson.com> <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org> <AM0PR0302MB3363C4C6DBD796E67986BD079E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <43222AD5-BA56-423F-98C7-65128A6C35B6@tzi.org> <CADZyTknQEYbv=3vo_MfjGeWmJOcU-QfkFua-ZGnFHfXhni=omQ@mail.gmail.com> <3AF922BD-D6D7-4D20-AA39-5E0D5BEC8A29@tzi.org> <a040239b-fc8c-b2a3-c055-481246f4397c@tzi.de> <AM0PR0302MB3363B7DBB026447BE536D61D9E1C9@AM0PR0302MB3363.eurprd03.prod.outlook.com> <A15462D1-DD0F-4B3C-8C59-7652C6A5F471@ericsson.com> <78BAB6EA-0DDE-4C6C-A923-815E73F1B197@tzi.org> <F329D30F-EF2A-4BE3-B29A-8425CE44A6D2@tzi.org>
In-Reply-To: <F329D30F-EF2A-4BE3-B29A-8425CE44A6D2@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bbc2eedf-3d4d-423f-5a9a-08d93fd62a75
x-ms-traffictypediagnostic: HE1PR0702MB3771:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0702MB3771280012A599B0478B1FAE981C9@HE1PR0702MB3771.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LeRZ3TGkZe79Ui+vKbzs9EqfAoCp/Od0fTQMS7YU2hD6t9OOnC+nvKkBklR2pCOvl37Sh22OLKQG8uH/z5mfZlg6FI/xFuPJpt3unQu/R8BI/hpRwJtKYvnFV0QSb29puFMC7XLtZJlyMk9Pvpcc7DWFUr/LG0ocO/JOco2QIg/upi0xYNd0VXkMt7AqsRSiH0ZosNWYQSPDw3kkvNKcugWmYhacdIai72LqpFeabySryV4vtTsIL4Bab0tnIM70UvfN76pvYArY86/061b+y+oPLzQ0MEy6ZaJonuhRtVwAtMxZX7ujjqozWSzCKM40CIS9VIuEKMsjLZAslfS8tO8mFQqdNakiuVqI4n52awvnV+7MSXPp4wSKnrPagtsd15RTW0mjCERNJBkp/BBFjuAiVH+s84F3C0sYAj8JZqSsJb6dybN7VIoSK+LVSltJFHlXUcAlvnOnlUCvn3nsK0zSsiw4qGzB5C8fSiSHnRS1aPavq171KT8PYP1ZukKAV8/JurbvSpErduW81q9644TajN9Xo1/kBVImwlAX6XFnXI+4kxFFPgOZ8j2hO7jcG4dYHcp8LsYXnloZl+84rLP2elcmzpYrse+ATnbVoX70QnBgkKiizsYdfNOahhtA0spuUC4p1nMJ+dqFw50pG71WouY+dYeem7U7Cx/SJm4UnSzSoXiwoRSb/KU3b9wVLn0ixwwiATLIzr+nuCxphQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(396003)(376002)(366004)(39860400002)(76116006)(2616005)(6916009)(86362001)(6486002)(44832011)(186003)(316002)(36756003)(66946007)(66556008)(71200400001)(4326008)(66446008)(66476007)(64756008)(122000001)(54906003)(8676002)(2906002)(6512007)(53546011)(33656002)(83380400001)(478600001)(8936002)(6506007)(38100700002)(5660300002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?U284UnE5S2V1UmtRa3Zta3BxR3czNHJ0SVRLTXluSWF2a242eUZ3WnpXd1Ur?= =?utf-8?B?MU1jbzlCNFdUOG8za3FLMWtOM3RjWDNOVU8yNkJhOTRXSXJmVjFaYWtRMWVP?= =?utf-8?B?UDY0MHFSSFVFb0hOSEdrYk1KZlFZYUVxUjRzZHFHeDdNM1Bwa09SQVRROWs0?= =?utf-8?B?WW0rOHM5MzJ3eFBqdTVmczViZjMrc3J0RDZ1ZFNGenBuWnNYVW8rWHJnSDg1?= =?utf-8?B?cGFMRjJONUdsS3pLam05MUlBdEFpQThzUS9YcGJ3WXR5VUxMdlo3SlJSbnh6?= =?utf-8?B?c0MzMXFoRzNTdFV2cDloelRUUWdOemdvNGlSN3dWUGhQYjd0bGJiUnBIK2xE?= =?utf-8?B?aWpCS2xXclc4S01ieEhnSGdoaTNZcDlyeEwrSTZZSWg5WHZoV093blZjS1hN?= =?utf-8?B?V2U1d0p4c1VtaXVRZ0F4c3JsY1AyTHlUSE5KQnFVTm5XQThjeFMzTFVLcEw0?= =?utf-8?B?VWRzbmhxNVZaeXFtY1RqV20xK2xKMjRmUWpNVmJqb211Qmc5NEtmVmFvd3Ns?= =?utf-8?B?aXBVekJhaFRZRDV3THIrdFpPZlJyV0VDelk3dXJZcllVS1JDQVF6eFRXWllx?= =?utf-8?B?RFdTb1BjY2xOeHFwOVB6NGVsNzJsMFVocWtZbElHTnRyd3cvOHNrdHdieEtJ?= =?utf-8?B?U25pTExrOUlwUkxzRXJkTEkyRE84VnlWUW9wWlR5MVNyWk9QWGVvU0RQSzQ0?= =?utf-8?B?YlRjRkpIQUVwbis3Q2tuNjlWTDVFbFRXc2x2NHhqVkZBajhobWF0U2V5SnhM?= =?utf-8?B?cnhmVDgzb1Vka0hGR1M2T2JxNmdpckRjTUc2eXlyb1E5MG11YVVpR2VOUWVV?= =?utf-8?B?Z2JzTXNJcHFQWmUxbnZMWmZWeXgvSWY5cGFLclk4aDY1Y1VYWlNuWGFpQm5p?= =?utf-8?B?blQvZ2FONWRrRTd5RXNRV1h0SDBLczJGUFJaaFJiWnR5V2ZZUmk4aUp0cWho?= =?utf-8?B?Vm9mcFpUb3d0WE40S3MrUW8xVDd3MTJTWU1tVjZmaTdPTm1pcUZQUmJoaTdO?= =?utf-8?B?Q0pwdHpEd1p6TFhJbWNnMFJ2clFyWC9PVEJETXQ0MFExektoLzYyUi80Nkt5?= =?utf-8?B?cTY1aDEwakk0SWx6NW5nR0xtYlZhYzBvaG9OeG40UlZmWGhtMGpwQ1AwWGdw?= =?utf-8?B?RFE3VnRXVnlOd2VTYUhjOExPSEZReU5abmkvOUJCVmlDRDZ2aWlpVzRxZnNn?= =?utf-8?B?TGJqYi9lVVZNME9nNVVIS1RsVldHUGwyUTVsVmsyZUZjYUpFMGxrK25ramhy?= =?utf-8?B?d1pOMDF2Z1lzeThDSCtrS0FVN3VhandUdEM1N0pvMFJrTUdiQU4wdldwc0k5?= =?utf-8?B?WVRnenQrV3BxUTFTQXNnMmFZUXlnaUh2MjVVZ250d05WRGVrNG5XektyQ3U5?= =?utf-8?B?N0pxVUZFMHFzS0p3WTVSbzIxTGQ3MjJOSHdIaHlYNjRQSzVpcGQwRVRJaGR3?= =?utf-8?B?ZktVUm1uZkJJY0JDTzNTL2VQWmR5aE1uV1dra0ZJS3lyN2hpZTBtU1BqZkVI?= =?utf-8?B?c2toeGRzSnF0b1AwdGIwMUlPaDZDMEVGM3kzMmN2bzBVcXBBNGk2Tk5rUkJ0?= =?utf-8?B?bzJBWEJ1MCtycGJZVk5HNGhRVmIweno0TGRCYXlZRFZ2TzZTTE14Z1pHK3B1?= =?utf-8?B?UlFkMUpPd2U2QVRxTzRzbkVwMDdldklkU0pOUFNTaHpsNzVLUStObnk1MVRD?= =?utf-8?B?enMvWHdwdjJYdzlYd1BSVDNGUDBQVkVkWXhFem1IQklIcFJsZTVyR2FnV2Z2?= =?utf-8?B?T2lJTENqRkNMcGhpNjlyUEZJelYvbWZLb3lpdUtFZHZheVRUNFV4d3B3S3dY?= =?utf-8?B?bXBuTG1Ba2l1VkI1djl2SCt2TCtKam5mOUNWU2YwVGczYXp4ODdQZkNIQkt4?= =?utf-8?B?ZGRiK2hWZUhvZVVHbEtJQXU2MEQ4NWl5VXZWMHRJSHhva2c9PQ==?=
Content-Type: text/plain; charset="utf-8"
Content-ID: <B159FEFCF33D1B498781A29FDB7BD972@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bbc2eedf-3d4d-423f-5a9a-08d93fd62a75
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2021 16:58:51.6191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 42B62nGZvrMyluI5G1x/dxTGmxO27Xm3a3sfJZL56kpKw8oGPxRMkmXALM+gxwnzEOWYUfu0iZkwJWo/dWvSpxWXwkZNK9zAmXlmTBuqzigdrg7aiK8tcm3Q/9RKC8C5
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3771
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/8NEdDxz7nbwewlrGI6DUOcd8Sbs>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jul 2021 16:59:00 -0000

Hi Carsten,

I like your proposals! I changed a "define" to "specify" to remove some repetition, so finally the text change would be the following:

OLD:
   There may be use cases were different profiles of this framework are
   combined.  For example, an MQTT-TLS profile is used between the
   client and the RS in combination with a CoAP-DTLS profile for
   interactions between the client and the AS.  The security of a
   profile MUST NOT depend on the assumption that the profile is used
   for all the different types of interactions in this framework.

NEW:
   There may be use cases where different transport and security protocols
   are allowed for the different interactions , and, if that is not explicitly 
   covered by an existing profile, it corresponds to combining profiles into a new one.
   For example, a new profile could specify that a previously-defined MQTT-TLS profile is used between the
   client and the RS in combination with a previously-defined CoAP-DTLS profile for
   interactions between the client and the AS. It is REQUIRED of the new profile to specify the
   combination and to make sure interoperability and security properties are achieved.
   A profile MAY want to prepare for being combined with others by clearly specifying 
   its security requirements.


Francesca

On 05/07/2021, 16:36, "Carsten Bormann" <cabo@tzi.org> wrote:

    On 2021-07-05, at 16:15, Carsten Bormann <cabo@tzi.org> wrote:
    > 
    > The last sentence is kind of obvious (I hope that the same applies to non-combined profiles), but Section 6.7 is short, so a little superfluity does not hurt.

    In offline communication, I have been reminded that adding this sentence would appear to be appropriate :-)

    NEWNEWNEW:
    A profile MAY WANT TO prepare for being combined with others by clearly specifying its security requirements.

    (Using an RFC 6919 keyword.)  I wish I didn’t have the strong feeling that this sentence may actually be required.

    Grüße, Carsten