Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
Francesca Palombini <francesca.palombini@ericsson.com> Mon, 05 July 2021 16:59 UTC
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 657AE3A1F27; Mon, 5 Jul 2021 09:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52nJ-2cqB_vW; Mon, 5 Jul 2021 09:58:55 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70050.outbound.protection.outlook.com [40.107.7.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611393A1F25; Mon, 5 Jul 2021 09:58:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LvLXD9+H9SGf/ojbgRPYIAdKHcvpvUN2DnbzUoa1O/75p8HPlD7LL7beXyoZb2w5BF+EAvHXAq2jLOxGKelM4JwN8WEYMil1AyG4/Ljf/xTkDPPta4SyZwju98nEHgPup90/rXY3ntS1twLt2ngCsfo8I6cRpf4vlKXhZ4vgqllmFSLa/UAYiCP5Hav07Mj7sY3Qh6ZxZJQyoxrUQ6aXyUk/6bAQ9fawX5mlnXixcNm0zGnrBS7SKd/garHMbldx9PrFz3MaxyeFItD5fd4q80rzOQadlYWOC6ItJv4Ej6P/nQXm6gwUj9M0FWp7tcaJhksXGT1e/4uUknSdtgUhXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hjaSw14t1SAtJKFL3Qcv3RPhANHeseFjBdcufp38D4w=; b=Mm2uBCp+T/eJgwgnmkRmFZqJvALZ2kwxUY4EZqcgdpPEv/ZKkAY2HzYrJaala5magSXwOHhYGTC5y6bbBEU2VomeWsUQAF1OYk/VX0yuopK7KRV2ecMHaPGyGGdWUTCCSowoDxB/tQIixI5lSd8SI5nHzqIt3UI7FgD/3AQxHWDKkM2/cyskn4ie2RC3mrjVz4KPxSLtI7xo/Y0m2593CsWDB3AwZtURrz29JR70aQ0H39Hvx9gbSlr1aGI0uJp+gqne3LCk3AIyUuVnAubrfFgJjCYHyEWtYOCFdw1ebs191bl25gpEtqea/bA2mR7sBYW3CCnbMOIirDdOy0emvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hjaSw14t1SAtJKFL3Qcv3RPhANHeseFjBdcufp38D4w=; b=CPWhnXamH4hyT+iLfbEm0qvb8fedqTfHRvVpw+lcfyW/deJnKJjKnbWU3SDF5/+0ANNOCLo12oc6vZC+WmnzVqy+3SxVEEVJn+CDQRjXW8LDbGUdVF2136++84IM83QsrEFQjwPnBFg1INNYwmgb3SNE6nlvsxeU8m2JF0j5sWY=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0702MB3771.eurprd07.prod.outlook.com (2603:10a6:7:88::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.15; Mon, 5 Jul 2021 16:58:51 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::6ce5:7088:a9a8:15d9]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::6ce5:7088:a9a8:15d9%7]) with mapi id 15.20.4308.019; Mon, 5 Jul 2021 16:58:51 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Ludwig Seitz <ludwig.seitz@combitech.com>, Daniel Migault <mglt.ietf@gmail.com>, Cigdem Sengul <cigdem.sengul@gmail.com>, Göran Selander <goran.selander@ericsson.com>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
Thread-Index: AQHXXP9PFhvEr4sObUqGUYCooE8rZ6sLf0QAgAsq0wCAFMBAgIAAPD4AgAjAu4CAAAkFAIAAO4SA///qeICAAAXLgIAASXuA
Date: Mon, 05 Jul 2021 16:58:51 +0000
Message-ID: <15769C3B-A3B5-46E6-AD3A-9FBA63783EAD@ericsson.com>
References: <161659738410.3239.3955409176349739508@ietfa.amsl.com> <5634f824f7b14878b5d7d1fdd3b2ed33@combitech.se> <EE1CBB56-8951-473C-A006-875D49BEE350@ericsson.com> <AM0PR0302MB3363E4EB817969E6B34FBBCF9E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <F44C49D2-C08E-4C04-A751-05ECBBB1DBA9@tzi.org> <AM0PR0302MB3363C4C6DBD796E67986BD079E369@AM0PR0302MB3363.eurprd03.prod.outlook.com> <43222AD5-BA56-423F-98C7-65128A6C35B6@tzi.org> <CADZyTknQEYbv=3vo_MfjGeWmJOcU-QfkFua-ZGnFHfXhni=omQ@mail.gmail.com> <3AF922BD-D6D7-4D20-AA39-5E0D5BEC8A29@tzi.org> <a040239b-fc8c-b2a3-c055-481246f4397c@tzi.de> <AM0PR0302MB3363B7DBB026447BE536D61D9E1C9@AM0PR0302MB3363.eurprd03.prod.outlook.com> <A15462D1-DD0F-4B3C-8C59-7652C6A5F471@ericsson.com> <78BAB6EA-0DDE-4C6C-A923-815E73F1B197@tzi.org> <F329D30F-EF2A-4BE3-B29A-8425CE44A6D2@tzi.org>
In-Reply-To: <F329D30F-EF2A-4BE3-B29A-8425CE44A6D2@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: tzi.org; dkim=none (message not signed) header.d=none;tzi.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bbc2eedf-3d4d-423f-5a9a-08d93fd62a75
x-ms-traffictypediagnostic: HE1PR0702MB3771:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0702MB3771280012A599B0478B1FAE981C9@HE1PR0702MB3771.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LeRZ3TGkZe79Ui+vKbzs9EqfAoCp/Od0fTQMS7YU2hD6t9OOnC+nvKkBklR2pCOvl37Sh22OLKQG8uH/z5mfZlg6FI/xFuPJpt3unQu/R8BI/hpRwJtKYvnFV0QSb29puFMC7XLtZJlyMk9Pvpcc7DWFUr/LG0ocO/JOco2QIg/upi0xYNd0VXkMt7AqsRSiH0ZosNWYQSPDw3kkvNKcugWmYhacdIai72LqpFeabySryV4vtTsIL4Bab0tnIM70UvfN76pvYArY86/061b+y+oPLzQ0MEy6ZaJonuhRtVwAtMxZX7ujjqozWSzCKM40CIS9VIuEKMsjLZAslfS8tO8mFQqdNakiuVqI4n52awvnV+7MSXPp4wSKnrPagtsd15RTW0mjCERNJBkp/BBFjuAiVH+s84F3C0sYAj8JZqSsJb6dybN7VIoSK+LVSltJFHlXUcAlvnOnlUCvn3nsK0zSsiw4qGzB5C8fSiSHnRS1aPavq171KT8PYP1ZukKAV8/JurbvSpErduW81q9644TajN9Xo1/kBVImwlAX6XFnXI+4kxFFPgOZ8j2hO7jcG4dYHcp8LsYXnloZl+84rLP2elcmzpYrse+ATnbVoX70QnBgkKiizsYdfNOahhtA0spuUC4p1nMJ+dqFw50pG71WouY+dYeem7U7Cx/SJm4UnSzSoXiwoRSb/KU3b9wVLn0ixwwiATLIzr+nuCxphQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(396003)(376002)(366004)(39860400002)(76116006)(2616005)(6916009)(86362001)(6486002)(44832011)(186003)(316002)(36756003)(66946007)(66556008)(71200400001)(4326008)(66446008)(66476007)(64756008)(122000001)(54906003)(8676002)(2906002)(6512007)(53546011)(33656002)(83380400001)(478600001)(8936002)(6506007)(38100700002)(5660300002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: So8Rq9KeuRkQkvmkpqGw34rtITKMynIavkn6yFwZzWwU+1Mco9B4WT8o3kqK1kN3tcX3NUO26Ba94WIrfV1ZakQ1eOP640qRHUEoHNHGkbMJfQYaEqR4sdqGx7M3PpkORATQ9k4Ym+8s932wxPju5fs5bf3+srtD6udSFzpnZsXUo+XrgH85paLF2N5GlKzKjm91IAtAiA8sQ/XpbwYtyULLvZ7JRRnxzsC31qhG3StUvp9hzTTQgNzgo4iR7wVPhPb7tlbbRpH+lDijBKlWrW8KMbxHgHghi3Yp9rxL+I6YIh9XvhWOwnVcKXMWe5wJxsUmiuQgAxsrlcP2LyTHNJBqUNnWA8cxS3LUKpL4Udsnhq5VZyqmcTjWm1+lJ24fQjMVbjomuBg94KfVaowslipUzBahTYD5wLr+tZOfRrWECzY7urYrYUKRCAQzxTWZYqDWSoPcclNxqp9Pz4el72l0UhqkYlIGNtrww/8sktwbxKISniLLk9IpRLsErdLI2DO8VyVQopZTy1SrZOPXeoSDPK44bTcFJHAEpn+7Ckn69VL5ElTWslv4xjVFAj8hmatSeyJxLrxfT83oUdkHFGS6Obq6girDcMG6yyroQ90muaUiGeNQeUgbsMsIpqPZe1nvLZfVyx/If9paKrY8h65cUXZSnXaiBninT/gaN5dkE7yEsQWXtH0Ks2FPRZhRbZtyWfYRi8iJtqhhVofpZTowtXN4Ks+Qo1T7w12SYMmV6fi7ONmiqFPRbhi7NCJptzDwZzLXImcg0RvrQrX/OTBDMt40Q1zKh/62R/46Kyq65h10jI4Ilz5ngGLmbVac0ohoNxn4RVfXhm0jpCP0XgpDQ7VtWVyNweSaHc8LOHFQyNZni/9BBViCD6viiiW4qfsgLbjb/eUVM0Og5UHKTlVWGPl2Q5lVk2eFcaJE0lk+nkjhrwZN01vgYsy8CH+kKAU7uajwTtC57Jo0RkMGbAN0vWpsI9YTgzt+WpqQ1SAsg2aYQygiHv25UgntwNVDek4nWzKrCu97JqUFE0qsKJwY5Ro21Ld722NHwHhyX64PK5ipd0ETIhdwfKURmnfBIcBCO3S/ePZdyhMnWWkkFIKyr7hie0mSPjfEHskhxdsJqtoP0tb01IOh6C0EF3y32cvo0UqpA4i6NNkRBto2AXBu0+rpbYVNG4hQVb0zz4LdBayYDVvO6SLMxgZG+puRQd1JOwe6ATqO4snEp07evIdSJNPSShzl75KQ+Nny51TCzs/Xwpv2Xw9XwPRT3FP0PVEdYxEzmHBIHpRle5rGagWfvOiILCjFCLphi69rPFIzV/mfKoyiuKEdvayTT4UxwpwKwXmpnLmAkiuVB5v9vH+vL+Jjnf9CVSf0Tg3azx87PfCHBKxddb+hVeHoeUGlKIAu60D85iyUvV0tIHxokg==
Content-Type: text/plain; charset="utf-8"
Content-ID: <B159FEFCF33D1B498781A29FDB7BD972@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bbc2eedf-3d4d-423f-5a9a-08d93fd62a75
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2021 16:58:51.6191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 42B62nGZvrMyluI5G1x/dxTGmxO27Xm3a3sfJZL56kpKw8oGPxRMkmXALM+gxwnzEOWYUfu0iZkwJWo/dWvSpxWXwkZNK9zAmXlmTBuqzigdrg7aiK8tcm3Q/9RKC8C5
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3771
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/8NEdDxz7nbwewlrGI6DUOcd8Sbs>
Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jul 2021 16:59:00 -0000
Hi Carsten, I like your proposals! I changed a "define" to "specify" to remove some repetition, so finally the text change would be the following: OLD: There may be use cases were different profiles of this framework are combined. For example, an MQTT-TLS profile is used between the client and the RS in combination with a CoAP-DTLS profile for interactions between the client and the AS. The security of a profile MUST NOT depend on the assumption that the profile is used for all the different types of interactions in this framework. NEW: There may be use cases where different transport and security protocols are allowed for the different interactions , and, if that is not explicitly covered by an existing profile, it corresponds to combining profiles into a new one. For example, a new profile could specify that a previously-defined MQTT-TLS profile is used between the client and the RS in combination with a previously-defined CoAP-DTLS profile for interactions between the client and the AS. It is REQUIRED of the new profile to specify the combination and to make sure interoperability and security properties are achieved. A profile MAY want to prepare for being combined with others by clearly specifying its security requirements. Francesca On 05/07/2021, 16:36, "Carsten Bormann" <cabo@tzi.org> wrote: On 2021-07-05, at 16:15, Carsten Bormann <cabo@tzi.org> wrote: > > The last sentence is kind of obvious (I hope that the same applies to non-combined profiles), but Section 6.7 is short, so a little superfluity does not hurt. In offline communication, I have been reminded that adding this sentence would appear to be appropriate :-) NEWNEWNEW: A profile MAY WANT TO prepare for being combined with others by clearly specifying its security requirements. (Using an RFC 6919 keyword.) I wish I didn’t have the strong feeling that this sentence may actually be required. Grüße, Carsten
- [Ace] Francesca Palombini's Discuss on draft-ietf… Francesca Palombini via Datatracker
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Seitz Ludwig
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Francesca Palombini
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Cigdem Sengul
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Hannes Tschofenig
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Francesca Palombini
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Hannes Tschofenig
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Francesca Palombini
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Seitz Ludwig
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Francesca Palombini
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Ludwig Seitz
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Ludwig Seitz
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Daniel Migault
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Francesca Palombini
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Francesca Palombini
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Ludwig Seitz
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Ludwig Seitz
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Carsten Bormann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Olaf Bergmann
- Re: [Ace] [EXTERNAL] Francesca Palombini's Discus… Ludwig Seitz