Re: [Ace] WGLC for draft-ietf-ace-authz

Carsten Bormann <cabo@tzi.org> Thu, 25 October 2018 13:32 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ABCA130E55 for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 06:32:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRAn_KDW9wP0 for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 06:32:41 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F88D130E5C for <ace@ietf.org>; Thu, 25 Oct 2018 06:32:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost2.informatik.uni-bremen.de [134.102.200.7]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id w9PDVrGZ012536; Thu, 25 Oct 2018 15:31:58 +0200 (CEST)
Received: from [192.168.217.114] (p54A6CA9F.dip0.t-ipconnect.de [84.166.202.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 42gp2072FPz1Bqk; Thu, 25 Oct 2018 15:31:52 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <877ei6tnwf.fsf@tzi.org>
Date: Thu, 25 Oct 2018 15:31:52 +0200
Cc: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
X-Mao-Original-Outgoing-Id: 562167110.484911-d50da1a89401296c726e9b002cd2a7b9
Content-Transfer-Encoding: quoted-printable
Message-Id: <A23F3341-41F8-4449-95D1-B69FAB0C57A9@tzi.org>
References: <065b01d45f4e$b8d372a0$2a7a57e0$@augustcellars.com> <SN6PR00MB0301580A2D802AB0F559A170F5F70@SN6PR00MB0301.namprd00.prod.outlook.com> <3B32C31E-11C3-4808-82DC-3C75C949A0E9@tzi.org> <877ei6tnwf.fsf@tzi.org>
To: Olaf Bergmann <bergmann@tzi.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/9-gXzcGAiV9kSV09nBQrN_gkRk4>
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 13:32:42 -0000

Well, I was a bit terse, was I.

I really meant to address the CWT-like structures, not everything that is ever encoded in CBOR.
If it doesn’t feel like a claim set, then of course there is no point in mimicking CWT.

Grüße, Carsten


> On Oct 25, 2018, at 10:45, Olaf Bergmann <bergmann@tzi.org>; wrote:
> 
> Carsten Bormann <cabo@tzi.org>; writes:
> 
>> +1 for making all the CWT-like structures into real CWTs.
> 
> Not every key/value-pair encoded as CBOR is automatically a CWT. What
> happens here is that we are trying to force every protocol element that
> is required to solve an application-specific problem to fit into
> existing registered OAuth elements. As already pointed out by Mike, this
> does not work well because ACE is different from vanilla OAuth.
> 
> The best solution I can imagine to conserve precious number space is to
> use the media type (Content-Format in CoAP) as differientiator and use
> CWT-numbers only for things that are CWTs
> 
> Grüße
> Olaf
> 
>