Re: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth-authz

Mike Jones <Michael.Jones@microsoft.com> Tue, 28 August 2018 16:44 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68D30130DF9 for <ace@ietfa.amsl.com>; Tue, 28 Aug 2018 09:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MTggIVNKIK2 for <ace@ietfa.amsl.com>; Tue, 28 Aug 2018 09:44:38 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on0106.outbound.protection.outlook.com [104.47.53.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 619C9126DBF for <ace@ietf.org>; Tue, 28 Aug 2018 09:44:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=90g9Z/EnQgfQe+HwEvMqtp4mbd//LWaTCjq6iRFcb4M=; b=dErAyGS+dNI8MGAHOa2XcuOgOrMhWrUq5PmLdl9P0uMgWx7SXuHErurB3CKnrh/rfjabwz1wR32e1gnS0R0YLAL17n3sBWND7PSm01Tg7jyXzN+vEc+kInqg/O+aTvDC7k/J7FyEc/GmYLFITQ2krY1yX5zqE+rwXj4bbr7+/LY=
Received: from DM5PR00MB0293.namprd00.prod.outlook.com (52.132.128.34) by DM5PR00MB0359.namprd00.prod.outlook.com (52.132.128.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1134.0; Tue, 28 Aug 2018 16:44:36 +0000
Received: from DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::84d7:33c9:8e07:9c2]) by DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::84d7:33c9:8e07:9c2%5]) with mapi id 15.20.1137.000; Tue, 28 Aug 2018 16:44:36 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ludwig Seitz <ludwig.seitz@ri.se>, Samuel Erdtman <samuel@erdtman.se>, Jim Schaad <ietf@augustcellars.com>
CC: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth-authz
Thread-Index: AQHUPdrlmc0IOguLt0Sx/VCKZU5cwaTTx9qAgAAFXACAAOwwgIAApq3w
Date: Tue, 28 Aug 2018 16:44:36 +0000
Message-ID: <DM5PR00MB0293A74471A19A78524CDFBFF50A0@DM5PR00MB0293.namprd00.prod.outlook.com>
References: <ed5a89e7-e2ed-8804-037f-8b50d2bc6d64@ri.se> <02f901d43e21$ca195e10$5e4c1a30$@augustcellars.com> <CAF2hCbZEkoRodXpE1kFF41fUWb6GoBVbtTnZuKPzRyVRhHhN=w@mail.gmail.com> <f56d6586-6fb8-cf5c-28a6-b018fffca8ad@ri.se>
In-Reply-To: <f56d6586-6fb8-cf5c-28a6-b018fffca8ad@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [70.70.130.226]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR00MB0359; 6:IjE6N8RxKHZ5upgUrBDDGZBn6XiFp8lAUTCxBILDlYiMChgDoI4SPRS1SicZU+6V3UWdisyD4sZ6/6J3PWy0XrwUZPCO6hpek7JNO7uCRRVvYJ1uvIxJVS1DjEEts3r0cmiSQtt63LRtGf2RCmBbhivWoKm8jBFpjankfO7aIay3RW5r87qodlXWRxseDT5IbFnhdWwGJkoVz9yGEpkPXyxxvz6aqc5MiSVXSYgDtBxluOj6G4DZLoRgwdEK/b/KqnqRagoIpQCeyuJbB3z9suzujGOBIqj976FHqfuTFL8FItqBPoPj8vOVYVTpNmR55FkpKUr1Jfv1bVlsHaf2OBc1V3ncuetpUbccdyy4noL0oogIJUuifySNfw+/JU5t2d/8CGIzxpYCLUi9Kj+Ok1ZPl/YxAh2Fivp9bNutbdRvxtt7u1cWk0ApWrwCfnvomkjpnRGpOqItq22jLjESMQ==; 5:CvSREnG8a5f+0nJkM5dTc7Cq00M9D0sEl/jedGT1j7sF5Ic5wLJ+Ps1E/Zpqnsb1916aDLAlXLxc9iunFVdRJzG4+1LrYho5iGjy9MR+8+lGaOKKa5oOEtKp7qaob9ztS7lFJd+TEixtOvjbaMoE7MHSU/q/4wlVNrXVl02IPPE=; 7:5ns/FwYOmvBM+6pOV42Jj/mtfado4Hc8CV7QKlZuS2i0WOPCR8qeu9ltL3oPaHYl+3jePhKUlBXzBQ/olAD/b/FRaGzwBuiBMMdJzC+gLdGj4vtVBkS2m1ECmj4ZaxCTj5npNi+m1PxfQrCEpzqEGHkS1UySImHG4a8pvzeUrR4FrZrAFiUmUazkYjIX3Y1HxWVYn2z3DRYFUMdzmsjjHWWFmN/x/cArSRwc0EF+O62tW6YjP+chV67VhiNeRkNU
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: af3b1a1d-c766-457f-3fda-08d60d058a1f
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:DM5PR00MB0359;
x-ms-traffictypediagnostic: DM5PR00MB0359:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR00MB03598C9BC169560EAFABA458F50A0@DM5PR00MB0359.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(3002001)(3231336)(944501410)(52105095)(2018427008)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011)(7699049)(76991033); SRVR:DM5PR00MB0359; BCL:0; PCL:0; RULEID:; SRVR:DM5PR00MB0359;
x-forefront-prvs: 077884B8B5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39860400002)(366004)(136003)(396003)(376002)(13464003)(189003)(199004)(10290500003)(9686003)(74316002)(5660300001)(55016002)(6506007)(4326008)(10090500001)(102836004)(446003)(53546011)(66066001)(8990500004)(81156014)(76176011)(53936002)(966005)(81166006)(8676002)(7736002)(97736004)(8936002)(305945005)(6306002)(2906002)(478600001)(72206003)(7696005)(14454004)(86362001)(476003)(86612001)(68736007)(99286004)(93886005)(110136005)(106356001)(11346002)(6116002)(186003)(14444005)(3846002)(105586002)(316002)(5250100002)(2900100001)(33656002)(26005)(25786009)(6246003)(486006)(22452003)(6436002)(229853002)(256004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0359; H:DM5PR00MB0293.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: UehzqehAVfSCUb2f+iDtJrBCWJ8OeBi6b5FpI9rMaqtYrH+eSyKCS7+AZ6a79BCyIqUd76G9vdsvhsFVWct3u8i/miZTFsRuuzLsYoBQylJH22l1yaahJEtmRSqzJqaYboOQYvLnwTMK1rNeNlX0o56OilYS9mhr2233BOLSDjv0sPbqgeFYwYOfzjYPT8Qb/TBkZtxpkq4SfNkpocv+z9mj8DBW+gqZWbOUCVriDeZymbpKowZGXA1EoETzwmGp0pEVjqXRuoJgE14JLOaccFH+Z6wFLeXfJyXwhqOZowcYTc7JhWljUaMbZgWbuz+dQjY3F/0/h7HlcetOQEfYwmVQ8Q24rFR01kpNoduNokY=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af3b1a1d-c766-457f-3fda-08d60d058a1f
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2018 16:44:36.1844 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0359
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/wrX4u126jyF89Ix15Nj7Ie0R3kQ>
Subject: Re: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 16:44:41 -0000

Especially in light of the possibility of signed requests along the lines of https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-16, I believe that all the ACE OAuth parameters should be registered as CWT claims.  I'll repeat my request, wearing my designated expert hat, that application-specific values not be requested for registration in the one-byte ranges.  The one-byte values should be saved for claims that are likely to span multiple kinds of applications.

				-- Mike

-----Original Message-----
From: Ace <ace-bounces@ietf.org>; On Behalf Of Ludwig Seitz
Sent: Monday, August 27, 2018 11:44 PM
To: Samuel Erdtman <samuel@erdtman.se>;; Jim Schaad <ietf@augustcellars.com>;
Cc: ace@ietf.org
Subject: Re: [Ace] Parameter abbreviation number ranges for draft-ietf-ace-oauth-authz

On 2018-08-27 18:39, Samuel Erdtman wrote:
> +1 on pushing up error_description and error_uri
> 
> I think client_id might be worth keeping low since it is often used 
> even when in combination with client_secret. See OAuth Mtls as an example.
> On Mon, 27 Aug 2018 at 18:20, Jim Schaad <ietf@augustcellars.com 
> <mailto:ietf@augustcellars.com>> wrote:
> 

Note that the 1 byte range is 0-23

Currently in the 1 byte uint range we have 20-23 left unused

We could start assigning negative integer values in the 1 byte range if needed.


/Ludwig

-- 
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace