Re: [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00
Erik Wahlström <erik@wahlstromstekniska.se> Wed, 11 May 2016 11:43 UTC
Return-Path: <erik@wahlstromstekniska.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7510912DA53 for <ace@ietfa.amsl.com>; Wed, 11 May 2016 04:43:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wahlstromstekniska-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SEMmVI5wyTg9 for <ace@ietfa.amsl.com>; Wed, 11 May 2016 04:43:35 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2FEC12DA70 for <ace@ietf.org>; Wed, 11 May 2016 04:42:19 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id j8so46090594lfd.2 for <ace@ietf.org>; Wed, 11 May 2016 04:42:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wahlstromstekniska-se.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=V/5uyXhRz57b+dBXJLXV0qEIfOO5q3B90mczNrMKxG0=; b=IFM6MRSohXEzsjmZ9jDvspEpLR469KdmsGi6y016y3FiAMmqhJPUcUmuWz0+X0KAZg Wu29Q7/yOhFTb9+UcW1ADORrdX4uUmqW3l89psHiVmLPYkEDcjmMm7puPBITpjMjqpM5 BhOxsgPFWjIyLjvjMPaDRRRz2R0Wt5unM8GvXjKLkG9DS7bs3CrlJMOvgUCN9MHwTuyt ur6aFGuipfgQ2aj4ggJvIGZFnzb3YSzN9dkflao4E2IWcSMMtaGzxXwCOaaSJCdgalZN LmHoMwL7yrShNoXTHDwBm7zrYaxhrf5fTJtn5kssGm1caNpz0oupt9UcQBfth4QKTsNX Yv8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=V/5uyXhRz57b+dBXJLXV0qEIfOO5q3B90mczNrMKxG0=; b=BSEx8m3TpgcTKYRErGxlW/T/hG0L0WEGsr7Tr8AdIx5rM89RKnCYVIknUfxbs4DCdq XbKqyDcaMgDnBA1shSdLbAJvDe8IB8NzVUmlN1ksmBlNZ5Lcn46SaZ005TR15jWdaUdq 76VFnsE1/RypE6Dz+BfT6BxpClWkjqhevu3MzzNVLKz2EbhS5VGWoPCuD9Oaq7dww2VD ZCBrxM3RdO86euJYJscuxhkQJ/SuEEUhwrSftBPjv84MAv1ZEMSVkXOHu0xgqtWvl74K TjTmSaRDK+VCt3cnfVI42Dq6ki5OS6xNsSRkvRepq1SBzQzHv4UKj2P9hBcUAMkX9+aM QZoA==
X-Gm-Message-State: AOPr4FXJPTGiTgBwvhPohqoF8aea65WzTTre+CpaPr70Q1AdLOt5+Nv4/4wLOLON9fpTfF/KEi8rM3iKG7dw6g==
MIME-Version: 1.0
X-Received: by 10.112.61.39 with SMTP id m7mr1311562lbr.72.1462966937603; Wed, 11 May 2016 04:42:17 -0700 (PDT)
Received: by 10.25.136.5 with HTTP; Wed, 11 May 2016 04:42:17 -0700 (PDT)
X-Originating-IP: [95.192.127.168]
In-Reply-To: <5E85AFAC-07D3-4499-A5B2-5FEC69409913@mit.edu>
References: <D356A330.34F31%kepeng.lkp@alibaba-inc.com> <57309F46.9040705@tzi.org> <89B6F196-D08F-4FBD-9F0D-5B250284048F@mit.edu> <CA+KYQAuF-AzXEBQFo0-2VoCSBnCAPTAvHRwwngDUQcFgk0Q4SQ@mail.gmail.com> <SN1PR0301MB1645A1F955468253B8EF4782F5710@SN1PR0301MB1645.namprd03.prod.outlook.com> <5E85AFAC-07D3-4499-A5B2-5FEC69409913@mit.edu>
Date: Wed, 11 May 2016 13:42:17 +0200
Message-ID: <CA+KYQAtbBFe1W1ND165Sj+852_Abqoi-RgBtcOaJMXCigwGneg@mail.gmail.com>
From: Erik Wahlström <erik@wahlstromstekniska.se>
To: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="e89a8f503798a2668c05328f88c1"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ace/DVXGaMItBbfbcmDtj5bfTPgC-sI>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Mike Jones <Michael.Jones@microsoft.com>, Kepeng Li <kepeng.lkp@alibaba-inc.com>, "ace@ietf.org" <ace@ietf.org>, Carsten Bormann <cabo@tzi.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "<oauth@ietf.org>" <oauth@ietf.org>, cose <cose@ietf.org>
Subject: Re: [Ace] [COSE] Call for adoption for draft-wahlstroem-ace-cbor-web-token-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2016 11:43:37 -0000
That's a very value scenario actually. Even so that it should actually be handled in the draft. Scenario: In the continuum of large and small devices an unconstrained client and AS goes through the hoops of issuing a token using standard (HTTP/JSON). The Resource Server however is constrained and would very much like a CWT when it communicates with the Client. That means that in the AS to Client response from the token endpoint the binary token should actually be wrapped by base64url. I can definitely see that being added to the draft. / Erik On Tue, May 10, 2016 at 2:57 PM, Justin Richer <jricher@mit.edu> wrote: > You’re missing my original complaint: Until this token can be directly > encoded into web technologies, like HTTP headers and HTML pages, then it > has no business being called a “Web” anything. As it is, it’s a binary > encoding that would need an additional wrapper, like base64url perhaps, to > be placed into web spaces. It can be used in CoAP and native CBOR > structures as-is, which is what it’s designed to do. > > The “web” part of JWT is very important. A JWT can be used, as-is, in any > part of an HTTP message: headers, query, form, etc. It can also be encoded > as a string in other data structures in just about any language without any > additional transformation, including HTML, XML, and JSON. This makes the > JWT very “webby”, and this is a feature set that this new token doesn’t > share. Ergo, it has no business being called a “web” token regardless of > its heritage. > > Both CBOR Token and COSE Token are fine with me. > > — Justin > > On May 10, 2016, at 3:50 AM, Mike Jones <Michael.Jones@microsoft.com> > wrote: > > I also feel strongly that the name should remain CBOR Web Token. CWT is a > beneficiary of the intellectual and deployment heritage from the Simple Web > Token (SWT) and JSON Web Token (JWT). CWT is intentionally parallel to > JWT. The name should stay parallel as well. > > The “Web” part of the “CBOR Web Token” name can be taken as a reference to > the Web of Things (see https://en.wikipedia.org/wiki/Web_of_Things). As > Erik correctly points out JSON is not the only data representation that > makes things in the Web and the Web of Things. > > -- Mike > > *From:* Ace [mailto:ace-bounces@ietf.org <ace-bounces@ietf.org>] *On > Behalf Of *Erik Wahlström > *Sent:* Tuesday, May 10, 2016 1:44 AM > *To:* Justin Richer <jricher@mit.edu> > *Cc:* Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>; Kepeng Li < > kepeng.lkp@alibaba-inc.com>; ace@ietf.org; Carsten Bormann <cabo@tzi.org>; > Hannes Tschofenig <hannes.tschofenig@gmx.net>; <oauth@ietf.org> < > oauth@ietf.org>; cose <cose@ietf.org> > *Subject:* Re: [Ace] [COSE] Call for adoption for > draft-wahlstroem-ace-cbor-web-token-00 > > Or keep the CBOR Web Token (CWT) for two major reasons: > - To show the very close relationship to JWT. It relies heavily on JWT and > it's iana registry. It is essentially a JWT but in CBOR/COSE instead of > JSON/JOSE. > - I would not say that JWT is the only format that works for the web, and > it's even used in other, non-traditional, web protocols. That means I don't > have a problem with the W in CWT at all. Why would JSON be the only web > protocol? > > Then we also have one smaller (a lot smaller) reason, it's the fact that > it can be called "cot" just like JWT is called a "jot" and I figured that > our "cozy chairs" would very much like that fact because then it's > essentially a "cozy cot" :) > > / Erik > > > On Tue, May 10, 2016 at 2:49 AM, Justin Richer <jricher@mit.edu> wrote: > > We can also call it the “COSE Token”. As a chair of the COSE working > group, I’m fine with that amount of co-branding. > > — Justin > > > On May 9, 2016, at 9:31 AM, Carsten Bormann <cabo@tzi.org> wrote: > > > >> draft-ietf-ace-cbor-token-00.txt; > > > > For the record, I do not think that ACE has a claim on the term "CBOR > > Token". While the term token is not used in RFC 7049, there are many > > tokens that could be expressed in CBOR or be used in applying CBOR to a > > problem. > > > > ACE CBOR Token is fine, though. > > (Or, better, CBOR ACE Token, CAT.) > > > > Grüße, Carsten > > > > _______________________________________________ > > COSE mailing list > > COSE@ietf.org > > https://www.ietf.org/mailman/listinfo/cose > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > >
- [Ace] Call for adoption for draft-wahlstroem-ace-… Kepeng Li
- Re: [Ace] Call for adoption for draft-wahlstroem-… Mike Jones
- Re: [Ace] Call for adoption for draft-wahlstroem-… Samuel Erdtman
- Re: [Ace] Call for adoption for draft-wahlstroem-… Ludwig Seitz
- Re: [Ace] Call for adoption for draft-wahlstroem-… Shahid Raza
- Re: [Ace] Call for adoption for draft-wahlstroem-… Erik Wahlström
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Justin Richer
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Ludwig Seitz
- Re: [Ace] Call for adoption for draft-wahlstroem-… Kepeng Li
- Re: [Ace] Call for adoption for draft-wahlstroem-… Carsten Bormann
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Justin Richer
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Erik Wahlström
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Mike Jones
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Justin Richer
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Phil Hunt (IDM)
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Justin Richer
- Re: [Ace] [COSE] Call for adoption for draft-wahl… Erik Wahlström