IETF Logo Mail Archive

[Ace] Progressing the HTTP parameter encoding for OAuth PoP Key Distribution

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 20 July 2018 17:47 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F0C213121B; Fri, 20 Jul 2018 10:47:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsgVMPQCZOXe; Fri, 20 Jul 2018 10:46:52 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70088.outbound.protection.outlook.com [40.107.7.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83A0B131206; Fri, 20 Jul 2018 10:46:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kb3BmnW2S+UYOPzj0ibtUfOR+/bvpi+KXZKsXC5cAZc=; b=FCMYLzsJOXkV0kV5v/DU+Io2ivFaukStz1ynyEB19mvMPI+sesdgGywZvOjvutSzx+BHmFhBk67iHnlRvQ8QIwRs1NiZwle+2P3ycvIu5oklyA+eC7NTQ+4thkN7YeDsS+9rEBWUgnj0K0ZDyRQBOJp+AFsPbBDOIwFeg6vUX0w=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB2734.eurprd08.prod.outlook.com (10.166.198.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.16; Fri, 20 Jul 2018 17:46:47 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db%10]) with mapi id 15.20.0952.021; Fri, 20 Jul 2018 17:46:47 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: oauth <oauth@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Progressing the HTTP parameter encoding for OAuth PoP Key Distribution
Thread-Index: AdQgUXSupVvWyMaDROO8wlEEZAEOPA==
Date: Fri, 20 Jul 2018 17:46:47 +0000
Message-ID: <VI1PR0801MB21120EA478D0783F9FCDDC0DFA510@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.157.45]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2734; 6:Y2AZyeokipQ4BNAGspOu9ex3njbPBb60KUFjuKybxcK8lCGDVtv1KnGp91yOW6Ff0ERARKfAdS1NGRF3Xgd7P0YLHwXwm7PN1TvOYFYlXKkffdkwP2CPOf3pCHSnKSEDK0adcGkTcqY0Hfr2cm9gXHV5nw+rSBNjQhSjE35RhIMYagLM/mtKk+MVOTkSrMN4+gyZhcFVGAxFp162vFoEeYlJVySxwb4Eu9HzxYD8fIZNaY6XE4V2uY2+FKMdJUhgoBPligcr3PM3upWsrSNDzHVYDn9Is+89SbmxNrAq/dfpXC+Na01/WE3bp4BM8abvtjGUcUeiIjGdBdQ8EFVjVg2tTwbkDre4r+ImL/QiTBDTZbBgafG1964bKLt/4yxis3/qn0j8DeVveUV7qn1vBfYwNztps//SYHzIN6EL5p/GW9dggwVdlsLfCC9ZvVJE5ZbtbyBC7x1UDYeEkxUH8w==; 5:bDZjFNakF53FhOJGQr/SlqdC0H9u0v3vGuagh0iXUWqLJ4FE5Wa2PC2ahOzQP0PBmyZOiyKc1G5Xj5tDIdQuHuG8wFA0DBHZaRW4xMuNZmZ0ZnpICb51fuDZODk5mnoDPrfdflffrIs6tndIqAqNKjq7xQ1tP7iD3KUFpDbzrxY=; 7:QCJdpE/83F5k2/vE5lEAwxssC2QxPn5uBBLIferzNd4Tsi3+pXtdfMMtQ8YvKatqjn+EEUnIp9K3V7DeUA59EZgPWv17owlaUfKUnHMLZetp6QWNzt6K88xyw+HT2n1eYvEEjQntcdsU1OQesgU4YqFPlF/JLYF6gSJsj4ZxhCIHoqWJUOOfSnQWheDH2b63m0e+T/2RPcVf2652mJg/pkSeObIUZGXaaWdMYta0UL0lnrGFx0NI0AbYqK+fylsZ
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 1380c09d-9c89-4c97-2908-08d5ee68c434
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600067)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB2734;
x-ms-traffictypediagnostic: VI1PR0801MB2734:
x-microsoft-antispam-prvs: <VI1PR0801MB27346017ECA8FBF5A021278FFA510@VI1PR0801MB2734.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(223705240517415)(788757137089)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231311)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB2734; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB2734;
x-forefront-prvs: 073966E86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(376002)(396003)(136003)(346002)(189003)(199004)(40434004)(53754006)(790700001)(256004)(5024004)(14444005)(26005)(81156014)(3846002)(81166006)(8676002)(6506007)(2501003)(25786009)(6116002)(450100002)(8936002)(5250100002)(102836004)(33656002)(105586002)(106356001)(486006)(2906002)(53936002)(561944003)(66066001)(74316002)(476003)(186003)(2900100001)(7736002)(316002)(5660300001)(68736007)(110136005)(14454004)(97736004)(9686003)(55016002)(99286004)(54896002)(478600001)(6306002)(6436002)(72206003)(7696005)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2734; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 70uBVtYLMiDU437B6u9Y8yZn6rPiWd3qFt5DxeX9BsTf271qp9aghas84kmrzf4Jq7VslG9+dxxzNRCpQta6nDKvpu8F1MniEO8kYWaJRskc6uCJctBIs31GYaaUifzx7b4L7gvMQfezGiXjvtibFhx9krjUwCl3Q4+8ei4ZnrC8oPaes0sk2pxew7e+6c2VG+LvMY+tuFi1YyKqaxMpyTOsGQhnT8CMytv1eHsC6tiRimV+l8Z4WmWggx/w3fFzQV7YMKPFa0A8jKL7tahlsY8iTEhJ3SM6l2QqnGTOHhEboUWDjNPIl2YKSwbMAVbkRQ18Fejsd2A2FF/I/X3QGOJYh+iP9zCJv5p0i9vxlCQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB21120EA478D0783F9FCDDC0DFA510VI1PR0801MB2112_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1380c09d-9c89-4c97-2908-08d5ee68c434
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2018 17:46:47.7594 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2734
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/QuJZ-q7hs2Uy1AvMkd2TUVrMFKA>
Subject: [Ace] Progressing the HTTP parameter encoding for OAuth PoP Key Distribution
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 17:47:06 -0000

Hi all,

after several discussions we believe that we now have a proposal for moving forward on this topic.
We plan to update the expired draft <draft-ietf-oauth-pop-key-distribution-03> and
(1) remove the audience parameter and replace it with a separately-specified resource parameter,
(2) remove the alg parameter,
(3) update the procedures for requesting and obtaining keying material,
(4) Synchronize with the ACE and WebRTC work to make sure that their use cases are appropriately covered.

Regarding (1): The meeting participants have decided to standardize an audience-alike parameter (in the form of a requested resource identifier) at this weeks IETF OAuth meeting. For that purpose, working group adoption of draft-campbell-oauth-resource-indicators is under way.  Only a reference to that document will be needed.

Regarding (2): Removal of the alg parameter will simplify the document and does not appear to be necessary for the currently investigated use cases. This assumption will have to be verified.

Regarding (3): Currently, the ACE-OAuth document and the <draft-ietf-oauth-pop-key-distribution-03> use different parameter names. Furthermore, those parameter names may be in conflict with other, already standardized parameter names. Hence, some parameters may need to be renamed. The plan is to focus on the following, minimal functionality only: server-side symmetric key generation and client-side public key registration to the AS. Furthermore, the encoding of the key transport will have to take the different token formats and protocols into account.

This approach will allow the ACE and WebRTC work to reference the generic PoP key distribution document without having to specify their own duplicate functionality.

We are planning to update <draft-ietf-oauth-pop-key-distribution-03> next week to have something to review.

Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email