[Ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-04.txt
Marco Tiloca <marco.tiloca@ri.se> Thu, 25 February 2021 12:49 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B10533A1967 for <ace@ietfa.amsl.com>; Thu, 25 Feb 2021 04:49:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1gfiXzyloKPM for <ace@ietfa.amsl.com>; Thu, 25 Feb 2021 04:49:31 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140049.outbound.protection.outlook.com [40.107.14.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B6B73A1965 for <ace@ietf.org>; Thu, 25 Feb 2021 04:49:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q1rHvO1D9k0u+ilp0i4bcj3v3QNC+kT2Lm7bTLD5wVr2Dpd9+VHne8p/5qU4aCiuYBgcNibBBcBK0JxwhnAqE8Wm5L6VakLLZLEGxy3N7ix/gt4jEMqoZhRTNt7d1/fHcjq+SydFGNOnddp9tsHzESCmntwsPNoEdZpdHCxTdTStboEa4wkfHSz8kkvhSkCYi1W//kkAhoJmNRBDb/4J1QIDSyxHNeGbHTzwwNofhh9UM0NDoqCsh+Uq3XrF0klXEEW/kcvdkQ3X814uCVrf0xTrNDxP4ZG/UBDDU+OwTo2Lt7QFGJ06uTWyY0DNPmQEGnAie8LoKnSsv2MfFzFHFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qWx4LMMxuwG98hzdK9A9wBktyFylKYCrlEKQ5h3t8M8=; b=FER3qQ8hxhoDn+Hjg9NPtWIhKgm+uaRM+pRyckU1TX/VikEGR7PmKz5lTrxiXtxpEjHu5sWGSyk5rRuFqUVGZuaao9TppUu9l3oiLcLz6eAD92isKJPBOUQvcyXu3Mi2N17Pp5Vhdi/m1MxGs+ZZdGg6JntNn7pO6eLZngdaSljVTYIFZECEdM16G+/edYLhEXkOiWxHu3E4eOLDpLevUUG/SEgxMSgdS5+mH4Wah5BBiFaED/ylAYBVrGVpNgHgyiCeElDjaCOx8D7spKGwfI8MDMq4pAwtneJ3CGIrSb4DIjG8Xwn/Yc3fKTxWu6P9HhVcMPbwUB14BnG59iPYOA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qWx4LMMxuwG98hzdK9A9wBktyFylKYCrlEKQ5h3t8M8=; b=j5E/bx1H01/eoJx7w7Luhg8WS2pW4cJMp/6f0uBPrNLfrPqFahFu/mOCaqzbKsvfYgJvSkElwCkvboDGz5lHH3kr0x8dJQ2uJ38mbWpZ82/FSov539HKsq1lEl3nWb1UqiIHPOWbD+m9gLM4qw1+wfN2jFrYNaE8CB/HmhFP8mI=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB9P189MB1578.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:2a6::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.20; Thu, 25 Feb 2021 12:49:27 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::1df7:be0c:4934:88bf]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::1df7:be0c:4934:88bf%9]) with mapi id 15.20.3890.020; Thu, 25 Feb 2021 12:49:27 +0000
References: <161401385754.26094.8496440307212896123@ietfa.amsl.com>
To: Ace Wg <ace@ietf.org>
From: Marco Tiloca <marco.tiloca@ri.se>
X-Forwarded-Message-Id: <161401385754.26094.8496440307212896123@ietfa.amsl.com>
Message-ID: <6e239432-de60-6341-1c81-17a0905b6d05@ri.se>
Date: Thu, 25 Feb 2021 13:49:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
In-Reply-To: <161401385754.26094.8496440307212896123@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="77TPxhfpvHSOA4FRgZMWZTBAPFiIsvmUT"
X-Originating-IP: [185.236.42.111]
X-ClientProxiedBy: HE1PR0301CA0004.eurprd03.prod.outlook.com (2603:10a6:3:76::14) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.0.6] (185.236.42.111) by HE1PR0301CA0004.eurprd03.prod.outlook.com (2603:10a6:3:76::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Thu, 25 Feb 2021 12:49:26 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 67f950e6-459c-47ee-62ca-08d8d98bc90f
X-MS-TrafficTypeDiagnostic: DB9P189MB1578:
X-Microsoft-Antispam-PRVS: <DB9P189MB1578B538A6DF8C37722D2C2D999E9@DB9P189MB1578.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mhQOz0z8ZKXcDdsO96HY4KHNd9Yc5FuE+vUQhDqa/7P1jXu+jpPPQ5yV1sos7OMSo2NTI9xsw/LtkXSld3juJYEAcbvQECWREQGJIimOo1+4WBWaTSjVu9oFN0+RO0FTDj8Y2LH32DBLZKKON4noBqkp3x+qO9GYeriX2mQ3IVTSP5KcpyxeXrhBCkuiTW+RTJXSiqFFUsMDM870J8FJJtKwdWG9OuuOeSHsCEoVzfgdaWzA2r0+e5BJCCNG6e3RMLor1FZEJl20ivO3DJeuohijiWH8qrlwzMm4f4DztiXrghgK83SadSAAMvgmn879UZwM+jsRmFTeCpj06BkgLBTF1LtTjyMoIvmr8fx0voFFLNQooQDdimfDd6lJGRN5Ut1lyiTRnM3szdQeDrMTpboN2Rkd8sPj5gIDVmmC94MwXnmtOnzhAqOQ0M6roXH5qOoZMu2l0sdUUj1C7Gjt8CiXzyfOH49OHAGev8tJ65ujE8xKkTU3VE/i4PWN6AWWh04RNWQMex9+RiG2qi3hOWdVahlb9eEejwGRjnk5L5jHvKLVt8yKYmJVPyjIKYTzcw0WPiDxjNtCT8BQH6+pkseR0JGyPNWCiRZYfB28AH9y/Jj0lGTjdRbDxJ5Bt0TWrCBQppDYnmCcp2OkQs9KTuz2k5t5DRZ4/77W7aoFpAnv3mcQRM5u1tg0DJlJerAj
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(376002)(39860400002)(396003)(346002)(36756003)(15650500001)(16576012)(6916009)(966005)(31696002)(66574015)(83380400001)(478600001)(45080400002)(33964004)(86362001)(21480400003)(166002)(8936002)(316002)(66946007)(30864003)(26005)(186003)(66556008)(16526019)(5660300002)(235185007)(31686004)(2616005)(2906002)(956004)(6486002)(66476007)(52116002)(8676002)(44832011)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: bCLGSHc4Fu8C7HnmD33VqCC1/SfqSawPBgAqYwXUACKDfC3UFl23VqmHA2O2fqo598HfJOQeryubkG7L4jb7dnCXXxdQvZF2koCjwo5eqr/gaUKflXlNFnf7sGQV9vDW74lWJxU51jMbXl+8t0zvS725SXtnrm0EBxV9jlSkVBm/WltR15q0jTOGjSBNsgPpggPpL2jrp7Bo5CZByG2P8TLAACEec2NWna8zmwY3e+ItWv82zSZrhlMKP0Zq0hyPo+W7VnIN+TaUuIQNIT5HbJapK7/hILtgy3+HSnm+HTinDydCrSKK7GyKDzMIGPaCUlVzDnGnbyNKzVN6ZludU6b9cJH/d+SA3oqTHNcfvuMdxAgbD5ztkeyF+zr4+mo0R3j9ZLbSSAFqc9TCcmo3OFFn73ID+2kcAVLNbremlrcB3ZSXtcq/e6SUljfASze8tKrvHcZtzx5wQqdDPmUjo2bseWUfA1boert6NrrwA5AheGmrSj2xsitPWwBOoY4caUsRJVWYGvK5TdxNTCRYH8WrE+0XCs6ogHxJ+Th9OWGZjuMlA9Nl6V/YIFK1J0PC1n5Bn9BJne+UmdKy5QQD7o6yygKC/rXezxmeBnnGq0rheDj03+lMoEmEuseSDi5tFuRRyUNWqM8FeZd2bMFyy3Kx8D3jBjtGJzI21OL5G8gYdVM6FgDDA+fyM1c8Deupn+6F5a0SCerH8VlXLbaCjdYBwQtAX5xLGlkPhZ4RV+ENM9nOH1MZG3vhCxLFkkvw/tvV4AgIfsSrdbnQekrs3AjEdb2IhZMieb3sfnhCcP7mhS4HmhAyLWfQIn4zHs78jvpPDqgc5cMrSNKV2pjXFm6feKQVJ8vXp15FNA+f2eKCexjDwle4xfQ3WzaoHdC0KEsjyQLcXg8/WwcwSRR2YKSZE33pKHjSs2DF4YJkpqNnM5fVO+aYuZSgaR/bZGk6FhX8idFT8PFv6IOZrNM8lbmMVzBO8lgtcWfcTRa/m1XCja0w3SnN30yHRtA4VoNmCX9W+0FhHxUYzn3R7eWitDXi+ZHxVu7fSYMWdNyxPALfNAjdp7bchLKicvnUCvt7M2WtOK2Xscj23bZw/hFIp2REGQfMsDIUePxEVK8VuZp9JK9Kskhq3PFNt8F+/XkmVjUZz65POE2O5EIbFSsxCkxKRZuFWb2ocX9Gu09g0fNJpSSqLzvtgn8U+RZrGRBWV9GdXExiEeZf0HGzmSi+I1v6Zu8mCsrWk/ixYoZPps/urehaNsA+d+nxioiQHWj6O477XWCqZ+4Moo40MamwkoEvb88ZS0dbAAIHDuZMwUVF7HQX8JO5B2fvx0KMVTf/
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 67f950e6-459c-47ee-62ca-08d8d98bc90f
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2021 12:49:27.1537 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: gP4n++3GoUO6pWri/oZ6xbg+Ny5ZYWGjUfaKMLf0eFkVLzowk/kq27e5UbG4gTCyfnzvf5QNIK8+sQVm/WBNSQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P189MB1578
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/HfCKHvIGcf7zZEXZJ9K72nMPOxU>
Subject: [Ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-04.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 12:49:35 -0000
Hello ACE, We have recently submitted an updated version of draft-tiloca-ace-revoked-token-notification https://tools.ietf.org/html/draft-tiloca-ace-revoked-token-notification-04 The document describes how an Authorization Server can notify Clients and Resource Servers of revoked but yet not expired Access Tokens. This is achieved by means of a Token Revocation List (TRL) resource at the AS, that a device can access and observe by using resource observation for CoAP. The approach complements token introspection at the AS, and does not require additional endpoints on Clients and Resource Servers. This version further builds on the major update in version -02, also including an Appendix B on advanced operating modes, following input from Ben Kaduk and based on the Series Transfer Pattern [1]. Changes cover especially: 1) Early, high-level clarifications on the full-query and diff-query modes of operation. 2) Error handling on the Authorization Server. 3) Definition of a media-type for messages exchanged in the advanced full-query and diff-query modes of Appendix B, with parameters transported in a CBOR map. Comments are very welcome! Best, /Marco [1] https://tools.ietf.org/html/draft-bormann-t2trg-stp-03 -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-revoked-token-notification-04.txt Date: Mon, 22 Feb 2021 09:10:57 -0800 From: internet-drafts@ietf.org To: Francesca Palombini <francesca.palombini@ericsson.com>, Grace Lewis <glewis@sei.cmu.edu>, Ludwig Seitz <ludwig.seitz@combitech.se>, Marco Tiloca <marco.tiloca@ri.se>, Sebastian Echeverria <secheverria@sei.cmu.edu> A new version of I-D, draft-tiloca-ace-revoked-token-notification-04.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-revoked-token-notification Revision: 04 Title: Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework Document date: 2021-02-22 Group: Individual Submission Pages: 34 URL: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-revoked-token-notification-04.txt&data=04%7C01%7Cmarco.tiloca%40ri.se%7C7897294807d74097cf0308d8d754d372%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496106605785209%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ADXtKeAMb6uJSCcpgbGho6jwpL9ym6CWn8Iwa65KUMU%3D&reserved=0 Status: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-revoked-token-notification%2F&data=04%7C01%7Cmarco.tiloca%40ri.se%7C7897294807d74097cf0308d8d754d372%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496106605790187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qPG2C6L7D0MWl7h%2BHSdlOmhab9ePjw%2FDcRtCATprhyo%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-revoked-token-notification&data=04%7C01%7Cmarco.tiloca%40ri.se%7C7897294807d74097cf0308d8d754d372%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496106605790187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=y%2BDTLEV5HOlwMcQw4rxBDko74O2pbPLV258qIsxFMnc%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-tiloca-ace-revoked-token-notification-04&data=04%7C01%7Cmarco.tiloca%40ri.se%7C7897294807d74097cf0308d8d754d372%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496106605790187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IYZz4BpvRLj%2FiJQRQllc9fnrTqw%2BrwVI0DpdUb3WKyc%3D&reserved=0 Diff: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-tiloca-ace-revoked-token-notification-04&data=04%7C01%7Cmarco.tiloca%40ri.se%7C7897294807d74097cf0308d8d754d372%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637496106605790187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0nJbwaAhx0KUvXEM%2FLaam9hqO1ujRf77%2BpixvwxZlok%3D&reserved=0 Abstract: This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an Authorization Server to notify Clients and Resource Servers (i.e., registered devices) about revoked Access Tokens. The method relies on resource observation for the Constrained Application Protocol (CoAP), with Clients and Resource Servers observing a Token Revocation List on the Authorization Server. Resulting unsolicited notifications of revoked Access Tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on Clients and Resource Servers. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Ace] Fwd: New Version Notification for draft-til… Marco Tiloca
- Re: [Ace] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Ace] Fwd: New Version Notification for draft… Marco Tiloca