Re: [Ace] [ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-01.txt
Marco Tiloca <marco.tiloca@ri.se> Mon, 20 July 2020 08:11 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C873A0764 for <ace@ietfa.amsl.com>; Mon, 20 Jul 2020 01:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQaAEHyI7Ai3 for <ace@ietfa.amsl.com>; Mon, 20 Jul 2020 01:11:44 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2065.outbound.protection.outlook.com [40.107.20.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89DE63A0744 for <ace@ietf.org>; Mon, 20 Jul 2020 01:11:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cl3r5Xaa3IQ8TdGN3MYJeONCJc3ayNI3SmH1O3vb72H3zWYhep4n4TeFPYVptIEWObiA30R/Lq87NAbFpPErmynQ52TVbV9qIA+aKJHD0p5jdawU55sfES21aja6wN8lPS71RVZKUQtp+HJ0Q7iVP5YGCdJhCRv2bkyPXc3EQTGOjCBa6QbJOFn1oOkPAm2Sf2kCZ9W1oPouP5XIDykZsRC2nvOclPqFrfsAUiBb7igOJp3iyMNnvR+LMr0Sjiiw4QuEwWptBRVfL+ubJj8aKc4JCEsSZ9e5It/izbb4+3JkdHpPJf49+XlscZ2lLPyHeefR3Nl805sDKKweB83d4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tn0+JrsKlRjHBBN80KQKBraYVZ5Jne28aL0mnU5jp3o=; b=Zb7wYShwSBbCujVKELh4nq2DVVcfAMwv+D14oiZ0DqtDBPhEyLRSet78rdZG/ijM1nS93KPMADKNqC6mCAdA6UEWXknSqYY/HpgpFTXiZasaN/y87I9eq1QIMRWH7srAg4B6LUOY5kTMF7PGt2uR2vPwBBPw5XhXMBQyMPvFjuLzBi/au7FyR2rn27VNt28QMtgTEE423qi1tnhFG2rA4c1D+I4Jg9af8yT54ZqgWid88eTtT5JKITsIDaF+RE8Agyi8UqpPwx2jfJXVkbCTf2jQSB7sx7ZoGM+tGhSed3h8MrUMn0leD1tswCGy2fAkoOMEXvVuNSzS8MImpz2wag==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tn0+JrsKlRjHBBN80KQKBraYVZ5Jne28aL0mnU5jp3o=; b=Ye8Q/j6H8Cy0tFDEBb+e1thJAQlj+SXGlQGSAm8Fuc37VKZmi++uRG+Uw+kf3xxt6GB1eD0yYj/QlqwtPYT5d+fCcKcV0wP4XhpJ1TRkbwAb3tXlfoQSJy6AYggUBZa1xOmGtW/wGnJLSgHeOLKGsPMGRIkX323AfW5rQxDN4+I=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31) by VI1P18901MB0671.EURP189.PROD.OUTLOOK.COM (2603:10a6:800:11c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.24; Mon, 20 Jul 2020 08:11:40 +0000
Received: from VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::2124:eed3:60cd:95a2]) by VI1P189MB0398.EURP189.PROD.OUTLOOK.COM ([fe80::2124:eed3:60cd:95a2%6]) with mapi id 15.20.3195.024; Mon, 20 Jul 2020 08:11:40 +0000
To: Carsten Bormann <cabo@tzi.org>
Cc: Ace Wg <ace@ietf.org>
References: <158378192037.5591.12867128151701682367@ietfa.amsl.com> <2553abc4-aa8d-2c51-f0fe-1e14cd6ac1e9@ri.se> <C7FAF4B1-3CAB-4532-8890-B359BCD36D59@tzi.org>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
Message-ID: <96efdc92-834b-d854-13c0-03a2350640ed@ri.se>
Date: Mon, 20 Jul 2020 10:11:30 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <C7FAF4B1-3CAB-4532-8890-B359BCD36D59@tzi.org>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="bi6TFZjBXl4Ww115ShGuuiP4xnQE9HMro"
X-ClientProxiedBy: AM6P191CA0004.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8b::17) To VI1P189MB0398.EURP189.PROD.OUTLOOK.COM (2603:10a6:802:35::31)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.0.3] (37.120.131.76) by AM6P191CA0004.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.17 via Frontend Transport; Mon, 20 Jul 2020 08:11:39 +0000
X-Originating-IP: [37.120.131.76]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a1a68933-abec-4d35-8cf3-08d82c8487e7
X-MS-TrafficTypeDiagnostic: VI1P18901MB0671:
X-Microsoft-Antispam-PRVS: <VI1P18901MB0671CBC929A27B9A2F920E5E997B0@VI1P18901MB0671.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 6ze7HFQY3JVt+2JnbFdSq79veDKDTMiIkCbo70zIK8WQZkI5ZOduVye8I5KMt68Xe6YWnCGAyHWA0NIlduf7TPQcwJjUX35zfajSkPpicamOtXww1dz94sO8ZI8PaT4UNYFxkCHNegkZdFgwkL/EbyknwKIH1NBftVf1If6AMDW9pdoDe2OESH0zs6CZl6rJouVD/ehp/tMCjQhkNDognloPa/9fPGEi6i9O2JCKul5YasFabG4AjtmX50hEGX72VQocgt92maWCNFspE1ad5OEEdZT9597CumMUWl1OzC+D6OmCdKWefyqDTFyAJwAYrs7t5RvL4KXX4IH1FX7XuoQo9CIdWhQ0POTMF/mKwngsfO3ug+YRJB1Kl1t9Csz7foHSEL/xWK23J8Fu1CYFMJSJQEQfzLI2jHDfpZtjVHYAwxn/gKNYV3mfPqgrbHXFes8HpTv6kIrtaCLGhqcjVA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1P189MB0398.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39850400004)(366004)(136003)(346002)(376002)(186003)(86362001)(52116002)(6666004)(16526019)(4326008)(26005)(478600001)(966005)(6916009)(21480400003)(15650500001)(31686004)(6486002)(31696002)(8676002)(66476007)(66556008)(66946007)(316002)(16576012)(5660300002)(235185007)(956004)(8936002)(66574015)(33964004)(44832011)(2906002)(83380400001)(2616005)(53546011)(36756003)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: fDDFww+rgx0vsbUkcw2UFZzwNA2ME8/CYNJjCevxYKzuMOYD+jABKyEWJmZ3a51XPSmodBXRPpDf8gkeTg3B0LMEs9CZpu/zcEHzkA1zegsjR07u7Qk0ApFIuKowngvK/qbM7KRFtEkZXcrYJxcIf/re6+U7piEgvqk6WFuOrCFXCUNSch6jzZlklZDssj7QPFrPRqFVbqiH3jbVnqHtDskhZ3M35+uFzrB9lVB0tPJoeZoDa9ykCDDcVmeZl0CvtE9icHile9SdhczrSfZV7zT0bd+ESMwHF3Uu4c/Ix4hMIpUnI7V1c7r4WXJSJUjC9/mMRTIUnAQkZ+ycGwtgkjfd1F7DB2L0ZMKuXCXbgcLzdcO9cX8bhpf0uMBjCJQ8kOuHBE4EW+1bkWngoLi2T8X1BAhbhMbtTZwdi+aPfPLtkvtorBaG3D+eVsKUki35BgNwsH4y/MCgFRqIUqThA6L3/tDYQMil9gEMVH0K6Lw=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: a1a68933-abec-4d35-8cf3-08d82c8487e7
X-MS-Exchange-CrossTenant-AuthSource: VI1P189MB0398.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2020 08:11:40.2358 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: AJpSpu/PluhFRLEs6Su2v5GjOw2qa6a9WrtObwTj71UAyUnSzHNGc3f2LnAa4SQp0bfHB45VM2tom6G1mzf5lA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P18901MB0671
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/HkrWGw_qyMqsLnV2MAbDioQjkF4>
Subject: Re: [Ace] [ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-01.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2020 08:11:47 -0000
Hi Carsten,
Thank you for this review!
We have addressed your comments in the latest version -02. Please, see
also our replies in line.
Best,
/Marco
On 2020-05-18 13:40, Carsten Bormann wrote:
>> Comments are very welcome.
> (1) I can’t parse
>
> the binary
> representation of the String value of ENCODED_TOKEN, which
> would depend on the used charset.
>
> What charset? JSON does not have a charset. (I’m probably misreading this.)
> What *is* the “String value of ENCODED_TOKEN”?
==>MT
We have revised Section 3 on the computation of token hashes, now giving
more step-by-step details and providing examples. Hopefully it is
clearer now.
<==
>
> (2) query parameters: diff=true and N=I are a bit redundant to each other. If you have N, you need to have diff=true, which therefore can be omitted. diff=I or diff (no equals sign) would therefore be simpler forms of this.
==>MT
We have followed your "diff=I" suggestion and revised the interface
accordingly.
<==
>
> (3) Re CDDL: I read this as
>
> token-hash = bytes
> trl = [* token-hash]
> diff-entry = {removed => trl, added => trl}
> diff = [* diff-entry]
>
> removed = 0
> added = 1
>
> I would simplify diff-entry as a record instead of a struct ( https://tools.ietf.org/html/rfc8610#section-2 ):
>
> diff-entry = [removed: trl, added: trl]
>
> i.e., leave out the labels and rely on the order in the array.
==>MT
We have redefined the payload format in Section 5.2 to use a record as
diff-entry, according to your suggestion.
<==
>
> I didn’t make up CDDL for the registration response, as I don’t know what the “…” is.
==>MT
We are considering the details of the registration procedure and its
response as out of scope.
ACE does not detail the registration procedure either [1][2], while
OAuth gives non-normative examples [3].
[1] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-35#section-5.3
[2] https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-35#section-5.6.2
[3] https://tools.ietf.org/html/rfc7591#section-3
<==
>
>
> (4) Why do we need all that precision what was added and removed when?
==>MT
This was the result of a design discussion with Jim. It is a robust way
to handle Non Confirmable notifications, as the AS would not know for
sure whether notifications were successfully delivered.
<==
>
> (5) On the diff stream, please see also STP:
>
> https://tools.ietf.org/html/draft-bormann-t2trg-stp-03
==>MT
We did and, combined with the input from Ben at the June interim, it was
very inspiring!
We have added:
- The new Appendix A, discussing how the diff-query mode is a usage
example of the STP.
- The new Appendix B, discussing how the diff-query mode can be further
improved according to Ben's suggestion, by using the "Cursor" pattern
from the STP document. As mentioned at the June interim, it can be worth
considering this as a third mode of operation of its own.
Thanks a lot again!
<==
>
> Grüße, Carsten
>
--
Marco Tiloca
Ph.D., Senior Researcher
RISE Research Institutes of Sweden
Division ICT
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)
Phone: +46 (0)70 60 46 501
https://www.ri.se
- [Ace] [ace] Fwd: New Version Notification for dra… Marco Tiloca
- Re: [Ace] [ace] Fwd: New Version Notification for… Carsten Bormann
- Re: [Ace] [ace] Fwd: New Version Notification for… Marco Tiloca