IETF Logo Mail Archive

Re: [Ace] OSCORE Profile IANA questions

Francesca Palombini <francesca.palombini@ericsson.com> Tue, 01 September 2020 08:34 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 090CD3A0DF0 for <ace@ietfa.amsl.com>; Tue, 1 Sep 2020 01:34:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CHZL-WhYp0Wc for <ace@ietfa.amsl.com>; Tue, 1 Sep 2020 01:34:19 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60042.outbound.protection.outlook.com [40.107.6.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC523A0DE5 for <ace@ietf.org>; Tue, 1 Sep 2020 01:34:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GaLhx72teWn7IYxSIiPYVDVEU9R9FUxPbHfAyMLvS5qC4c2TFIeX0mHpqiV1h1AWua/c+QulFo9I55ZYFuHjaLacYgP7224BXeOIm7HIP+WeThZkML4zB/vHOXdEc7WpBTRfmzYAXObwIi8ooABJ3SOUJhsrN2znFM1Xc/50kCbY31E+nU03J/rwby+NEZLkEdiNDtni8DaZbdP81V9fBO+s2FOp4Uo54va5240pBfHyC16E3rOE8imxEulmVdyRYO089SdQufwhr7ATZz2CvwWPqtvnc3Ul9eOU6ri3CtAuofsbBsnUbqCkgd0tuSXvoAqFnZWCffPKSX6LIfnV/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M6rORuitAV3HzRZIStBIQ7+a6sd/kTkcZ6h0Od4MwK4=; b=LX1zoq0xh/ym+5r26oa5eGuKTP2xHrgTrwsi25ff5t0HlEwYn1GMRv0V+zQKWr3yFkQhMviG0ZyaqPgd8rgVLYl2u2bO5ZjTM5gu4FLBuJuBSVoXAK0/yMu13KJoFbt2rBr2d9RBHqUjrXkPh8sNfrsF+78Yz6yPg3KY/UfePJE+fcpLUH8UJ+5J8awOznrXBhWQu+Fs/iq2Xa+Ea4Q8R5Yh2jpbi6Ox2fHpBGksfYUmj3bsNBqJtaG15c/9QVV69ozyWcITNpjB2aGMAT58dXAWHXwtM9vznCqNsDKiCpZtO0m+R7aNJyfpKx59oNcqAbGRo636SsxxpNqHHYxx6A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M6rORuitAV3HzRZIStBIQ7+a6sd/kTkcZ6h0Od4MwK4=; b=m8rtfObaDzm0qpARVW1f7x4BkvSG5VddQYTnxOS4RVsB7PgmgGJ9wt242bntUz5+rYubXL0g8qorraxP2SXM6ZJzJ3Z5EE1sJzGHd4bl0KvJY8M0g4cmYBm0bt/gmaAtYsA1+vFwSX0kMDSm3KrtMDL6K+/BCHIEj2UdG+ztLIM=
Received: from VI1PR07MB4477.eurprd07.prod.outlook.com (2603:10a6:803:74::33) by VI1PR07MB4829.eurprd07.prod.outlook.com (2603:10a6:803:ad::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.8; Tue, 1 Sep 2020 08:34:16 +0000
Received: from VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::cba:ac03:353c:2d1f]) by VI1PR07MB4477.eurprd07.prod.outlook.com ([fe80::cba:ac03:353c:2d1f%7]) with mapi id 15.20.3348.013; Tue, 1 Sep 2020 08:34:16 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Seitz Ludwig <ludwig.seitz@combitech.se>, Jim Schaad <ietf@augustcellars.com>, Ace Wg <ace@ietf.org>
Thread-Topic: OSCORE Profile IANA questions
Thread-Index: AQHWf5W01luwmoZHhU++qk7AvzRo4alSOI+ggAFfJoA=
Date: Tue, 01 Sep 2020 08:34:16 +0000
Message-ID: <C3DA541F-1AA4-4AA3-B000-06A1384A24F0@ericsson.com>
References: <40F43BA8-1127-4066-8A5E-6929F962B052@ericsson.com> <3547a70f710c48c1b84cd70b70e0e873@combitech.se>
In-Reply-To: <3547a70f710c48c1b84cd70b70e0e873@combitech.se>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.40.20081000
authentication-results: combitech.se; dkim=none (message not signed) header.d=none;combitech.se; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.219.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e4dc942c-f97e-4206-1740-08d84e51d03b
x-ms-traffictypediagnostic: VI1PR07MB4829:
x-microsoft-antispam-prvs: <VI1PR07MB4829E1CB6306A27847DA37BC982E0@VI1PR07MB4829.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wEFAQTNxN3Waraxh19/wHI6y01AMg5lC957opdN4AofbUj3Vxf0h7Vci75jVc/A5z2ou/Fo2OZEoRRDzyzIlXJxCKqrxqIK4v5kT5eXBcTit4ZaHc2D/+5jZ93Qr97+BJ4CypYytxhe54VdFT06q7f3HzX236gzadSpP1r0EoPr57ZvgzHM+Vc1wkYkLo/OnBSTINhN+reJBCgR42hk3WXkjIcLsI7t02Uu4qLO5KqN9nw/7EbOtm66D9wFUgUfTz8oK7DHpTFoMPRRKVf8I4wScKDxbXn51sW9uGpqzwvO5c9zLBb5pFXWVmB78MiTPM2fXzSP44cJK2Qx2xAEacfCSItGP0oFC3sk4aF+VXACR5eXYjrMzaBRuIR2lqF4GSL1MR+zBuapQxD8KO0In1twtseYA9sb62oU1c+jJMQrEIbc3e65DloRWgwtKtbX/wg/Z+v5n3XT5VMRGArMn+6MGoWd4CeMHrmPs1xwcz4A=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB4477.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(396003)(136003)(346002)(376002)(2616005)(110136005)(6486002)(86362001)(33656002)(2906002)(71200400001)(3480700007)(6512007)(478600001)(966005)(316002)(36756003)(91956017)(83380400001)(76116006)(44832011)(186003)(66446008)(26005)(64756008)(53546011)(66476007)(8676002)(6506007)(66946007)(8936002)(5660300002)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: chi8EAZVHyidlohYpvqrnnCA30ELi1LpkMoSoa6DMqPK9CxvdXMt6nsvO8u2qidemKI8LFcNsc/pF/pwz+AL6BsF1LTITP0x+IOPaAeyZhbTTrBLXc6a0FNtHAvdD4IY8qV6aD79qG4IbZyP0l9jNu1hipRXWfgvEruchPA0AB12ZKSMi8AUjASkrS0ZeM7K12jkeqXV/H1UphHRlmj1KEf7jdrotf3l83ydy5H2Mw3JSSMG9uXkDkJd9M9b73IoT1dJOTokfDN4fr+hirY9I0/+aoTDuRpGCkdIhkeA9DLMcPKchFwcVa0tMReq+C5r+icQYJxGDBACuEkZON4e+WZgx0nJNkH3PsH3rQJIklIzQ7kf/MDvUehrNMq5Bln/CoZbJIJCU0pfQNzLC5Et8xbwcoynBcLb4X9MJ9uz98DTeJT61cmrxphulfwhIeaA1+hi55+noV+U0+7bqhcZhntCVBKGl0ATKF9Mz7iDG+YbPAC1ICoCdTlrhdVlfSW2gqKigyRbtICGemTY1MMIFNHccvKFdLlEaRWe2ibXCQc2gmmgqLxpLs2EimHvi04XpVG4op8BSuZJyhzJjUnuGCuHXiKL4wfW/6YquNx/Ko2EzxA0QbisfWGwf4CYHXPa0+Yl2vyu2MGqbFVN7SGQJg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <1D25283FD222EC479C94161982F91DE7@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB4477.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e4dc942c-f97e-4206-1740-08d84e51d03b
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2020 08:34:16.4776 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rzgOgoQlb47Ylidz5HRMLV2mQQ8twCxVK8IWFD6jOMZqtcePKVzKn0aSqIJxqmoDvjj2xdpGvKeLJQpSgY7uGbT4qQn5dMtQICIHdfuTBmgxzNger9wFvgqsIk5KmIeE
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4829
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/NGhqgusapWk3WUkXl03qyggGzVI>
Subject: Re: [Ace] OSCORE Profile IANA questions
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2020 08:34:21 -0000

Hi Ludwig, Jim,

Thanks for your input.

Ludwig: I agree with you, they do not belong in the token request. I would be fine with not registering them as OAuth parameters and only register them as Ace parameters, but if I understand correctly the only way to register Ace parameters right now is:
1. register them in the OAuth Parameter Registry
2. register the CBOR mapping in the OAuth Parameters CBOR Mappings Registry.
Did I miss something? Is there a better registry where to put these? Otherwise I am ok with defining a new category, more on that below.

> [JLS] Look at the OAuth registries - they have some "standardized" names for these interactions as well as the RS-AS pair.

Jim: yes, they have standardized names, but as far as I can see only those 4 (token request/response, authorization request/response) are allowed in this registry (see https://tools.ietf.org/html/rfc6749#section-11.2.1 ), and they seem to indicate C-resource owner and C-AS messages.
I went and checked the registry [*], and there is actually one exception from Kantara UMA, they registered some parameters with the following locations: "client request", "token endpoint", " authorization server response". So now I am wondering what these locations mean, and how come they have managed to register parameters with locations outside of the template. I am fine with using "client request" and "resource server response" but these are not standardized names in OAuth.
I think the best way forward is: agree within the working group on some names (such as those above, or better ones if you have proposals), then request the OAuth Parameters Registry expert review, which is necessary for IANA ok.

[*] https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#parameters 

On 31/08/2020, 15:42, "Seitz Ludwig" <ludwig.seitz@combitech.se> wrote:

    1.) I would not put these parameters in the "token request" category, they belong into a new category. Whether they should be registered in the OAuth parameters registry is doubtful to me, since I don't see them being used in a non-ACE OAuth context. Somewhere in the ACE registries?

    2.)  I would propose to put it on ACE page to be created for the framework by IANA.

    /Ludwig

    -----Original Message-----
    From: Ace <ace-bounces@ietf.org> On Behalf Of Francesca Palombini
    Sent: den 31 augusti 2020 14:53
    To: Ace Wg <ace@ietf.org>
    Cc: ace-chairs@ietf.org
    Subject: [Ace] OSCORE Profile IANA questions

    Hi all,

    I have two quick questions concerning IANA actions to be done for the OSCORE profile:

    1) The framework (-params) and the profile are currently conflicting on the registration of parameters, and we need to fix that.
    In the framework, parameters that are sent from Client to AS (such as req_cnf) are registered in the OAuth Parameters Registry as having "Parameter Usage Location: token request". The OSCORE profile registers parameters sent from Client to RS (such as nonce1) with "Parameter Usage Location: token request". The possible "Parameter Usage Location" are "token request" "token response" "authorization request" "authorization response" (see https://tools.ietf.org/html/rfc6749#section-11.2.1 ). It seems that "authorization request/response" are to the Resource Owner, and "token request/response" are to the Authorization Server. I think the framework is using the right names, but I am not sure what other location to put there, I think there is no name for Client-to-RS and RS-to-Client in the registry right now.

    2) The OSCORE profile defines a new registry, the OSCORE Security Context Parameters registry. The question is where to put this registry? My proposal is to put it under https://www.iana.org/assignments/core-parameters/core-parameters.xhtml . Any objections?

    Thanks,
    Francesca

    _______________________________________________
    Ace mailing list
    Ace@ietf.org
    https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email