Re: [Ace] WGLC for draft-ietf-ace-oauth-params
Ludwig Seitz <ludwig.seitz@ri.se> Mon, 29 October 2018 14:45 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD31F130E29 for <ace@ietfa.amsl.com>; Mon, 29 Oct 2018 07:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbi8w03Xn33U for <ace@ietfa.amsl.com>; Mon, 29 Oct 2018 07:45:05 -0700 (PDT)
Received: from smtp-out10.electric.net (smtp-out10.electric.net [185.38.180.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A1112F18C for <ace@ietf.org>; Mon, 29 Oct 2018 07:45:05 -0700 (PDT)
Received: from 1gH8mq-000TC2-UX by out10a.electric.net with emc1-ok (Exim 4.90_1) (envelope-from <ludwig.seitz@ri.se>) id 1gH8mq-000TDK-VR for ace@ietf.org; Mon, 29 Oct 2018 07:45:00 -0700
Received: by emcmailer; Mon, 29 Oct 2018 07:45:00 -0700
Received: from [194.218.146.197] (helo=sp-mail-2.sp.se) by out10a.electric.net with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.90_1) (envelope-from <ludwig.seitz@ri.se>) id 1gH8mq-000TC2-UX for ace@ietf.org; Mon, 29 Oct 2018 07:45:00 -0700
Received: from [192.168.0.166] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1531.3; Mon, 29 Oct 2018 15:45:00 +0100
To: ace@ietf.org
References: <065d01d45f4e$bc227690$346763b0$@augustcellars.com> <SN6PR00MB0301ABCD934F20361EB6A02DF5F60@SN6PR00MB0301.namprd00.prod.outlook.com>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <8b5d13a3-6d04-650e-0f05-d72d33937d50@ri.se>
Date: Mon, 29 Oct 2018 15:44:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <SN6PR00MB0301ABCD934F20361EB6A02DF5F60@SN6PR00MB0301.namprd00.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-3.sp.se (10.100.0.163) To sp-mail-2.sp.se (10.100.0.162)
X-Outbound-IP: 194.218.146.197
X-Env-From: ludwig.seitz@ri.se
X-Proto: esmtps
X-Revdns:
X-HELO: sp-mail-2.sp.se
X-TLS: TLSv1.2:ECDHE-RSA-AES128-SHA256:128
X-Authenticated_ID:
X-Virus-Status: Scanned by VirusSMART (c)
X-Virus-Status: Scanned by VirusSMART (s)
X-PolicySMART: 14510320
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/P2kzG5xjBYiVikowUiP9WU_bnCQ>
Subject: Re: [Ace] WGLC for draft-ietf-ace-oauth-params
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 14:45:09 -0000
On 24/10/2018 22:49, Mike Jones wrote: > 3.1, 3.2, and 4.1, parameter definitions: None of these parameter > definitions specify the syntax of the parameters defined, making > understanding these quite confusing. Yes, this is talked about later in > the doc but there are not even forward references to where the > definitions are completed in most cases. Please fully specify the > parameters when they are defined. > > 3.1 req_aud: Doesn’t this duplicate the “resource” parameter defined by > https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-01? If > so, please delete this parameter. If not, say how it is different and > why the differences are necessary. > > 5 cnf in the introspection response: Which token is being referred to by > the phrase “bound to the token”. The access token? The refresh token? > Another kind of token? Please make this more specific. > > 6 CBOR Mappings. The table contains the magic numbers 8, 17, 18, and > 19. From what space are these numbers being allocated and what registry > are they in? Per my earlier reviews of the ace-authz spec, I believe > that the ACE OAuth parameters should all be registered in the CWT Claims > registry because of the possibility of them being used in signed > requests in a manner analogous to > https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-17. The parameters > need to be registered to avoid claim number conflicts. > > Missing Examples: The best thing you could do to help developers > understand what these values are and how they use them is to add > examples, just as was done in RFC 7800. Please add examples of each of > the parameters using the JSON representations of them. Optionally, also > add CBOR examples if you believe that they will convey important > information to developers that the JSON example’s don’t. > > Thank you, > > -- Mike Hello Mike, thank you for your review. I've added issues to the tracker here: https://github.com/ace-wg/ace-oauth-params and will address your comments. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
- [Ace] WGLC for draft-ietf-ace-oauth-params Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-oauth-params Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-oauth-params Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-oauth-params Mike Jones
- Re: [Ace] WGLC for draft-ietf-ace-oauth-params Ludwig Seitz