Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt
Jim Schaad <ietf@augustcellars.com> Wed, 28 November 2018 17:06 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E53EA130E88; Wed, 28 Nov 2018 09:06:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5JmCFWRG6iJ5; Wed, 28 Nov 2018 09:06:18 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EF0A130F9A; Wed, 28 Nov 2018 09:06:17 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 28 Nov 2018 09:01:15 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-ace-oauth-authz@ietf.org
CC: ace@ietf.org
References: <154322421294.8323.8505315870685563404.idtracker@ietfa.amsl.com> <cbd083d1-cb95-0732-aa8b-7c7de3f480d1@ri.se>
In-Reply-To: <cbd083d1-cb95-0732-aa8b-7c7de3f480d1@ri.se>
Date: Wed, 28 Nov 2018 09:06:07 -0800
Message-ID: <042a01d4873c$a91bb5a0$fb5320e0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQK3+H3pFttPP+s38ebErlDfr5TlzwGwIdvjo49nOrA=
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/QDlpIS61ljPzXbLXLV24G3C1ig4>
Subject: Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 17:06:21 -0000
Ludwig, It looks good. A couple of additional things that have occurred to me. (Always a problem when on reads drafts again and again.) 1. I don't really have a problem with figure 6, but I don't know if we want to more correctly reflect what an OSCORE message would look like in this location. This would basically be a re-write of the entire example structure to reflect that you have an outer and an inner CoAP message. It might be confusing for people who are not fully immersed in the OSCORE world. 2. I have no idea of where this would go and it is perhaps something that the OAuth people need to think about as well. If an AS receives a request which has message level security (OSCORE/CWT/JWT) over a session level security connection (TLS/DTLS/IPSEC) are there any rules/suggestions about which keys should be used for evaluating the resulting request. While I assume that message security wins and the session security is ignored, I have not seen this anyplace. 3. In section 5.8.1 - It says that for a CWT access token that the application/cwt content type MUST be used. There are two possible issues with this. 1) How does the client know what the type of the token is. It could be a CWT, an introspection token, or something else entirely. 2) Is it an error if a CWT token is received and the content type is not present? Jim > -----Original Message----- > From: Ace <ace-bounces@ietf.org> On Behalf Of Ludwig Seitz > Sent: Monday, November 26, 2018 1:27 AM > To: ace@ietf.org > Subject: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz- > 17.txt and draft-ietf-ace-oauth-params-01.txt > > Hello ACE, > > I have just submitted new versions for draft-ietf-ace-oauth-authz and draft-ietf- > ace-oauth-params addressing the WGLC review comments and the discussions > from the IETF 103 meeting. > > I would encourage the reviewers to check if they feel that I have sufficiently > addressed their comments. > > > Regards, > > Ludwig > > -------- Forwarded Message -------- > > A new version of I-D, draft-ietf-ace-oauth-authz-17.txt > has been successfully submitted by Ludwig Seitz and posted to the > IETF repository. > > Name: draft-ietf-ace-oauth-authz > Revision: 17 > Title: Authentication and Authorization for Constrained Environments > (ACE) using the OAuth 2.0 Framework (ACE-OAuth) > Document date: 2018-11-26 > Group: ace > Pages: 74 > URL: > https://www.ietf.org/internet-drafts/draft-ietf-ace-oauth-authz-17.txt > Status: https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-authz/ > Htmlized: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-17 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz > Diff: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-oauth-authz-17 > > Abstract: > This specification defines a framework for authentication and > authorization in Internet of Things (IoT) environments called ACE- > OAuth. The framework is based on a set of building blocks including > OAuth 2.0 and CoAP, thus making a well-known and widely used > authorization solution suitable for IoT devices. Existing > specifications are used where possible, but where the constraints of > IoT devices require it, extensions are added and profiles are > defined. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > -------- Forwarded Message -------- > > A new version of I-D, draft-ietf-ace-oauth-params-01.txt > has been successfully submitted by Ludwig Seitz and posted to the > IETF repository. > > Name: draft-ietf-ace-oauth-params > Revision: 01 > Title: Additional OAuth Parameters for Authorization in Constrained > Environments (ACE) > Document date: 2018-11-26 > Group: ace > Pages: 14 > URL: > https://www.ietf.org/internet-drafts/draft-ietf-ace-oauth-params-01.txt > Status: > https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-params/ > Htmlized: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-01 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-params > Diff: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-oauth-params-01 > > Abstract: > This specification defines new parameters for the OAuth 2.0 token and > introspection endpoints when used with framework for authentication > and authorization for constrained environments (ACE). These are used > to express the desired audience of a requested access token, the > desired proof-of-possession key, the proof-of-possession key that the > AS has selected, and the key the RS should use to authenticate to the > client. > > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace
- [Ace] Fwd: New Version Notification for draft-iet… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- Re: [Ace] Overwriting Tokens Ludwig Seitz
- Re: [Ace] Overwriting Tokens Stefanie Gerdes
- Re: [Ace] Overwriting Tokens Jim Schaad
- Re: [Ace] Fwd: New Version Notification for draft… Stefanie Gerdes
- Re: [Ace] Fwd: New Version Notification for draft… Ludwig Seitz
- [Ace] Token (In)Security Stefanie Gerdes
- [Ace] Security of the Communication Between C and… Stefanie Gerdes
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Token (In)Security Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Jim Schaad
- Re: [Ace] Security of the Communication Between C… Ludwig Seitz
- Re: [Ace] Security of the Communication Between C… Hannes Tschofenig
- Re: [Ace] Security of the Communication Between C… Sebastian Echeverria
- Re: [Ace] Token (In)Security Ludwig Seitz
- Re: [Ace] Token (In)Security Stefanie Gerdes
- Re: [Ace] Security of the Communication Between C… Benjamin Kaduk