Return-Path: X-Original-To: ace@ietfa.amsl.com Delivered-To: ace@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30E61130EF2 for ; Fri, 22 Jun 2018 13:59:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.011 X-Spam-Level: X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0Av7r7ONKAy for ; Fri, 22 Jun 2018 13:59:31 -0700 (PDT) Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710123.outbound.protection.outlook.com [40.107.71.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E216B130EEB for ; Fri, 22 Jun 2018 13:59:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s+NSnJKMdTUyNwoNe3uon6hH1dDemjKMRaNB5opDmvQ=; b=Lpj5kvrKwk2dQS+oqjdjl2grB/1sDtchmfIRD+RjMRtMwOHzF5YBqsY6ZdFeRzRwOsLJEN2Kkh6w/re0lTyPNixbYNLrxLF2/ZI7LMypUTdig4PXP+nV4Z43ws//k1CEOxFNLNEyyF6guZy6Z0pCw6verWXH5fGS4QmFeKXA31Q= Received: from MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) by MW2PR00MB0346.namprd00.prod.outlook.com (52.132.148.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.931.0; Fri, 22 Jun 2018 20:59:29 +0000 Received: from MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::d927:b78e:8e51:1747]) by MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::d927:b78e:8e51:1747%2]) with mapi id 15.20.0930.000; Fri, 22 Jun 2018 20:59:28 +0000 From: Mike Jones To: Hannes Tschofenig , Roman Danyliw , "ace@ietf.org" Thread-Topic: "sub" and "iss" ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02 Thread-Index: AdQJ/3hMPxiML8tzRZiI8rJseWPrOAAbEEEg Date: Fri, 22 Jun 2018 20:59:28 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [8.46.76.24] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MW2PR00MB0346; 7:F2SAwxp9nuctbHcyws/HwSz2dEfRU2VQ+hxR69fdWyS47FcQ56az7noAqwxFk+ooT+OVBy2BrzqO6VlU4Ojru60tnRC9lz19eSC/+KCD2T6sUrh8uwF9FoUndoiwbmzXP4jTyCunhgSpNV+XFemb6QKpJ/Qi73/afkHcnxrdN7foLczmUkZ7pi+XkopFMOElu3dO3gqAaThbVtjuBosv6tXOzwYPJiX5Ydfzi1QOKPUNHTGwCj8DdNSralRTMxsM x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 941fc550-cff6-4436-7003-08d5d8830b81 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600026)(711020)(48565401081)(2017052603328)(7193020); SRVR:MW2PR00MB0346; x-ms-traffictypediagnostic: MW2PR00MB0346: x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705)(223705240517415); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3231254)(2018427008)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0346; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0346; x-forefront-prvs: 071156160B x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(366004)(346002)(39380400002)(376002)(40434004)(13464003)(199004)(189003)(2906002)(486006)(26005)(229853002)(6346003)(76176011)(86612001)(99286004)(53546011)(6506007)(476003)(6306002)(9686003)(6436002)(97736004)(7696005)(446003)(55016002)(3280700002)(11346002)(102836004)(186003)(59450400001)(305945005)(478600001)(8936002)(68736007)(106356001)(2900100001)(53936002)(6246003)(110136005)(81156014)(316002)(2501003)(81166006)(8676002)(10290500003)(3660700001)(14454004)(22452003)(66066001)(86362001)(74316002)(3846002)(5250100002)(72206003)(5890100001)(5660300001)(7736002)(966005)(10090500001)(6116002)(8990500004)(105586002)(33656002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0346; H:MW2PR00MB0298.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com; x-microsoft-antispam-message-info: F688knSPgvreOs9mF5h9FQvtyR43aFVTYA1uhE8KUFe2a2nKp9wjeYIGD5QMvLBUAedflDsP+UEQ9gsF8dDfgz3PaB9e/YFx6bPEpGvUtoRVqPCx53zEi78yr6HQnJ8rPx1MjWL9TDyWyb+sdl6DnoHJu5Xrhs+nctX/SkQ2NMVyIS8sJRJ+bEgNbb9cQW/2qEdIRbbCs9w0QAgeY67c2LSWUN+pffgguTJQcgF/uvpg5cebCR4AKSg3q8l2sQYNMewN1LVoOsHcEfiBD+moDPqAW0ekC71TGpdSX1239UDN8lNonWZBf3VMjEwS6i9uulip5QjAezWd1KiWMsxMrw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 941fc550-cff6-4436-7003-08d5d8830b81 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2018 20:59:28.5548 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0346 Archived-At: Subject: Re: [Ace] "sub" and "iss" ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02 X-BeenThere: ace@ietf.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 20:59:35 -0000 I'm working on simplifying this in a way similar to what Hannes proposed, a= nd in a way also previously promised to Jim (removing "normally", etc.), bu= t also in a way that makes it clear that the exactly claims to be used are = an application-specific choice. -- Mike -----Original Message----- From: Ace On Behalf Of Hannes Tschofenig Sent: Friday, June 22, 2018 6:36 AM To: Roman Danyliw ; ace@ietf.org Subject: [Ace] "sub" and "iss" ... RE: WGLC feedback on draft-ietf-ace-cwt-= proof-of-possession-02 Hi Roman, this is also a good question: > (3) (Editorial) Page 4, Section 3.0, I read to the end of this section by= which point there has been discussion of "sub" or "iss". I was left wonde= ring about how to interpret the case where both are present and none are. Here is the text from the draft: " The presenter can be identified in one of several ways by the CWT depending upon the application requirements. If the CWT contains a "sub" (subject) claim [CWT], the presenter is normally the subject identified by the CWT. (In some applications, the subject identifier will be relative to the issuer identified by the "iss" (issuer) claim [CWT].) If the CWT contains no "sub" claim, the presenter is normally the issuer identified by the CWT using the "iss" claim. The case in which the presenter is the subject of the CWT is analogous to Security Assertion Markup Language (SAML) 2.0 [OASIS.saml-core-2.0-os] SubjectConfirmation usage. At least one of the "sub" and "iss" claims is typically present in the CWT and some use cases may require that both be present. " The CWT PoP document does not define the subject or issuer claims. The document also not mandate a specific set of claims to be included in a = CWT since this is application profile specific. Hence, I am wondering whether we could shorten the paragraph above, which i= s actually a bit confusing. " This specification adds a new claim to offer the proof-of-possession functi= onality. There are various claims already defined and the IANA claims registry [REF]= contains the most up-to-date list of standardized claims. Application usin= g the CWT functionality define what claims have to be used. The presenter can, if necessary, be identified in one of several ways by = the CWT depending upon the application requirements. If the CWT contains a "sub" (subject) claim [CWT], the presenter is the subject identified by the CWT. In some cases, there CWT may not include a "sub" claim, which allows the presenter to remain anonymous. " Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you. _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace