Re: [Ace] Progressing draft-ietf-ace-oauth-authz
Peter van der Stok <stokcons@bbhmail.nl> Tue, 26 October 2021 12:05 UTC
Return-Path: <stokcons@bbhmail.nl>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7AB33A0AB0 for <ace@ietfa.amsl.com>; Tue, 26 Oct 2021 05:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bbhmail.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CuaaHbBdx2lG for <ace@ietfa.amsl.com>; Tue, 26 Oct 2021 05:05:37 -0700 (PDT)
Received: from smtprelay.hostedemail.com (smtprelay0128.hostedemail.com [216.40.44.128]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23E4A3A0A8D for <ace@ietf.org>; Tue, 26 Oct 2021 05:05:36 -0700 (PDT)
Received: from omf14.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay07.hostedemail.com (Postfix) with ESMTP id 93749184B2534; Tue, 26 Oct 2021 12:05:34 +0000 (UTC)
Received: from [HIDDEN] (Authenticated sender: stokcons@bbhmail.nl) by omf14.hostedemail.com (Postfix) with ESMTPA id 42752268E46; Tue, 26 Oct 2021 12:05:34 +0000 (UTC)
MIME-Version: 1.0
Date: Tue, 26 Oct 2021 14:05:33 +0200
From: Peter van der Stok <stokcons@bbhmail.nl>
To: Ludwig Seitz <ludwig.seitz@combitech.com>
Cc: ace@ietf.org, jricher@mit.edu
Reply-To: stokcons@bbhmail.nl
In-Reply-To: <AM0PR0302MB3363701AF68B1BCD98EE81DF9E849@AM0PR0302MB3363.eurprd03.prod.outlook.com>
References: <AM0PR0302MB3363701AF68B1BCD98EE81DF9E849@AM0PR0302MB3363.eurprd03.prod.outlook.com>
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <bf369b275a8545dc0549a07ded7ee5a0@bbhmail.nl>
X-Sender: stokcons@bbhmail.nl
Organization: vanderstok consultancy
Content-Type: multipart/alternative; boundary="=_8000e6fa8146a29d3da70cfe8b03f255"
X-Rspamd-Server: rspamout03
X-Rspamd-Queue-Id: 42752268E46
X-Stat-Signature: 4114jiakzeap1rt1phqwct4yeubsk1ds
X-Session-Marker: 73746F6B636F6E73406262686D61696C2E6E6C
X-Session-ID: U2FsdGVkX1/7+cOSrRjZSvKG6mneGa9LEsnDRc+jQ/0=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbhmail.nl; h=mime-version:date:from:to:cc:subject:reply-to:in-reply-to:references:message-id:content-type; s=key; bh=BcYJyRf+MtxR7M2CH/atJ+i3wx5LOblIpLxD9W8wchs=; b=Yb64Vdf2ZSG1YsboAOkZwcoQjDQjG2qI8+WtLFdIOzyS8Bzhr5C3zZyTuLcXXaxYZPXz7lxbRlNNiSIj04COfyC7V1wiXu14JopCeofBSyYrJLk68J9j8KN9JzXa78CStevfFLYOltTuBLdi+ft4fApsDJ42hGoXtZ6LjXvE6L0=
X-HE-Tag: 1635249934-90055
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/RCmnbuFvSBGegMCsiPwYKsJimxY>
Subject: Re: [Ace] Progressing draft-ietf-ace-oauth-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 12:05:43 -0000
HI, "My proposed fix for this would be to amend the descriptions of these two parameters in 5.9.2, specifying that their JSON representation is a text string containing the Base64url encoding of the original byte string payload." exactly the same fix we did for json and cbor voucher-request payloads in brski. Peter Ludwig Seitz schreef op 2021-10-26 13:57: > Hello ACE (Cc to OAuth designated expert Justin), > > The progress of draft-ietf-ace-oauth-authz is currently blocked due to > an issue that has come to light in the IANA review process, and I'd > like to solicit the feedback of the WG to determine how to go forward. > > The issue is related to parameters used by the AS when responding to an > Introspection query (see > https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-45#section-5.9.2). > Our approach so far has been to map all OAuth parameters to ACE and map > all parameters created for the ACE interaction back to OAuth. The issue > is that some of the ACE parameters (cnonce and cti, see Figure 16) have > the datatype "byte string". In OAuth the Introspection parameters are > formatted as JSON payload, which precludes the use of raw byte strings, > a fact we overlooked when we tried to register the new parameters in > the OAuth registry ( see > https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response). > > My proposed fix for this would be to amend the descriptions of these > two parameters in 5.9.2, specifying that their JSON representation is a > text string containing the Base64url encoding of the original byte > string payload. > > Does the working group or the OAuth designated expert have any > objections (or suggestions) to this approach? > > Regards, > > Ludwig > > -- > Ludwig Seitz > Infrastructure Security Analyst > Combitech AB > Djäknegatan 31 . SE-211 35 Malmö . Sweden > Phone: +46 102 160 846 > ludwig.seitz@combitech.com . combitech.com This e-mail is private and > confidential between the sender and the addressee. In the event of > misdirection, the recipient is prohibited from using, copying or > disseminating it or any information in it. Please notify the above of > any such misdirection Please consider the environment before printing > this e-mail! > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace
- [Ace] Progressing draft-ietf-ace-oauth-authz Ludwig Seitz
- Re: [Ace] Progressing draft-ietf-ace-oauth-authz Peter van der Stok
- Re: [Ace] Progressing draft-ietf-ace-oauth-authz Justin Richer