Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz
Daniel Migault <mglt.ietf@gmail.com> Tue, 17 August 2021 15:25 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52D4E3A1F69 for <ace@ietfa.amsl.com>; Tue, 17 Aug 2021 08:25:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juxGzxGZPRHQ for <ace@ietfa.amsl.com>; Tue, 17 Aug 2021 08:25:23 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53C443A1F67 for <ace@ietf.org>; Tue, 17 Aug 2021 08:25:23 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id d9so17401360qty.12 for <ace@ietf.org>; Tue, 17 Aug 2021 08:25:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ckL1QCwWBTXB6D9l5eZc68JDdAX6vahd3wDwSNdnBUY=; b=gKhn5JX38PA5HSoQ/o522MC0RelRdATqo2F3SxRjOgoJ79eI/WWT1S+6J2r8Uuj7V/ J/GBwhlTjKKCQuxj1u0uD57MeNBXJnQpYpzrjyokpP2be2QYA+Jxzj/HwsTFq9ZfGsWK jsPwzn5latBM9XvMuvnErzoQkPOxIZum5ctoGUXdt1D3bmM/bszMwwLFf1Rnrtw7ubZD RnlbyFA/qIbjqPp4chhO9k/W2avOKo7bjyBR1q8GhBIqcYni+6HQMIKRGtAXkrSI4zXj HiJkfWK4gPKpFnRy5wZkWXZ46ggrQqbDDht4YuG77JckQ+8kZEvrgK/N1fOG/XFunqVs JAYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ckL1QCwWBTXB6D9l5eZc68JDdAX6vahd3wDwSNdnBUY=; b=H1Oh6rOsT0WHxi8rNLwcpCxAVji1hbaIKKWQicHR6BMidydNlVsX61KrB2EwBi6A/M peGgfz/YbCootPpr5N/7nSOYBkYIX3XZLlTJXtIiaNt6khsLpvjuVKCM17ErZTUeWj+z tbUlTeEd8Us+MIzeFSvOvMjgT0tEAAR87kxgI2Om+ksb5bO6WFPfX0LSxl309BOA5rn0 9o2R5nx+tyY3GrH/bTGqj2ZswTPwvUqJE4vBwlvVj+WndgkbBWEDQ45UQ9sYnYGfMlhs M2wuB/Ib2mZTgyexDH4NdNFctE7FwEQ166TKWH68u+CceugPV5y4v3TEA5+4Wizp1s9E 0zZA==
X-Gm-Message-State: AOAM530xwoFgZHZwh6wwN1mIWjUYPJ/RzEVBOFm1gInHO9kQV3mDqmFX 4lU0GnfcwdbMQuvqyhb5Yk6lQ9QVjtRablT/Yjs=
X-Google-Smtp-Source: ABdhPJx76oFHHyGAmGGw4vTov+GglHJQaalhSMNnTRzDGEt1lJVOlaAX65FYOKsmFqqR2MReenRn1Hs/l8OJ5jiAJY8=
X-Received: by 2002:a05:622a:64b:: with SMTP id a11mr3587609qtb.107.1629213921397; Tue, 17 Aug 2021 08:25:21 -0700 (PDT)
MIME-Version: 1.0
References: <AM0PR0302MB336360E5A74D2141173E03B49EFE9@AM0PR0302MB3363.eurprd03.prod.outlook.com>
In-Reply-To: <AM0PR0302MB336360E5A74D2141173E03B49EFE9@AM0PR0302MB3363.eurprd03.prod.outlook.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Tue, 17 Aug 2021 11:25:10 -0400
Message-ID: <CADZyTkmHfBAveX0DSJtdLQ2-wF_6XuULZe_w_OfAaiemgXu63g@mail.gmail.com>
To: Ludwig Seitz <ludwig.seitz@combitech.com>
Cc: "ace@ietf.org" <ace@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000c50c405c9c2ed3a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/RLycVVDtCC3Cg8optrDmKdfMHiY>
Subject: Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2021 15:25:30 -0000
Thanks Ludwig for raising the question. If anyone has an objection, please express your concern by August 24. Expressing support is also more than welcome! Yours, Daniel On Tue, Aug 17, 2021 at 10:24 AM Ludwig Seitz <ludwig.seitz@combitech.com> wrote: > Hello ACE, > > I want to raise one issue for group comments that has come up in > conjunction with fixing the IANA nits for draft-ietf-ace-oauth-authz: > In figure 16 we define mappings from OAuth Token introspection parameters > to CBOR abbreviations. These parameters (should) correspond to the claims > that could be found in e.g., a CWT. > CWT renamed one token claim, namely 'jti' (JWT ID) into 'cti' for CWT ID. > However, this is not reflected in the registered Introspection parameters > ( > https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response) > where only 'jti' is registered. This was overlooked when we originally > defined the mappings in figure 16. > > I would therefore put the following question to the group: > > Does anyone object to this draft adding 'cti' as an OAuth introspection > parameter? > > The corresponding text would go into the list of additional parameters in > section 5.9.2 and be something along the lines of: > "cti OPTIONAL. The CWT ID parameter has the same meaning and processing > rules as the "jti" parameter defined in section 3.1.2. of [RFC 7662] except > that the value is a byte string. " > > Regards, > > Ludwig > > -- > Ludwig Seitz > Infrastructure Security Analyst > Combitech AB > Djäknegatan 31 . SE-211 35 Malmö . Sweden > Phone: +46 102 160 846 > ludwig.seitz@combitech.com . combitech.com This e-mail is private and > confidential between the sender and the addressee. In the event of > misdirection, the recipient is prohibited from using, copying or > disseminating it or any information in it. Please notify the above of any > such misdirection Please consider the environment before printing this > e-mail! > > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > -- Daniel Migault Ericsson
- [Ace] Missing Introspection parameter in draft-ie… Ludwig Seitz
- Re: [Ace] Missing Introspection parameter in draf… Daniel Migault
- Re: [Ace] Missing Introspection parameter in draf… Ludwig Seitz