Re: [Ace] Resource, Audience, and req_aud

George Fletcher <gffletch@aol.com> Thu, 07 February 2019 15:58 UTC

Return-Path: <gffletch@aol.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A48112D7EA for <ace@ietfa.amsl.com>; Thu, 7 Feb 2019 07:58:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.098
X-Spam-Level:
X-Spam-Status: No, score=-0.098 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aol.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xlVD4G9dzz1l for <ace@ietfa.amsl.com>; Thu, 7 Feb 2019 07:57:59 -0800 (PST)
Received: from sonic302-3.consmr.mail.bf2.yahoo.com (sonic302-3.consmr.mail.bf2.yahoo.com [74.6.135.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76EC131153 for <ace@ietf.org>; Thu, 7 Feb 2019 07:57:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1549555069; bh=JeMoRh77apIQtkd38g9aiTattnhUku2msau3wYalA/Y=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=ELt7AfvkWfjvYLEBa2PsJUFRjwPufZOU1/TKYxC7BryFncpk6tHITgGKS8ZkKpsokIqySqIVqEj0zCvKvyGnmY5Jk/Dtwnw9gxX1GUd01LpPaIPVwNaTdSyEfzXLdQ7cQnp/8Czm8w0ZEibn2OeONOF/pQ7l7mT48IDFdZGM0m/wCzsixPafdvXJlBE20cSl4eAMHiN0gGhNy4xnbouitbZIizdltgzAaGBHFUCJyHsRluFibzozOJRZJlGSxapCZYau+TCR/tid5RNr+vwcpjPbOwg3tl/HRYvHNFzBVF/fDnNqpxZdxUHm3/mvtPrSFpeZRKqo45XvK3Van6RVgw==
X-YMail-OSG: w8w7N8gVM1mdgys_w.SrUdK58Ub6qUSgig1AWH2MdvnnbzGmxzCX_0ss7_.a8rz Kesj6VTog38i025BanG2UYcH6nGUCnrwGcXMWbEcyEPJfyh2mKG7NonqU6BTxvHvaCql5xn1dAzi fPZgQNgU83piU4_me3YKdAMP1.8RJMivLxKLJRlq5BtmLekLE3se8ReLdhVPHnQybmJo0M.SFtz4 mR9erUp8rbvel_.hc2K36micBDcJxHNeJzga.IiSAXLjsfhzZoo0AUB0AJ0Hx_kpI7jQMZhNnJVg 3IULkIn_3AUVF2_zH1rYr9I75.QKTC8olwmlMStk8bSjvrK3UMCekQ7f5TMG.BXTPsRbx5tBhY3S iC8kk6ixqY7hhn6_4LSsJul0uSXbH04Alus1NcSPh2Q3pVb0UVCeDhUKNFCXD8JG.p3mhSG.jnki 8G0eN5fduyCyldOmxuqehYiDmrUEDTApW_85s.90u1UR_sYollMQtIPbElpE11fa7BROqk3ZpcSR 5qT90XKqJ7SoRYJWSj_5xCGDu3AN5l1odSE6E4ru7b6CUDhEewwwrjL9S3Qnl76KyEHVCHBht.HN nnfTKiytYymN5yLdM2VsoD1qJJg._O9E5IR4dcKkf62PRR4Gq7I5ei9mhYgqzpPSF_LJx.kghctd ._LKa5OU56LO5Ak0RLOQjHSiASDypV8ia0WejTgOSJe8FvMuMHS0620K64mpzhLneA61cWDVKO9S 8zcCGXklq2X49_G_v.b._fvauknaKz6JRzDTUWYbxBsWGm_Kuh8H9CQC4sp4TbUfuSZ7srVZNZTf JWIyf6fwihlI9_do1klD0jo5jccP4f6MSrbXIPN7jvMQCyvfux2J13bwEXK.gW3QDYJesnRmWgyg QHFqydz.ZSwxOaWifoV1w1qEEN83vGyWrC1Rr5lmB2aEZ1DoErEWaqR4_CvGk_JJeRBUtO.Qcoxz aBAZ9Q_BKv1px4zYejjIHyk_pEoty5aF06wP4jFyr2KNrdkuHJkojEEHvIW34QW1d4Nb8eB0TzTL KipYT2i.Br.VX3ztM4bhWFJuyoaAYkMstN8im.5z_A_FiFF926D2Jm_dNqqxYYjCZh9o0
Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.bf2.yahoo.com with HTTP; Thu, 7 Feb 2019 15:57:49 +0000
Received: from nat-vpn-users4.cfw-a-gci.net.buffalo.office.oath (EHLO [10.89.92.247]) ([184.165.8.99]) by smtp404.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID ce9e0489898e3cbc8124c4c1b32d8800; Thu, 07 Feb 2019 15:57:48 +0000 (UTC)
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "ace@ietf.org" <ace@ietf.org>
Cc: "oauth@ietf.org" <oauth@ietf.org>
References: <VI1PR0801MB21126944E558E53992EB7FD3FA680@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
Message-ID: <0ce67b13-b22c-bd7e-dda5-e30f6b074d79@aol.com>
Date: Thu, 7 Feb 2019 10:57:47 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <VI1PR0801MB21126944E558E53992EB7FD3FA680@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------93FF2A76804F6D717C6B7398"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/Vpo46CFt6QYWAxljgI6ZNZ2mwKw>
Subject: Re: [Ace] Resource, Audience, and req_aud
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2019 15:58:07 -0000

+1 for rationalizing this! :)

On 2/7/19 10:24 AM, Hannes Tschofenig wrote:
>
> Hi all,
>
> after re-reading token exchange, the resource indicator, and the 
> ace-oauth-params drafts I am wondering whether it is really necessary 
> to have different functionality in ACE vs. in OAuth for basic parameters.
>
> Imagine I use an Authorization Server and I support devices that use 
> CoAP and HTTP.
>
>  1. If a device uses CoAP then it has to use the req_aud parameter to
>     indicate to the authorization server that it wants to talk to a
>     specific resource server. It would either put a URI or a logical
>     name there.
>  2. If a device uses HTTP then it has to use either the resource
>     parameter to indicate to the authorization server that it wants to
>     talk to a resource server, which is identified using a URI, or the
>     audience parameter, if it uses a logical name.
>
> Ciao
> Hannes
>
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace