[Ace] draft-ietf-ace-oauth-authz-02
Somaraju Abhinav <abhinav.somaraju@tridonic.com> Mon, 10 October 2016 07:02 UTC
Return-Path: <abhinav.somaraju@tridonic.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0AF129413 for <ace@ietfa.amsl.com>; Mon, 10 Oct 2016 00:02:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=zgrp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y97D6a6_yfOj for <ace@ietfa.amsl.com>; Mon, 10 Oct 2016 00:02:19 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50102.outbound.protection.outlook.com [40.107.5.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89F7B128E18 for <ace@ietf.org>; Mon, 10 Oct 2016 00:02:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zgrp.onmicrosoft.com; s=selector1-tridonic-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ascuhtNPOUc2jzifIIN9eGiM3Xb9ZQJg7OWc1ZEPtzg=; b=oAlvC1blL1oiUwCXMuIA7WBiZUGQmyAv0lkM5aavg5vS4JPEOxu0TxgHjZoosiwCqZpWvNkXZo4s4R9ewFOe6ZmkHoPneuSpfLGLZkfzrJhs1grtX4c9Ckkdib1MV/zJfy+eGi6Zj+b9KKOuNv8W20MnpJ/alZl2EClxtLwMTo4=
Received: from DB6PR0601MB2198.eurprd06.prod.outlook.com (10.168.57.139) by DB6PR0601MB2200.eurprd06.prod.outlook.com (10.168.57.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Mon, 10 Oct 2016 07:02:14 +0000
Received: from DB6PR0601MB2198.eurprd06.prod.outlook.com ([10.168.57.139]) by DB6PR0601MB2198.eurprd06.prod.outlook.com ([10.168.57.139]) with mapi id 15.01.0649.027; Mon, 10 Oct 2016 07:02:13 +0000
From: Somaraju Abhinav <abhinav.somaraju@tridonic.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: draft-ietf-ace-oauth-authz-02
Thread-Index: AdIiwSPofEKafDkbQoO7BUP/zlfzfg==
Date: Mon, 10 Oct 2016 07:02:13 +0000
Message-ID: <DB6PR0601MB2198FA78698DEC6CDB51D275FCDB0@DB6PR0601MB2198.eurprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=abhinav.somaraju@tridonic.com;
x-originating-ip: [146.108.200.99]
x-ms-office365-filtering-correlation-id: 85fd829d-8ff7-4095-bb96-08d3f0db5cf6
x-microsoft-exchange-diagnostics: 1; DB6PR0601MB2200; 7:cM47vyjqkm2DtKdhWRYrFrtvX4GlX1JpwfRgZW3efOLqwsQKwSEIPMk8uutcraFc20JuSmeWSevRExxEYBLsM036JZJEtsPFHCfoEMlqvjJnbwW+QRZAwdE7yQZRTMPkvSdjT1xslgAm01aDKkt8Tme2p39SWwgePIP7V8PykbgwAOKpFHm5iIsvKo5kXlXjgRohypOnuQaESpKtFFcErsAmJZEJ1nBKD2LjXUU0q7vKAexBtEDvP4iVEBcE0VaFLoQpveuratkwPw4cFIxDJVorQrpRpEfJoNR5DiS3J0dqNe+qjyiCJvPUWpYABwraQ9I5LLV5iWlzMiauqhZVDyz09DlRr3t2kC4UiLq3jvg=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0601MB2200;
x-microsoft-antispam-prvs: <DB6PR0601MB22004CC99A9E91B2630B5EB1FCDB0@DB6PR0601MB2200.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(271806183753584)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:DB6PR0601MB2200; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0601MB2200;
x-forefront-prvs: 0091C8F1EB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(189002)(199003)(3280700002)(3660700001)(7696004)(2501003)(5890100001)(92566002)(19300405004)(106356001)(230783001)(76576001)(5660300001)(105586002)(229853001)(19580395003)(2351001)(122556002)(15975445007)(450100001)(77096005)(7846002)(7736002)(86362001)(9326002)(9686002)(81156014)(8936002)(8676002)(1730700003)(81166006)(5002640100001)(5630700001)(2900100001)(6916009)(107886002)(68736007)(2906002)(19625215002)(87936001)(97736004)(5640700001)(33656002)(101416001)(6116002)(110136003)(10400500002)(102836003)(3846002)(586003)(790700001)(74316002)(54356999)(189998001)(66066001)(50986999)(16236675004); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR0601MB2200; H:DB6PR0601MB2198.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: tridonic.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB6PR0601MB2198FA78698DEC6CDB51D275FCDB0DB6PR0601MB2198_"
MIME-Version: 1.0
X-OriginatorOrg: tridonic.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2016 07:02:13.5417 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8b206608-a593-4ace-a4b6-ef1fc83c9169
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2200
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/WjrGjCatvBTujL0EkUbzpJPoz1s>
Subject: [Ace] draft-ietf-ace-oauth-authz-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 07:02:22 -0000
Hi, I have been looking into this draft, which is very well written, and I would like a clarification regarding the workflow in figure 1 of the draft. This workflow is a bit different to the typical one I imagine for constrained clients/servers. Such devices would typically be provisioned from some kind of a commissioning tool and the tool would also initiate the provisioning process. Therefore, would it not be better to have a protocol flow that is not necessarily initiated by the client device? I show two options below. In Option 1, the Resource Owner would be a commissioning tool and in Option 2, the Authorization server would be the commissioning tool. In the protocol flow in your draft, I will need a proprietary method to generate the token request message from client to AS. OPTION 1: +--------+ +---------------+ | | | Resource | | | | Owner | | |<-(A)-- Authorization Grant ---| | | | +---------------+ | | | | +---------------+ | |--(B)-- Authorization Grant -->| Authorization | | Client | | Server | | |<-(C)----- Access Token -------| | | | +---------------+ | | | | +---------------+ | |--(D)----- Access Token ------>| Resource | | | | Server | | |<-(E)--- Protected Resource ---| | +--------+ +---------------+ OPTION 2: +--------+ +---------------+ | | | | | | | Authorization | | |<--(A)-- Access Token ---------| Server | | | + Client Information | | | | +---------------+ | | ^ | | | Introspection Request (C)| | | Client | | | | | Response + Client Token | |(D) | | | v | | +--------------+ | |---(B)-- Token + Request ----->| | | | | Resource | | |<--(E)-- Protected Resource ---| Server | | | | | +--------+ +--------------+ ________________________________________________________ The contents of this e-mail and any attachments are confidential to the intended recipient. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If this e-mail is received in error, please immediately notify the sender and delete the e-mail and attached documents. Please note that neither the sender nor the sender's company accept any responsibility for viruses and it is your responsibility to scan or otherwise check this e-mail and any attachments.
- Re: [Ace] draft-ietf-ace-oauth-authz-02 Somaraju Abhinav
- [Ace] draft-ietf-ace-oauth-authz-02 Somaraju Abhinav
- Re: [Ace] draft-ietf-ace-oauth-authz-02 Ludwig Seitz