IETF Logo Mail Archive

Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 19 February 2018 17:21 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 864D8126C0F for <ace@ietfa.amsl.com>; Mon, 19 Feb 2018 09:21:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KwBjHWg7pRN for <ace@ietfa.amsl.com>; Mon, 19 Feb 2018 09:21:05 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E65F1243F6 for <ace@ietf.org>; Mon, 19 Feb 2018 09:21:04 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id EA9BD20091; Mon, 19 Feb 2018 12:28:18 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 45A2D80C42; Mon, 19 Feb 2018 12:21:03 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Ludwig Seitz <ludwig.seitz@ri.se>
cc: ace@ietf.org
In-Reply-To: <60d737e6-81f2-1c86-63b2-9b58a320bbb5@ri.se>
References: <A5100B3E-DBA2-4FBF-9AE4-8E54CE161BCB@tzi.org> <AM4PR0801MB2706F84DFA48E37BBED4C512FAC90@AM4PR0801MB2706.eurprd08.prod.outlook.com> <05040BBB-5E6E-4569-8F8C-944CA04BBA3C@tzi.org> <60d737e6-81f2-1c86-63b2-9b58a320bbb5@ri.se>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 19 Feb 2018 12:21:03 -0500
Message-ID: <21896.1519060863@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/cqCJpTAaSTsQKrJTzJSvyHjIRQk>
Subject: Re: [Ace] draft-ietf-ace-oauth-authz-10.txt: Leaving implementers in the dark
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 17:21:06 -0000

Ludwig Seitz <ludwig.seitz@ri.se> wrote:
    > I agree that onboarding is a valid concern (which is why I wrote
    > appendix B), 
    > but lets not delay draft-ietf-ace-oauth-authz any further by adding a whole
    > new set of functionality in it.

Back at the beginning of ACE it was clear that onboarding was an entire
project of itself.  That's why I argued to keep it out of the first charter.

Onboarding suffers from a tendancy to boil the ocean, combined with the
elephant/blind-men problem.    The way to tackle onboarding is not with
a single unifying ocean boiling protocol, but rather by letting each
interested party define small protocols, and over time find commonality.
I get the vision of:  https://en.wikipedia.org/wiki/Nibbler

So while it is unfortunate if some implementers feel to be "in the dark",
before we could rectify that situation, we'd have to know which implementers
we are worried about.

-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email