IETF Logo Mail Archive

Re: [Ace] [EXTERNAL] RE: Access token question

Carsten Bormann <cabo@tzi.org> Mon, 24 February 2020 20:14 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CD983A1250 for <ace@ietfa.amsl.com>; Mon, 24 Feb 2020 12:14:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TX54za4Hjvwr for <ace@ietfa.amsl.com>; Mon, 24 Feb 2020 12:14:53 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF7BB3A0EB8 for <ace@ietf.org>; Mon, 24 Feb 2020 12:14:52 -0800 (PST)
Received: from client-0217.vpn.uni-bremen.de (client-0217.vpn.uni-bremen.de [134.102.107.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 48RCwC0ggkz10sF; Mon, 24 Feb 2020 21:14:51 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <01a201d5eb34$6c2d42f0$4487c8d0$@augustcellars.com>
Date: Mon, 24 Feb 2020 21:14:50 +0100
Cc: Francesca Palombini <francesca.palombini@ericsson.com>, Mike Jones <Michael.Jones@microsoft.com>, Seitz Ludwig <ludwig.seitz@combitech.se>, Ace Wg <ace@ietf.org>
X-Mao-Original-Outgoing-Id: 604268090.447413-05a4db474518ccd0d05232b5a83c8fdc
Content-Transfer-Encoding: quoted-printable
Message-Id: <57654FD4-108A-4305-A3CE-946E6A7DED01@tzi.org>
References: <C233BD01-B46E-458A-A9B0-E1FB03E82C67@ericsson.com> <00da01d5e8da$7ce45130$76acf390$@augustcellars.com> <DM6PR00MB068296640E3FC5A119328C10F5120@DM6PR00MB0682.namprd00.prod.outlook.com> <D7ED6308-E621-476E-8C4A-17B10F5E7356@ericsson.com> <01a201d5eb34$6c2d42f0$4487c8d0$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/eVVqdpgtkznUCAzAQMz6PVONitA>
Subject: Re: [Ace] [EXTERNAL] RE: Access token question
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 20:14:56 -0000

On 2020-02-24, at 18:04, Jim Schaad <ietf@augustcellars.com> wrote:
> 
> 	• The proposal from Carsten that has not get adopted anywhere yet.

Well, not adopted in the literal sense, but it has been used as a blueprint both in research works and in standardization.

The main question that is holding this back from being a more complete solution is how to represent authorization that is dependent on request parameters (in particular, in bodies, both FETCH and POST/PATCH).
Maybe that is too hard to do in a generic way, and AIF should focus on providing a placeholder for profile specific information about request body handling.

(I have taken the opportunity to resubmit AIF with updated references: 

https://datatracker.ietf.org/doc/draft-bormann-core-ace-aif/
.)

Grüße, Carsten

v2.23.0 | Report a Bug | By Email