Re: [Ace] Update of access rights
Jim Schaad <ietf@augustcellars.com> Mon, 18 May 2020 03:21 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D68C3A088C for <ace@ietfa.amsl.com>; Sun, 17 May 2020 20:21:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQE26s7ivr19 for <ace@ietfa.amsl.com>; Sun, 17 May 2020 20:21:46 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B47AB3A0889 for <ace@ietf.org>; Sun, 17 May 2020 20:21:45 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sun, 17 May 2020 20:21:38 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Francesca Palombini' <francesca.palombini@ericsson.com>
CC: 'Ace Wg' <ace@ietf.org>
References: <8063D003-2C48-4157-B80E-B7AF3D2099FC@ericsson.com> <20680.1588694462@localhost> <CB1396B3-5D52-422A-AFC4-0FB362C2C0F5@ericsson.com> <29287.1588780702@localhost>
In-Reply-To: <29287.1588780702@localhost>
Date: Sun, 17 May 2020 20:21:35 -0700
Message-ID: <006401d62cc3$70d795f0$5286c1d0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQHYz/rnI4HjFcemc1imkKmWhr9LqwIHn/F4Acb/RDkDYpVdMahuW8jw
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/kHftXv7QlPUnUum4oVx3PzIijYY>
Subject: Re: [Ace] Update of access rights
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2020 03:21:48 -0000
I have not had a chance to think this out and get all of the implications right, but my understanding is that what we were trying to avoid was having the same secret key/public key present on the RS in more than one token. This simplifies what the RS needs to do. However, I am now under the impression that having the RS deal with multiple tokens with the same public key might be less of an issue than trying to make some decisions on what tokens are supposed to supersede other tokens. One of the ways that this might be avoided is to push the problem to where it, in some sense, belongs. The AS should be able to make this type of decision if a token is supposed to replace an existing token or not and it has more knowledge about what tokens are associated with what keys. If we go back and say - the AS should include a CWTID in the token and then define a new claim which says - This token supersedes the token(s) with CWTID values of "x", "y" and "z". Jim
- [Ace] Update of access rights Francesca Palombini
- Re: [Ace] Update of access rights Seitz Ludwig
- Re: [Ace] Update of access rights Francesca Palombini
- Re: [Ace] Update of access rights Michael Richardson
- Re: [Ace] Update of access rights Francesca Palombini
- Re: [Ace] Update of access rights Michael Richardson
- Re: [Ace] Update of access rights Benjamin Kaduk
- Re: [Ace] Update of access rights Jim Schaad
- Re: [Ace] Update of access rights Olaf Bergmann
- Re: [Ace] Update of access rights Seitz Ludwig
- Re: [Ace] Update of access rights Jim Schaad