[Ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-03.txt
Marco Tiloca <marco.tiloca@ri.se> Fri, 06 November 2020 08:08 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 922203A0DA5 for <ace@ietfa.amsl.com>; Fri, 6 Nov 2020 00:08:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkoMkJu-NTRG for <ace@ietfa.amsl.com>; Fri, 6 Nov 2020 00:08:40 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130044.outbound.protection.outlook.com [40.107.13.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 748243A0CBA for <ace@ietf.org>; Fri, 6 Nov 2020 00:08:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KOjiXfSjtfY5IhYedkOAcm05A80hM0nNjzYDXixMN5C2bkggFl1gpTWi6qCmyoreDhr/wq4E4eEFRR7cbbI7kies9EAQvU6Q+BboM41XHFjX6swfen1y8rMscNd5uI2fOmdDE75xuMlt1Su5z0yyXUAQjdQ6dunysqcVaa48Gpd7AaLki2uYRKPvgdgSo03Gw48lzp66T4rNfa+ig6vn6xWr7k2PuR5plpKO4PXibi3qCT4R6Sbf3dRCGnpreJ/5+KqrBuAS3sVqLKR0Yr6T40HK9CgCl8ojmwqEU0xK83uqiiFDn6c947sm/eUAI9fhwKCgGdqGqi6jkRSEWrAIjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c943VuXbdwyBCMrVImpMoqrZEYSUs47i/x2EFHq3loI=; b=UZw//p8Q+O1Wu8bTczXBCHw/YYJMDKMiC9XlrDzj70cn80Xa2kY4n2hixU7+rg7AlNA/15Op9oAufS+CVbC6K/HYbIV2zzcByWAE0IDWrA27NkEd5qHgKT7ZNF3uTLkVnlojQoJM1WfwamOQOaleY7LdF8+b6we7WzS47kzRC2E6A7Osj8puQ0IMekztLyFTTqVDO4MsUiSrvg6AtkZofQLmeSyGZk8AE9+cgbgiYW8DW/tM49oeDHIiEth0Tp2J2Q7yyyqsZKmo4Q3dqa8ywsQKycSW6/My2uQJ6fXToZ42rvYVVfC8eMlVZzJAp7j5EObd6ks2LmZGoPk66ypELw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c943VuXbdwyBCMrVImpMoqrZEYSUs47i/x2EFHq3loI=; b=Zu0titEkroRw6ooeWuksfMgmdfQ7WWjf/wHNTtnEpoonHPLn2eamq3lvGxVUBmIoztnujn2XQzFH3GqqbcJB4TbR1tR/tswoAVAiAGxjlIsWzLpFy1MNgBj4yN0ZdCfNj8e2pTgAS2cmIf1KUy2zwSqyUoikeIy1UpbiQeYgO5g=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB8P189MB1047.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:14b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21; Fri, 6 Nov 2020 08:08:36 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::c906:d500:5041:56fd]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::c906:d500:5041:56fd%9]) with mapi id 15.20.3541.022; Fri, 6 Nov 2020 08:08:36 +0000
References: <160433851333.25365.11567584336781130433@ietfa.amsl.com>
To: Ace Wg <ace@ietf.org>
From: Marco Tiloca <marco.tiloca@ri.se>
Autocrypt: addr=marco.tiloca@ri.se; prefer-encrypt=mutual; keydata= mQENBFSNeRUBCAC44iazWzj/PE3TiAlBsaWna0JbdIAJFHB8PLrqthI0ZG7GnCLNR8ZhDz6Z aRDPC4FR3UcMhPgZpJIqa6Zi8yWYCqF7A7QhT7E1WdQR1G0+6xUEd0ZD+QBdf29pQadrVZAt 0G4CkUnq5H+Sm05aw2Cpv3JfsATVaemWmujnMTvZ3dFudCGNdsY6kPSVzMRyedX7ArLXyF+0 Kh1T4WUW6NHfEWltnzkcqRhn2NcZtADsxWrMBgZXkLE/dP67SnyFjWYpz7aNpxxA+mb5WBT+ NrSetJlljT0QOXrXMGh98GLfNnLAl6gJryE6MZazN5oxkJgkAep8SevFXzglj7CAsh4PABEB AAG0Nk1hcmNvIFRpbG9jYSAobWFyY28udGlsb2NhQHJpLnNlKSA8bWFyY28udGlsb2NhQHJp LnNlPokBNwQTAQgAIQUCWkAnkAIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDuJmS0 DljaQwEvCACJKPJIPGH0oGnLJY4G1I2DgNiyVKt1H4kkc/eT8Bz9OSbAxgZo3Jky382e4Dba ayWrQRFen0aLSFuzbU4BX4O/YRSaIqUO3KwUNO1iTC65OHz0XirGohPUOsc0SEMtpm+4zfYG 7G8p35MK0h9gpwgGMG0j0mZX4RDjuywC88i1VxCwMWGaZRlUrPXkC3nqDDRcPtuEGpncWhAV Qt2ZqeyITv9KCUmDntmXLPe6vEXtOfI9Z3HeqeI8OkGwXpotVobgLa/mVmFj6EALDzj7HC2u tfgxECBJddmcDInrvGgTkZtXEVbyLQuiK20lJmYnmPWN8DXaVVaQ4XP/lXUrzoEzuQENBFSN eRUBCACWmp+k6LkY4/ey7eA7umYVc22iyVqAEXmywDYzEjewYwRcjTrH/Nx1EqwjIDuW+BBE oMLRZOHCgmjo6HRmWIutcYVCt9ieokultkor9BBoQVPiI+Tp51Op02ifkGcrEQNZi7q3fmOt hFZwZ6NJnUbA2bycaKZ8oClvDCQj6AjEydBPnS73UaEoDsqsGVjZwChfOMg5OyFm90QjpIw8 m0uDVcCzKKfxq3T/z7tyRgucIUe84EzBuuJBESEjK/hF0nR2LDh1ShD29FWrFZSNVVCVu1UY ZLAayf8oKKHHpM+whfjEYO4XsDpV4zQ15A+D15HRiHR6Adf4PDtPM1DCwggjABEBAAGJAR8E GAECAAkFAlSNeRUCGwwACgkQ7iZktA5Y2kPGEwf/WNjTy3z74vLmHycVsFXXoQ8W1+858mRy Ad0a8JYzY3xB7CVtqI3Hy894Qcw4H6G799A1OL9B1EeA8Yj3aOz0NbUyf5GW+iotr3h8+KIC OYZ34/BQaOLzdvDNmRoGHn+NeTzhF7eSeiPKi2jex+NVodhjOVGXw8EhYGkeZLvynHEboiLM 4TbyPbVR9HsdVqKGVTDxKSE3namo3kvtY6syRFIiUz5WzJfYAuqbt6m3TxDEb8sA9pzaLuhm fnJRc12H5NVZEZmE/EkJFTlkP4wnZyOSf/r2/Vd0iHauBwv57cpY6HFFMe7rvK4s7ME5zctO Ely5C6NCu1ZaNtdUuqDSPA==
X-Forwarded-Message-Id: <160433851333.25365.11567584336781130433@ietfa.amsl.com>
Message-ID: <1efe700c-4d14-5920-e0b0-a7bd63880ad1@ri.se>
Date: Fri, 06 Nov 2020 09:08:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <160433851333.25365.11567584336781130433@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Yie3zCPZoltP7VyBnYW1RKXq68oe8eoLz"
X-Originating-IP: [45.12.220.244]
X-ClientProxiedBy: HE1PR07CA0018.eurprd07.prod.outlook.com (2603:10a6:7:67::28) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.4] (45.12.220.244) by HE1PR07CA0018.eurprd07.prod.outlook.com (2603:10a6:7:67::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.10 via Frontend Transport; Fri, 6 Nov 2020 08:08:36 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e7ca85c6-4ad7-4ed6-9f9d-08d8822b2973
X-MS-TrafficTypeDiagnostic: DB8P189MB1047:
X-Microsoft-Antispam-PRVS: <DB8P189MB10475B5E1C7946549063460499ED0@DB8P189MB1047.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: QL86uELZ0Jlvj7ITn9uXoHV2xlDXUtl+Kk55BCXl7pVyVsODfJuvRelsfx9kgtjqWrPDmOFiZy6ZaNRqEhtqoWBVewvivxxnL/G2gL8dLKQD0N2R2G8W9Flqg+b1VrtXuVdHDNKlhCHZL2fGoKvKIk0svwVDTmfPJiJg3HSxioxEq2JhmA2X+72cmU+wA1445wW157RZJYI8JTYSbHQH3NxCXcRrt0x3ggf6TGhbA5JZCh+kO/mpdD57qaLYtq7bN/h9R67IaA/VP7pZPRYIuukyISHcK/aM1QivlC4slqlKksBpB3Job4df+4+TjBcE1oltrTAKa5mvAB+3YbGWY2Kjx+4IHIyWTjRZE7+lbi6KAAV7gypj41rnwHUVbqrOGfWMtLD1QNL6czB5X5VMzKiBaCXb7ALIXMENC6ShyinvK52Rhxz7HZcgop7HGyccl/kSxyxH82VFkCAAcHUL3w==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(39850400004)(136003)(396003)(346002)(376002)(16576012)(44832011)(6916009)(966005)(45080400002)(316002)(86362001)(6666004)(8676002)(2616005)(956004)(52116002)(478600001)(33964004)(31696002)(26005)(83380400001)(21480400003)(8936002)(66946007)(66556008)(66476007)(166002)(15650500001)(66574015)(6486002)(186003)(36756003)(5660300002)(235185007)(2906002)(16526019)(31686004)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 394l5/v4oNr9yOJzTaJeBEOSxCQAKzHWgBkr77BdJMxoB+nU8qtNDZjNE41EZD4Ojtmz4332zLdmkYH9S4iPM1IGrheBCbAYPBLDSA75u+4SOaxn95pMRKvxyjYIOhkaiyTosgzHc6zLavmAVnlSBSlConX+ZisEG0+KnY0RYTkOzUeavE6hpi0Qfij9bQQ5E09eyUdPZfGMcOX/NP+5B2mXJ1Vvb3iCHeZ/fPPoxqH3pI+tqaGcda/VT108vTj7OxdKSFgjEFnwIR8XxxvWefWIe9PxkueraNfJI9n9YZg5JdCCmcgk+8D9FxZO92OjI4ILRw54CajB976DiMdbS7huTClFMREVRporb5VuV1Vil9Fv1ER5uVqjhBX5AARbOD/IrdX3qclE636/VGBWm+EX//CTUvAwDXRR9ndzZ9g/Wbh/JPFSSeZLqLyrROvu/qkiwKqwD5z9EjMaw+hgcAKBUZPV1aGyQ43Zo6dCmyO9g0OYMwVLI4qxlK65B5d9rLCv84AhpCm+xIxcg84QbHz0F/xwz4+mKhhqg0BbEKlIM0r+pN9SxWLPiKF3fGh3w3JWtlpWm+qNWSdlpQudYcK6f6oD/m42aSIfMfeN4n/ezMb9G6PndZdPpkqbUcqN6B0FQi2Qre4WGR08WJtR6wU21VsQjNaSRPrJM9gzxQjx7uwzczdCvwebPiu8vEt13TMsP76FlSHCczhHpcZIhAJoXeEJeqDuIhXgL01qVyuv15JnNaZ7sd9jis1hPDUFPAfMJvuxpsJA6Ihwt9U/QAVRTn67gvH/eqqVboO545dEvTq64wMgqozRPDfaBqRoxiV6qoBXqBniQVNg1DOftPDuz3WdJKDH48PzIdStYQtvxSRUIudHai0l2lU38E/GEa5k+1pEv1jD84FubAQ1mg==
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: e7ca85c6-4ad7-4ed6-9f9d-08d8822b2973
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2020 08:08:36.6679 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: CwIQlLWLZ0HRgPhc/wMGcbyMxaTRrOmkTp5S+RYhjgOJ/Vr/Il/ZXoOwHjZ2hjWR/TjQHID+IafZMh/1a5filA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB1047
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/kx2Q4taf2hMQeGs0iZi7L7DwcOs>
Subject: [Ace] Fwd: New Version Notification for draft-tiloca-ace-revoked-token-notification-03.txt
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2020 08:08:44 -0000
Hello ACE, We have recently submitted an updated version of draft-tiloca-ace-revoked-token-notification https://tools.ietf.org/html/draft-tiloca-ace-revoked-token-notification-03 The document describes how an Authorization Server can notify Clients and Resource Servers of revoked but yet not expired Access Tokens. This is achieved by means of a Token Revocation List (TRL) resource at the AS, that a device can access and observe by using resource observation for CoAP. The approach complements token introspection at the AS, and does not require additional endpoints on Clients and Resource Servers. This version further builds on the major update in version -02, and is especially about: 1) Providing an additional circumstance by which Access Tokens can be revoked. 2) Making more explicit examples of Token Hash computing. 3) Two additional interaction examples, also using the Diff Query mode. Comments are very welcome! Best, /Marco -------- Forwarded Message -------- Subject: New Version Notification for draft-tiloca-ace-revoked-token-notification-03.txt Date: Mon, 02 Nov 2020 09:35:13 -0800 From: internet-drafts@ietf.org To: Grace Lewis <glewis@sei.cmu.edu>, Francesca Palombini <francesca.palombini@ericsson.com>, Ludwig Seitz <ludwig.seitz@combitech.se>, Marco Tiloca <marco.tiloca@ri.se>, Sebastian Echeverria <secheverria@sei.cmu.edu> A new version of I-D, draft-tiloca-ace-revoked-token-notification-03.txt has been successfully submitted by Marco Tiloca and posted to the IETF repository. Name: draft-tiloca-ace-revoked-token-notification Revision: 03 Title: Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework Document date: 2020-11-02 Group: Individual Submission Pages: 28 URL: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-tiloca-ace-revoked-token-notification-03.txt&data=04%7C01%7Cmarco.tiloca%40ri.se%7C638abc7c07334b828f5b08d87f55a9a3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399353636077617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=KYWBu49HnAb7MHodW4P6FdGfOhNO1781ZigtBRLli3I%3D&reserved=0 Status: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-tiloca-ace-revoked-token-notification%2F&data=04%7C01%7Cmarco.tiloca%40ri.se%7C638abc7c07334b828f5b08d87f55a9a3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399353636077617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=35xTqmNIguGC5pEYgDvOZod2e5Ra6BWxARG8VWyVyLc%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tiloca-ace-revoked-token-notification&data=04%7C01%7Cmarco.tiloca%40ri.se%7C638abc7c07334b828f5b08d87f55a9a3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399353636077617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=sgMAyR%2B9hbq5DWo%2FsYwU5P4oRfCzfOfVbqAXDBoidlU%3D&reserved=0 Htmlized: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-tiloca-ace-revoked-token-notification-03&data=04%7C01%7Cmarco.tiloca%40ri.se%7C638abc7c07334b828f5b08d87f55a9a3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399353636077617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=oPLO%2Fqcifo0naSk7reIwHsy%2FEHzH2gRhdXOrSKmF%2BNs%3D&reserved=0 Diff: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfcdiff%3Furl2%3Ddraft-tiloca-ace-revoked-token-notification-03&data=04%7C01%7Cmarco.tiloca%40ri.se%7C638abc7c07334b828f5b08d87f55a9a3%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C637399353636077617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=g1jRVH03W93dFxE49yD%2FK9dB0oNevtiWMrgrYwkF%2FzI%3D&reserved=0 Abstract: This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an Authorization Server to notify Clients and Resource Servers (i.e., registered devices) about revoked Access Tokens. The method relies on resource observation for the Constrained Application Protocol (CoAP), with Clients and Resource Servers observing a Token Revocation List on the Authorization Server. Resulting unsolicited notifications of revoked Access Tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on Clients and Resource Servers. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Ace] Fwd: New Version Notification for draft-til… Marco Tiloca