Re: [Ace] WGLC for draft-ietf-ace-authz
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 25 October 2018 17:41 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF7FA130DFC for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 10:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NhwkAfo2OH52 for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 10:41:32 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42525126F72 for <ace@ietf.org>; Thu, 25 Oct 2018 10:41:32 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id DB40320008 for <ace@ietf.org>; Thu, 25 Oct 2018 13:41:28 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 688C4230D; Thu, 25 Oct 2018 13:41:31 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 6597C1891 for <ace@ietf.org>; Thu, 25 Oct 2018 13:41:31 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "ace@ietf.org" <ace@ietf.org>
In-Reply-To: <877ei6tnwf.fsf@tzi.org>
References: <065b01d45f4e$b8d372a0$2a7a57e0$@augustcellars.com> <SN6PR00MB0301580A2D802AB0F559A170F5F70@SN6PR00MB0301.namprd00.prod.outlook.com> <3B32C31E-11C3-4808-82DC-3C75C949A0E9@tzi.org> <877ei6tnwf.fsf@tzi.org>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 25 Oct 2018 13:41:31 -0400
Message-ID: <10375.1540489291@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/mpWBfDxDHKt0fNo6kAAiwLnyj1c>
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 17:41:34 -0000
Olaf Bergmann <bergmann@tzi.org> wrote: >> +1 for making all the CWT-like structures into real CWTs. > Not every key/value-pair encoded as CBOR is automatically a CWT. What > happens here is that we are trying to force every protocol element that > is required to solve an application-specific problem to fit into > existing registered OAuth elements. As already pointed out by Mike, this > does not work well because ACE is different from vanilla OAuth. We tried at first to fit RFC8366 (vouchers) into JWTs (and thus CWTs for constrained vouchers), but we found the OAuth claim statements too confusing for what we were doing. We could have made it work, but it just felt wrong. > The best solution I can imagine to conserve precious number space is to > use the media type (Content-Format in CoAP) as differientiator and use > CWT-numbers only for things that are CWTs I would agree. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Benjamin Kaduk
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Mike Jones
- Re: [Ace] WGLC for draft-ietf-ace-authz Carsten Bormann
- Re: [Ace] WGLC for draft-ietf-ace-authz Olaf Bergmann
- Re: [Ace] WGLC for draft-ietf-ace-authz Carsten Bormann
- Re: [Ace] WGLC for draft-ietf-ace-authz Michael Richardson
- Re: [Ace] WGLC for draft-ietf-ace-authz Carsten Bormann
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Michael Richardson
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Mike Jones
- Re: [Ace] WGLC for draft-ietf-ace-authz Ludwig Seitz
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Jim Schaad
- Re: [Ace] WGLC for draft-ietf-ace-authz Mike Jones