Re: [Ace] WGLC for draft-ietf-ace-authz

Benjamin Kaduk <kaduk@mit.edu> Wed, 24 October 2018 01:45 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93825130DC5; Tue, 23 Oct 2018 18:45:02 -0700 (PDT)
X-Quarantine-ID: <pWtJTzRVH2jh>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWtJTzRVH2jh; Tue, 23 Oct 2018 18:45:00 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DD2E130DE8; Tue, 23 Oct 2018 18:45:00 -0700 (PDT)
X-AuditID: 12074424-ce7ff700000052c8-f8-5bcfce992f8c
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id F8.F6.21192.99ECFCB5; Tue, 23 Oct 2018 21:44:58 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.14.7/8.9.2) with ESMTP id w9O1it90022271; Tue, 23 Oct 2018 21:44:56 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) œby outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id w9O1ipmA002257 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Oct 2018 21:44:54 -0400
Date: Tue, 23 Oct 2018 20:44:51 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Ludwig Seitz <ludwig.seitz@ri.se>
Cc: Jim Schaad <ietf@augustcellars.com>, draft-ietf-ace-oauth-authz@ietf.org, ace@ietf.org
Message-ID: <20181024014450.GN45914@kduck.kaduk.org>
References: <065b01d45f4e$b8d372a0$2a7a57e0$@augustcellars.com> <028d01d46a3a$bc6414f0$352c3ed0$@augustcellars.com> <e430cb24-1ac8-5eaf-2513-399c345fc999@ri.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <e430cb24-1ac8-5eaf-2513-399c345fc999@ri.se>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJIsWRmVeSWpSXmKPExsUixCmqrDvr3Plog2+NvBbfv/UwW1xYsJzd YvX072wWrz5PZ3Vg8dg4Zzqbx5IlP5k8ljZtZgpgjuKySUnNySxLLdK3S+DKeLlxH1tBG0fF 5N3XmRoY17J1MXJwSAiYSJz/odfFyMkhJLCGSeL/VOMuRi4geyOjxI51b1kgnLtMEm8XTmUF qWIRUJV4OaOZEcRmE1CRaOi+zAxiiwDFTz79AmYzCyRLPNszgQXEFhYwkHh86QkTiM0LtOzm lJtMEEOXMEq8P3qIGSIhKHFy5hMWiGYtiRv/XjKBXMcsIC2x/B8HSJhTwFKi42Yf2BxRAWWJ vX2H2CcwCsxC0j0LSfcshO4FjMyrGGVTcqt0cxMzc4pTk3WLkxPz8lKLdM31cjNL9FJTSjcx gkKY3UVlB2N3j/chRgEORiUe3gO156OFWBPLiitzDzFKcjApifJePQwU4kvKT6nMSCzOiC8q zUktPsQowcGsJMKrrAGU401JrKxKLcqHSUlzsCiJ805sWRwtJJCeWJKanZpakFoEk5Xh4FCS 4DU5C9QoWJSanlqRlplTgpBm4uAEGc4DNNwZpIa3uCAxtzgzHSJ/ilFRSpzXHiQhAJLIKM2D 6wWlGIns/TWvGMWBXhHmnQdSxQNMT3Ddr4AGMwENvq5+BmRwSSJCSqqBsa/J2bD/xYKnFw0W M+e8ni8xRXTztfcLzqysb368O1Ba9bOz19lN+yp2LdT6/bpg7cROu23HWaYtU9Q/q17SX1TG ot2buYvvzKt2s6OOsrustn8+xJ3dEv0ziXlx1/FLBwIKGpKmlfIrTHvOf2FhgvcRC7ss5ZMO n3hCXsw+lVvAIXbAuSN1shJLcUaioRZzUXEiAPZxc18MAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/qOeD4DAIprKIRa9TSajOCQoAeOc>
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 01:45:03 -0000

Just one minor note -- this is a great discussion to see happening!

On Tue, Oct 23, 2018 at 04:43:14PM +0200, Ludwig Seitz wrote:
> 
> On 22/10/2018 21:09, Jim Schaad wrote:
> > * Section 5.8.2 - If the RS is going to do introspection, can it send some
> > type of "Server Busy - try again in xxx" while it does the introspection
> > rather than just doing an ack of the request and possibly waiting a long
> > time?
> 
> This is probably transport protocol specific, and we were asked not to 
> link the framework to a specific protocol, thus I don't know if we can 
> provide guidance here.

I think it would be okay to say something like "some transport protocols
may provide a way to indicate that the server is busy and the client should
retry after an interval; this type of status update would be appropriate
while the server is waiting for an introspection response".  Which does
provide guidance, but in a non-normative fashion that does not require or
prohibit any given transport protocol.

-Ben