IETF Logo Mail Archive

Re: [Ace] WGLC for draft-ietf-ace-authz

Mike Jones <Michael.Jones@microsoft.com> Wed, 31 October 2018 16:07 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E96A130DC2 for <ace@ietfa.amsl.com>; Wed, 31 Oct 2018 09:07:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.47
X-Spam-Level:
X-Spam-Status: No, score=-2.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RhsVt2_HLwJ2 for <ace@ietfa.amsl.com>; Wed, 31 Oct 2018 09:07:54 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640109.outbound.protection.outlook.com [40.107.64.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5FE71293FB for <ace@ietf.org>; Wed, 31 Oct 2018 09:07:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F+gKN0JiWT+06KvG/dUY05/dbe+BTMekncoKvQcYlYk=; b=YUw6+7WN9/mWkAqBL5c6hedcCxEk/wtn25xs/5/YvYCVYUhrWANWz23Vx2mgGi3WaI0PyNi304RKJjTvOGKzOhg4DSY7XOii6TIfyT/RRpESt7y6f8oIFljPFvLyMCLN9UzxGOlCR39t5xmks1PW6g6AIePPbxJr9brSfWLS808=
Received: from MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) by MW2PR00MB0331.namprd00.prod.outlook.com (52.132.148.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1336.0; Wed, 31 Oct 2018 16:07:51 +0000
Received: from MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::adfd:292e:1b8e:cbd]) by MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::adfd:292e:1b8e:cbd%6]) with mapi id 15.20.1336.000; Wed, 31 Oct 2018 16:07:51 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Ludwig Seitz <ludwig.seitz@ri.se>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] WGLC for draft-ietf-ace-authz
Thread-Index: AdRfTbZXRdy06+geSTKJtOzYofxg+gMqrfqQARRiMgAADUwxsAAeiGIAAA6hK8A=
Date: Wed, 31 Oct 2018 16:07:51 +0000
Message-ID: <MW2PR00MB0298FCCCFFDEBCBAF8AAD982F5CD0@MW2PR00MB0298.namprd00.prod.outlook.com>
References: <065b01d45f4e$b8d372a0$2a7a57e0$@augustcellars.com> <SN6PR00MB0301580A2D802AB0F559A170F5F70@SN6PR00MB0301.namprd00.prod.outlook.com> <5eb071c6-1a9e-e86a-a7d1-cc0fb8cbac42@ri.se> <SN6PR00MB03017E27B15E777091EDFD31F5CC0@SN6PR00MB0301.namprd00.prod.outlook.com> <0f81494a-de97-791b-789b-bdbade52aa3b@ri.se>
In-Reply-To: <0f81494a-de97-791b-789b-bdbade52aa3b@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.95.50]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0331; 6:5AtTfk+2sljUdfXTdsMeu/jUAkXVNeqOAgVno7S17i0D8vdGSlVv0DAySlvdBJQ8jztH/utUwJl/IS533Z56kfl6u63YL2vL+NoTQfP40ARQT28KNYZQQxCOqPKZuijJuNdkE7tbpdHol2vtzXqY10HzyqMvW6NTE/OyEBQS1ySOz659bRSj99NglxHSS/jsCg0NIaos17r05gL3l3jmvrTOMe5xvQtR2eob1ptn/e+cPXKahXt4U8dxuHEG+VYLhtGZZnDHrnZ+sBgK1WGjuAYgph367QCHX5y8g+XeMNnLFbBZocdKHMADnbJmiAOTITW3fSfRxjY0+NTX2R4Ubnq4rs7lemTBatIenjJ/DVohCMWEib2MinMIM8KyUiW94i7HyMyyDOF2gWcROeE1aTenEFTE9BZlyV1lZPCyNSLMB/g1h7WBgeFr3LXQN8B7nWhbeTwyG3oWhiIcorxRQA==; 5:OntilyiLY6soAqoZV1LRWKazY5jberaTbK9vaHg/HvIob6POON2YABwBm6aQjVnk6mQjQiBLaQ0jtPbh4ofmY2jshRxnLzj0oanRQcTmp0Pi3hUUeYIBQlQPCIv5g24X02aTzB1qA7wPIy+56kiMpvqqxFyqmjxpJaJUvKWTK+c=; 7:U150ZmLLldtbF5/b9ehKKhBPJfAr6rkLvTUxKlTd6SPI+03nmVuol6ztfO6pGQ8tIvux6v/eKcKxO5Mxy6sMxsHYB0lckeKr8WyOHE7r/xfWYXP7wopaJ7KRYmNiBPYGjkKfPBVHCZCctgRZKxumcQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c010c134-f754-4339-b27a-08d63f4b0260
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:MW2PR00MB0331;
x-ms-traffictypediagnostic: MW2PR00MB0331:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB0331A0B957375C1F3D965171F5CD0@MW2PR00MB0331.namprd00.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(8220035)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(93006095)(93001095)(3231382)(944501410)(52105102)(2018427008)(10201501046)(3002001)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:MW2PR00MB0331; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0331;
x-forefront-prvs: 084285FC5C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(366004)(396003)(136003)(51914003)(13464003)(199004)(189003)(478600001)(9686003)(72206003)(97736004)(55016002)(106356001)(105586002)(53936002)(10290500003)(5660300001)(8990500004)(6246003)(229853002)(2501003)(2900100001)(76176011)(110136005)(7696005)(8676002)(7736002)(99286004)(8936002)(305945005)(81156014)(81166006)(22452003)(33656002)(74316002)(14454004)(316002)(5250100002)(102836004)(93886005)(66066001)(26005)(68736007)(14444005)(53546011)(6506007)(25786009)(10090500001)(256004)(6436002)(71190400001)(486006)(186003)(86362001)(71200400001)(6116002)(3846002)(2906002)(345774005)(446003)(86612001)(11346002)(476003); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0331; H:MW2PR00MB0298.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: dsx4EgQbtg3h8a1jt21qqPloh0JClOGrm4XI8EQKJ1vkR17FCeHSrSPBgsymWDXKPkO4f5gaHIdqDEEwNfKZUxa7c14kfNhp+94V6HmYtiztfR9JGZXGvXHooBCRbyS/iKyTIj4aMNunr4fOuJNwEU72sQ6zOZOG6sG2wM+1nMrZrMvx/8UdqgPw15kHoUEWc1GchDs4jwMRGssWv+nWcJNcTy2OrzQ0Rc47J1Kc28Tnf1SdwFjp7xTTNM3Ft490k/c71VS268HhvwmpPuFLRP7e4deQESbhnnx6I/QMp+6gpjGp0F4PAw9P0qnBBFbASy67Zouo6rHk74XeUpg2/r6uMO06i8EZgNNuy7iSND4=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c010c134-f754-4339-b27a-08d63f4b0260
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2018 16:07:51.3341 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0331
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/om8TbqX-7N9QIbvJZOvZZ4MQdps>
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 16:07:56 -0000

This sounds like a good solution, Ludwig.  Thanks for the productive conversation.

				-- Mike

-----Original Message-----
From: Ludwig Seitz <ludwig.seitz@ri.se> 
Sent: Wednesday, October 31, 2018 2:08 AM
To: Mike Jones <Michael.Jones@microsoft.com>; ace@ietf.org
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz

On 30/10/2018 19:52, Mike Jones wrote:
> Thanks for your responses, Ludwig.
> 
...
>
>  I could live with "access_token" having a single-byte representation, 
> since as you point out, it is needed for every ACE OAuth interaction.  
> An "error" value is only needed when something goes wrong, so that 
> doesn't seem like a case that needs to be optimized for space.  A 
> two-byte "error" representation will only be used when errors have 
> occurred, so shouldn't be a problem.
> 
> -- Mike
> 
> -----Original Message----- From: Ace <ace-bounces@ietf.org> On Behalf


Thank you for the quick and comprehensive answer Mike!

I conclude the following:

We are in agreement about giving "profile", "error", "token_type" and "grant_type" two-byte abbreviations in CBOR.

"scope" and "access_token" will get a one-byte abbreviation aligned with the unused numbers from CWT claims.

At IETF 103 I will propose the solution of registering all parameter abbreviations in the CWT claim registry in order to align abbreviations and avoid duplicate assignments.

If a signed request (and response) format is needed I am all for using CWT in the context of ACE access token requests, responses and introspection requests and responses. I will take up that discussion at IETF 103.

I will propose to make "token_type" and "grant_type" OPTIONAL, deviating from the OAuth 2.0 specs and defining the default token type to be "PoP" 
and the default grant_type to be "client_credentials".
This will avoid having to send grant_type with every access token request and token_type with every successful access token response.


Regards,

Ludwig


--
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51

v2.23.0 | Report a Bug | By Email