[Ace] "sub" and "iss" ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 22 June 2018 13:36 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34A75130E60 for <ace@ietfa.amsl.com>; Fri, 22 Jun 2018 06:36:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LiElG29RJ2ME for <ace@ietfa.amsl.com>; Fri, 22 Jun 2018 06:36:19 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0057.outbound.protection.outlook.com [104.47.1.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE4BC130E5E for <ace@ietf.org>; Fri, 22 Jun 2018 06:36:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FL+8nNlHj33y8nu6OmrO9XVNCXqpW9Eux8Z7yZtsK/s=; b=p0C2fr8x0TdfiLpTX45H+C8pg0TgUKbtZBJILHNXr8RwRQl948+nZvXolVCVgXc1jS0QxTs+1w/+tgU8/aR/ntOYi7Uqw9PkfdUW0jgKgeWqohFfGQH0Pu2QRi7h3BkPP4pKMnggqcb/WJXM8kH+Jyob85nuv0/E1ZegHNWZNqo=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1616.eurprd08.prod.outlook.com (10.167.211.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.863.19; Fri, 22 Jun 2018 13:36:16 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::d1df:1498:96ec:6b35]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::d1df:1498:96ec:6b35%4]) with mapi id 15.20.0863.021; Fri, 22 Jun 2018 13:36:16 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Roman Danyliw <rdd@cert.org>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: "sub" and "iss" ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
Thread-Index: AdQJ/3hMPxiML8tzRZiI8rJseWPrOA==
Date: Fri, 22 Jun 2018 13:36:16 +0000
Message-ID: <VI1PR0801MB2112BB6040C1328028D566F8FA750@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.115.225]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1616; 7:2YROXirYX0spCieX/7yLK/sLCRoeM0OPaj9E0s5dCkHRehWW00+VwMzmhYHzBcpmmEEq7PF0J9B3tbuRQBD1db2hcy6wbpGncoiItfTBQUf0Q7C89ub7XUdm+Z0ke33hV7I7Jh56/4zvNJ6sOzxnhKV0Qch52/s1StaggTPfMujVHiFiV43k8qiM2gEGobjJQD7sgkxD08XVU5t33euQ/AHT5KwhdNqYXq1AP7/YtanabWgw/so5IBXnxvr9CViE
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 72181504-b601-4043-e8ef-08d5d845213c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1616;
x-ms-traffictypediagnostic: VI1PR0801MB1616:
x-microsoft-antispam-prvs: <VI1PR0801MB16169FFB10BAFB93E39E96C2FA750@VI1PR0801MB1616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705)(223705240517415);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB1616; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1616;
x-forefront-prvs: 071156160B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(39860400002)(39380400002)(396003)(346002)(40434004)(189003)(199004)(5660300001)(59450400001)(68736007)(86362001)(14454004)(2900100001)(102836004)(186003)(316002)(106356001)(105586002)(476003)(74316002)(6436002)(26005)(478600001)(72206003)(6506007)(7696005)(2906002)(99286004)(25786009)(305945005)(110136005)(3846002)(8936002)(3280700002)(9686003)(486006)(5890100001)(55016002)(5250100002)(6116002)(2501003)(66066001)(8676002)(53936002)(3660700001)(97736004)(7736002)(33656002)(81166006)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1616; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 41LFObq5dBk+YJ9sEn6Xfi4Edg80q7LVEsUsLU9AbA+lxuJt8/5ZR9qx5QXOe4S3Pa8pFSnPtGXDv51HwLnfbOyHFZ2P0G7/Wyz/swgLZWqODO5YUmrwkrQ9W2HgPb+wRW6oIHBbSY2AwhRSBJ3NVXYwDaggOUfH+bt45yU2rEqoWA7v76IGCzdIo7IjguHt6fjvFBq9+0iWRnMASRi4PxTwjMDM3vrsBYvbqchFsMyC4lgzOpm+cGTscz9PHBhL8QMaogxMmvZG5sXZp40W4LCaNibplhxDPX+bB7Fa2Jd7kZrAqNQopajkn97uq6UquQaOkI71G/tLuaIVJ3UwSQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 72181504-b601-4043-e8ef-08d5d845213c
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2018 13:36:16.4005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1616
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/rTjihG7N3rm4t4YH7hOwVVxn9F8>
Subject: [Ace] "sub" and "iss" ... RE: WGLC feedback on draft-ietf-ace-cwt-proof-of-possession-02
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jun 2018 13:36:22 -0000
Hi Roman, this is also a good question: > (3) (Editorial) Page 4, Section 3.0, I read to the end of this section by which point there has been discussion of "sub" or "iss". I was left wondering about how to interpret the case where both are present and none are. Here is the text from the draft: " The presenter can be identified in one of several ways by the CWT depending upon the application requirements. If the CWT contains a "sub" (subject) claim [CWT], the presenter is normally the subject identified by the CWT. (In some applications, the subject identifier will be relative to the issuer identified by the "iss" (issuer) claim [CWT].) If the CWT contains no "sub" claim, the presenter is normally the issuer identified by the CWT using the "iss" claim. The case in which the presenter is the subject of the CWT is analogous to Security Assertion Markup Language (SAML) 2.0 [OASIS.saml-core-2.0-os] SubjectConfirmation usage. At least one of the "sub" and "iss" claims is typically present in the CWT and some use cases may require that both be present. " The CWT PoP document does not define the subject or issuer claims. The document also not mandate a specific set of claims to be included in a CWT since this is application profile specific. Hence, I am wondering whether we could shorten the paragraph above, which is actually a bit confusing. " This specification adds a new claim to offer the proof-of-possession functionality. There are various claims already defined and the IANA claims registry [REF] contains the most up-to-date list of standardized claims. Application using the CWT functionality define what claims have to be used. The presenter can, if necessary, be identified in one of several ways by the CWT depending upon the application requirements. If the CWT contains a "sub" (subject) claim [CWT], the presenter is the subject identified by the CWT. In some cases, there CWT may not include a "sub" claim, which allows the presenter to remain anonymous. " Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Ace] "sub" and "iss" ... RE: WGLC feedback on dr… Hannes Tschofenig
- Re: [Ace] "sub" and "iss" ... RE: WGLC feedback o… Roman Danyliw
- Re: [Ace] "sub" and "iss" ... RE: WGLC feedback o… Mike Jones