IETF Logo Mail Archive

Re: [Ace] WGLC for draft-ietf-ace-authz

Olaf Bergmann <bergmann@tzi.org> Thu, 25 October 2018 08:45 UTC

Return-Path: <bergmann@tzi.org>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9427D130E18 for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 01:45:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PgxJBsG4Ij1E for <ace@ietfa.amsl.com>; Thu, 25 Oct 2018 01:45:54 -0700 (PDT)
Received: from smtp.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06AFA12F1AC for <ace@ietf.org>; Thu, 25 Oct 2018 01:45:54 -0700 (PDT)
Received: from wangari.tzi.org (dynamic-218-j.informatik.uni-bremen.de [134.102.218.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.uni-bremen.de (Postfix) with ESMTPSA id 52159206D9; Thu, 25 Oct 2018 10:45:52 +0200 (CEST)
From: Olaf Bergmann <bergmann@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
Cc: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
References: <065b01d45f4e$b8d372a0$2a7a57e0$@augustcellars.com> <SN6PR00MB0301580A2D802AB0F559A170F5F70@SN6PR00MB0301.namprd00.prod.outlook.com> <3B32C31E-11C3-4808-82DC-3C75C949A0E9@tzi.org>
Date: Thu, 25 Oct 2018 10:45:52 +0200
In-Reply-To: <3B32C31E-11C3-4808-82DC-3C75C949A0E9@tzi.org> (Carsten Bormann's message of "Thu, 25 Oct 2018 07:33:38 +0200")
Message-ID: <877ei6tnwf.fsf@tzi.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/vzFFYmq-o5mh2EGnUDItbxEyx7k>
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 08:45:57 -0000

Carsten Bormann <cabo@tzi.org> writes:

> +1 for making all the CWT-like structures into real CWTs.

Not every key/value-pair encoded as CBOR is automatically a CWT. What
happens here is that we are trying to force every protocol element that
is required to solve an application-specific problem to fit into
existing registered OAuth elements. As already pointed out by Mike, this
does not work well because ACE is different from vanilla OAuth.

The best solution I can imagine to conserve precious number space is to
use the media type (Content-Format in CoAP) as differientiator and use
CWT-numbers only for things that are CWTs

Grüße
Olaf

v2.23.0 | Report a Bug | By Email