Re: [Ace] WGLC for draft-ietf-ace-oauth-params

Mike Jones <Michael.Jones@microsoft.com> Wed, 24 October 2018 20:49 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76951130E13 for <ace@ietfa.amsl.com>; Wed, 24 Oct 2018 13:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.47
X-Spam-Level:
X-Spam-Status: No, score=-2.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5ZruuQYGMEI for <ace@ietfa.amsl.com>; Wed, 24 Oct 2018 13:49:34 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on0709.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe56::709]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C3E4128B14 for <ace@ietf.org>; Wed, 24 Oct 2018 13:49:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jILfqa01XNAcEldprHtGRR/jVTv3hNCY3OFM/5woE9A=; b=AgANYcR2JftzBY/9tccDdfNPGpcoDVd1Lo2W/0Rfdo1QpUYUSLhs3o1nyGJuoOoi1cnIU8Cl1CVRN0Luc46NHd78E0UyiAsMenHqehIUrj888HRN9GUkfrHrheSsxVGYA4Bc38IyGf/CTByazVxGloAOk0eIprjGKvHefzuvdhs=
Received: from SN6PR00MB0301.namprd00.prod.outlook.com (52.132.117.155) by SN6PR00MB0320.namprd00.prod.outlook.com (52.132.118.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1314.0; Wed, 24 Oct 2018 20:49:32 +0000
Received: from SN6PR00MB0301.namprd00.prod.outlook.com ([fe80::e9dc:6f27:e9b3:a5b6]) by SN6PR00MB0301.namprd00.prod.outlook.com ([fe80::e9dc:6f27:e9b3:a5b6%3]) with mapi id 15.20.1313.000; Wed, 24 Oct 2018 20:49:32 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] WGLC for draft-ietf-ace-oauth-params
Thread-Index: AdRfTjn+qfbLUnxrRYOILLAcZZbLowMimzCg
Date: Wed, 24 Oct 2018 20:49:32 +0000
Message-ID: <SN6PR00MB0301ABCD934F20361EB6A02DF5F60@SN6PR00MB0301.namprd00.prod.outlook.com>
References: <065d01d45f4e$bc227690$346763b0$@augustcellars.com>
In-Reply-To: <065d01d45f4e$bc227690$346763b0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-10-24T20:49:29.7808803Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [64.71.18.60]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR00MB0320; 6:gCITnkpGEoZ4q550cNddetOa2gHKRf+d1UmqIh6pFZ0f6SXHSCGWRkqEIcq9cSYggEYJipXVuHKetmUJuBdZOUJIt0HlNxkZOlpprpn212npxZMtW5kYEs0/MD03QTvvJNS5bMGNBsX/QVmljEm/qtJ9mzsYOVXjxtX1wgoDcO7r4DtMNkcSNCuUTF9KmxiMs3gk3ZaLT1/I+qQHxrqjVKflP9wvgGRUuc28e504r20lEWS6rJYbBt0EB/3Y4mBzq54fDqZCcYuHHKo6dG7gUyT7WpbOzLkLUCF90wgdf8BlrsPCFZX/mr9wN5tPQKGd141QR4WNjN6S18PrCIQOEpqjfqqJqK/5f0xJrIzL6UoP8YCNGoXPEd9BZiA34T/4f5zJ7MLTQtSVmkgsNMa1uMQaGqQBNzh77H1cBPy0s2m+NjAhMy8Ag+iuVJMlNArEgE2nG5frFNE2bgdnA9T4CA==; 5:5NJ17f/+I1hjWdEydXe45G9VkEptrqipxeUcWFmVYD9CKO2tclXbI2gX3TXYnC/2o2x5G3wnkZ+FHjdqyeOIUTiZVU7OzQpqfh0XxtUSHvmz/g/lc269ao7MtO/pL7ovyTOs6mClKmSbDmTqtPSdo5QWrNCHiTQJPh13fuM6j/0=; 7:H5G6OndpCGeOdFd1CTbTRuhKvb00019V2f2uh8yjHYf8kaCiMM+VFYLT2UWwNf7r2JNTqCVrYHxFIMVn0VpjADnBDXvIILLM61PegKuwM+OShnE9slwQnoZwz+jqGO256J7M28cqNsaXetq2YdJFvA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 131dacea-97f6-48eb-c75f-08d639f23324
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7193020); SRVR:SN6PR00MB0320;
x-ms-traffictypediagnostic: SN6PR00MB0320:
x-microsoft-antispam-prvs: <SN6PR00MB0320BE1B0A905CF2B5584CC8F5F60@SN6PR00MB0320.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155)(28532068793085)(190501279198761)(227612066756510);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(8220027)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(93006095)(93001095)(3002001)(3231355)(944501410)(52105095)(2018427008)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(201708071742011)(7699051)(76991095); SRVR:SN6PR00MB0320; BCL:0; PCL:0; RULEID:; SRVR:SN6PR00MB0320;
x-forefront-prvs: 083526BF8A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(376002)(366004)(346002)(136003)(13464003)(199004)(189003)(22452003)(99286004)(110136005)(316002)(76176011)(6346003)(6506007)(7736002)(53546011)(10290500003)(74316002)(2900100001)(6116002)(102836004)(790700001)(3846002)(26005)(14454004)(71200400001)(8676002)(72206003)(71190400001)(5250100002)(86362001)(8936002)(2501003)(81156014)(97736004)(7696005)(68736007)(81166006)(966005)(229853002)(86612001)(6436002)(66066001)(256004)(54896002)(6306002)(106356001)(53936002)(9686003)(236005)(55016002)(14444005)(105586002)(8990500004)(5660300001)(33656002)(606006)(6246003)(186003)(478600001)(10090500001)(2906002)(446003)(486006)(11346002)(25786009)(476003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR00MB0320; H:SN6PR00MB0301.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: piV39GPLgQ+c6seCEt2uV9f8QBS7WnSjx6/Gu1UHh4rH39D8J30Du9Vumjjzoh4Wzj6of37r9l5lSi+zM9iPv5cmnkIvBNJ2bKGEiCz0gQ3spiHE/RDs1+3xTKLGXme97NWjL8K38LYbXjUereV0yYoQhQElwXTet/NvwafDN4cA7oGGNlsVTADrv2iXKlItIjB6SM6TYkt6FSFIX6f8i7heYPzd2uflJQ+LR8E8c1RIvsT4syvVKbPvOLQT59spUaYT4W+hMkfpGbW7az23H00IyF6NY3QrPXtGcw+BTBO9AkTe52FahUC+sxxMeX2ZbAce7KzzUP0UwnANgv6bT/Qef3V3U2drJIrxCCzns0A=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_SN6PR00MB0301ABCD934F20361EB6A02DF5F60SN6PR00MB0301namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 131dacea-97f6-48eb-c75f-08d639f23324
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2018 20:49:32.1480 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR00MB0320
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/_fcwpy-EB2E9MNjSdwvzSF4nsdw>
Subject: Re: [Ace] WGLC for draft-ietf-ace-oauth-params
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 20:49:39 -0000

3.1, 3.2, and 4.1, parameter definitions: None of these parameter definitions specify the syntax of the parameters defined, making understanding these quite confusing.  Yes, this is talked about later in the doc but there are not even forward references to where the definitions are completed in most cases.  Please fully specify the parameters when they are defined.



3.1 req_aud: Doesn't this duplicate the "resource" parameter defined by https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-01?  If so, please delete this parameter.  If not, say how it is different and why the differences are necessary.



5 cnf in the introspection response: Which token is being referred to by the phrase "bound to the token".  The access token?  The refresh token?  Another kind of token?  Please make this more specific.



6 CBOR Mappings.  The table contains the magic numbers 8, 17, 18, and 19.  >From what space are these numbers being allocated and what registry are they in?  Per my earlier reviews of the ace-authz spec, I believe that the ACE OAuth parameters should all be registered in the CWT Claims registry because of the possibility of them being used in signed requests in a manner analogous to https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-17.  The parameters need to be registered to avoid claim number conflicts.



Missing Examples:  The best thing you could do to help developers understand what these values are and how they use them is to add examples, just as was done in RFC 7800.  Please add examples of each of the parameters using the JSON representations of them.  Optionally, also add CBOR examples if you believe that they will convey important information to developers that the JSON example's don't.



                                                          Thank you,

                                                          -- Mike



-----Original Message-----
From: Ace <ace-bounces@ietf.org>; On Behalf Of Jim Schaad
Sent: Monday, October 8, 2018 2:35 PM
To: ace@ietf.org
Subject: [Ace] WGLC for draft-ietf-ace-oauth-params



The chairs believe that the set of documents dealing with the OAuth framework for constrained environments is nearing the point that we should

be able to advance it to the IESG for publication.   We therefore want to

have a full list of issues that need to be dealt with at the Bangkok meeting.



This starts a 2 week WGLC for draft-ietf-ace-oauth-params



We know that the following issues are outstanding:



draft-ietf-ace-oauth-params:

*  No current known issues





Jim & Roman







_______________________________________________

Ace mailing list

Ace@ietf.org<mailto:Ace@ietf.org>

https://www.ietf.org/mailman/listinfo/ace