Re: [Ace] OAuth-Authz Interop
Ludwig Seitz <ludwig.seitz@ri.se> Fri, 11 May 2018 13:06 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A32126B7E for <ace@ietfa.amsl.com>; Fri, 11 May 2018 06:06:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LckzZJDtoXdf for <ace@ietfa.amsl.com>; Fri, 11 May 2018 06:06:19 -0700 (PDT)
Received: from smtp-out11.electric.net (smtp-out11.electric.net [185.38.181.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 332C41201F2 for <ace@ietf.org>; Fri, 11 May 2018 06:06:18 -0700 (PDT)
Received: from 1fH7kV-0001fq-Vt by out11c.electric.net with emc1-ok (Exim 4.90_1) (envelope-from <ludwig.seitz@ri.se>) id 1fH7kW-0001hl-Tp; Fri, 11 May 2018 06:06:16 -0700
Received: by emcmailer; Fri, 11 May 2018 06:06:16 -0700
Received: from [194.218.146.197] (helo=sp-mail-2.sp.se) by out11c.electric.net with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.90_1) (envelope-from <ludwig.seitz@ri.se>) id 1fH7kV-0001fq-Vt; Fri, 11 May 2018 06:06:15 -0700
Received: from [192.168.0.107] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.35; Fri, 11 May 2018 15:06:15 +0200
To: Mike Jones <Michael.Jones@microsoft.com>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
References: <005601d3e622$af427100$0dc75300$@augustcellars.com> <e3cc1920-c9a7-aefa-a683-239099f32d21@ri.se> <7af7e847-bc7a-82ff-2024-7321575450d8@ri.se> <DM5PR00MB02969CC0E6E488B119028391F59A0@DM5PR00MB0296.namprd00.prod.outlook.com> <00cb01d3e891$0158b8d0$040a2a70$@augustcellars.com> <BL0PR00MB0292D757C78D626AD8806135F5980@BL0PR00MB0292.namprd00.prod.outlook.com>
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <d771fffb-b745-c1e0-afff-906b032de22d@ri.se>
Date: Fri, 11 May 2018 15:06:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <BL0PR00MB0292D757C78D626AD8806135F5980@BL0PR00MB0292.namprd00.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-3.sp.se (10.100.0.163) To sp-mail-2.sp.se (10.100.0.162)
X-Outbound-IP: 194.218.146.197
X-Env-From: ludwig.seitz@ri.se
X-Proto: esmtps
X-Revdns:
X-HELO: sp-mail-2.sp.se
X-TLS: TLSv1.2:ECDHE-RSA-AES128-SHA256:128
X-Authenticated_ID:
X-PolicySMART: 14510320
X-Virus-Status: Scanned by VirusSMART (c)
X-Virus-Status: Scanned by VirusSMART (s)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/yC6rciKSrDlM7Bf0pC6TOVm1yyo>
Subject: Re: [Ace] OAuth-Authz Interop
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 13:06:21 -0000
On 2018-05-10 22:00, Mike Jones wrote: > FYI, I haven’t seen any discussion on my review comment that these > values should be registered as CWT claims if continued alignment of > values is desired. Certainly the draft hasn’t done that. *Do people see > this alignment as valuable?* > Everything that is used as CWT claim is also registered as such, if it is not already registered. In our case that is just the "scope" claim (we will be adding a "profile" claim in the next iteration). However there are also OAuth token endpoint parameters and OAuth introspection parameters, that partially have the same names as CWT claims (and the same meaning). Those are registered in other respective registries. I have aligned the CBOR abbreviations for both claims and parameters of the same name (we obviously don't want an "aud" parameter in the access token request that abbreviates to 4 and an "aud" claim in a CWT that abbreviates to 5). Do you see any concrete mismatch in the current registrations? The IANA section has grown pretty large and an error might have slipped past our vigilance. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51
- [Ace] OAuth-Authz Interop Jim Schaad
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz
- Re: [Ace] OAuth-Authz Interop Mike Jones
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz
- Re: [Ace] OAuth-Authz Interop Jim Schaad
- Re: [Ace] OAuth-Authz Interop Mike Jones
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz
- Re: [Ace] OAuth-Authz Interop Jim Schaad
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz
- Re: [Ace] OAuth-Authz Interop Ludwig Seitz