Re: [Ace] Progressing the HTTP parameter encoding for OAuth PoP Key Distribution

Samuel Erdtman <samuel@erdtman.se> Wed, 15 August 2018 04:58 UTC

Return-Path: <samuel@erdtman.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ECE9130E66 for <ace@ietfa.amsl.com>; Tue, 14 Aug 2018 21:58:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=erdtman-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOzMSxzuzD04 for <ace@ietfa.amsl.com>; Tue, 14 Aug 2018 21:58:56 -0700 (PDT)
Received: from mail-pl0-x231.google.com (mail-pl0-x231.google.com [IPv6:2607:f8b0:400e:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4745B1271FF for <ace@ietf.org>; Tue, 14 Aug 2018 21:58:55 -0700 (PDT)
Received: by mail-pl0-x231.google.com with SMTP id j8-v6so33887pll.12 for <ace@ietf.org>; Tue, 14 Aug 2018 21:58:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=erdtman-se.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TpIovC9GU5UxPS7QEvzSRSu0kGIICavM/k+OWPfhC5A=; b=mnHP0gRm5gwMfO19LmdzG7m5CeuTO/0HCWk6zN2Sah9S249fa0ESxS+OhPEX/iXa03 bLDw4HAhqmmZpFLMXRZPGNJUeozbWWqJH8G5fLAvqv8YUIxMwSQgBN9rpRXuPWSnjW9q Q26cbg6DQVvyu4Sw4GU+6k6xWhanvRYLT+R/9rLh8auCut8gzhC7bs6TuxXJ2E/e1jWJ ry4qQZE3d3mdEE6f2Sdp8s52O2FnFqXuLuFFpb9v6sF1YzkMyKBN5pMXstrJ7Ydh8wfu pJ5Zl2if1M5c5ocOmXJocgHQRH+1gio1ZuN6iSkZYuD4VOJuxDAFN7gtG1U0wxwqllga uRQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TpIovC9GU5UxPS7QEvzSRSu0kGIICavM/k+OWPfhC5A=; b=Bh8qHKmEkgUJWzeC24vuvji7TtpUY3L3DxzncV/wV3v3U+T5KihLKR333nsoTMJ7Lh R8AtQAM0RbbVM80U+k4rE8zDtGPP5Ccv5ZVLvISUmzgpcEyMdA1khNwUtuG4NSLbXW4u OQPjmoCT5MmrKDqeZ2CDtTTAz7cbawKtkPDyWXMZDwSljjjHQMoVle01Zl/Y6ReATHJs 1IBl8MgmmyVSFhMd0IU1jLZntr4Fe8SgD9zng2kXR6ZuM2FauVIJ9O1e6jcDwh6mxida oJ9YtBHV1HpR2AtzDoq9lhHzcglwmmikAaBMSaOrVc73bjnj0g7xtg8h3NEFL9wXRpGt vIQA==
X-Gm-Message-State: AOUpUlEPxUDTJs2ikK4pTK4BC7lNR/rtP/gp464PF8i03DgI4yky7X5z d0j+M4sA5Un4rgUk8RhK+RBTK9nXE80iAzFy5Wb+UOLJXElI8g==
X-Google-Smtp-Source: AA+uWPzzBMiYEn2mtBeAROjxNWvSKOXZWaQF7KKVH54Rvy3V1Kq6SOQn0aPOLfqi6/Bs5P3vig1JEV3Fi717uNh6btQ=
X-Received: by 2002:a17:902:7845:: with SMTP id e5-v6mr22449306pln.197.1534309135399; Tue, 14 Aug 2018 21:58:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:90a:a109:0:0:0:0 with HTTP; Tue, 14 Aug 2018 21:58:54 -0700 (PDT)
In-Reply-To: <VI1PR0801MB21120EA478D0783F9FCDDC0DFA510@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB21120EA478D0783F9FCDDC0DFA510@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Samuel Erdtman <samuel@erdtman.se>
Date: Wed, 15 Aug 2018 06:58:54 +0200
Message-ID: <CAF2hCbZfrev4eY2DciPo7O1jHQJjB3x5+KByQSupFePSgn+JzA@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: oauth <oauth@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fdd4570573722e4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/z3dJMFNkffbMQ5gf68hBiiInM14>
Subject: Re: [Ace] Progressing the HTTP parameter encoding for OAuth PoP Key Distribution
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 04:58:59 -0000

Hi Hannes,

Has there been any updates to draft-ietf-oauth-pop-key-distribution? I
could not find any updated document.

Best regards
//Samuel

On Fri, Jul 20, 2018 at 7:46 PM, Hannes Tschofenig <
Hannes.Tschofenig@arm.com>; wrote:

> Hi all,
>
>
>
> after several discussions we believe that we now have a proposal for
> moving forward on this topic.
>
> We plan to update the expired draft <draft-ietf-oauth-pop-key-distribution-03>
> and
>
> (1) remove the audience parameter and replace it with a
> separately-specified resource parameter,
>
> (2) remove the alg parameter,
>
> (3) update the procedures for requesting and obtaining keying material,
>
> (4) Synchronize with the ACE and WebRTC work to make sure that their use
> cases are appropriately covered.
>
>
>
> Regarding (1): The meeting participants have decided to standardize an
> audience-alike parameter (in the form of a requested resource identifier)
> at this weeks IETF OAuth meeting. For that purpose, working group adoption
> of draft-campbell-oauth-resource-indicators is under way.  Only a
> reference to that document will be needed.
>
>
>
> Regarding (2): Removal of the alg parameter will simplify the document and
> does not appear to be necessary for the currently investigated use cases.
> This assumption will have to be verified.
>
>
>
> Regarding (3): Currently, the ACE-OAuth document and the
> <draft-ietf-oauth-pop-key-distribution-03> use different parameter names.
> Furthermore, those parameter names may be in conflict with other, already
> standardized parameter names. Hence, some parameters may need to be
> renamed. The plan is to focus on the following, minimal functionality only:
> server-side symmetric key generation and client-side public key
> registration to the AS. Furthermore, the encoding of the key transport will
> have to take the different token formats and protocols into account.
>
>
>
> This approach will allow the ACE and WebRTC work to reference the generic
> PoP key distribution document without having to specify their own duplicate
> functionality.
>
>
>
> We are planning to update <draft-ietf-oauth-pop-key-distribution-03> next
> week to have something to review.
>
>
>
> Ciao
>
> Hannes & Rifaat
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>
>