Re: [Aggsrv] updated charter proposal

Salvatore Loreto <salvatore.loreto@ericsson.com> Thu, 28 February 2013 09:09 UTC

Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: aggsrv@ietfa.amsl.com
Delivered-To: aggsrv@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F368F21F84B1 for <aggsrv@ietfa.amsl.com>; Thu, 28 Feb 2013 01:09:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.172
X-Spam-Level:
X-Spam-Status: No, score=-106.172 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1hPhYqa1Q8o9 for <aggsrv@ietfa.amsl.com>; Thu, 28 Feb 2013 01:09:54 -0800 (PST)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 0A2AD21F84AF for <aggsrv@ietf.org>; Thu, 28 Feb 2013 01:09:50 -0800 (PST)
X-AuditID: c1b4fb25-b7f366d000004d10-64-512f1edd7fd9
Received: from esessmw0184.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 77.78.19728.DDE1F215; Thu, 28 Feb 2013 10:09:50 +0100 (CET)
Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0184.eemea.ericsson.se (153.88.115.82) with Microsoft SMTP Server id 8.3.279.1; Thu, 28 Feb 2013 10:09:50 +0100
Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id 7E46C2B36 for <aggsrv@ietf.org>; Thu, 28 Feb 2013 11:09:49 +0200 (EET)
Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 37A3A54591 for <aggsrv@ietf.org>; Thu, 28 Feb 2013 11:09:47 +0200 (EET)
Received: from Salvatore-Loretos-MacBook-Pro.local (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 82A77544EC for <aggsrv@ietf.org>; Thu, 28 Feb 2013 11:09:46 +0200 (EET)
Message-ID: <512F1EDC.6000008@ericsson.com>
Date: Thu, 28 Feb 2013 11:09:48 +0200
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: aggsrv@ietf.org
References: <5127BC9B.8000203@stpeter.im> <01f701ce13ab$a9def660$fd9ce320$@packetizer.com> <B9DFC9C22213DCD410DB3586@caldav.corp.apple.com> <011601ce1517$8df64080$a9e2c180$@packetizer.com>
In-Reply-To: <011601ce1517$8df64080$a9e2c180$@packetizer.com>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrELMWRmVeSWpSXmKPExsUyM+Jvje49Of1Ag2m72S1WzW5hdGD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxtUHS1kKXnJUtBx9x9rA2MvexcjJISFgInH+/EVWCFtM4sK9 9WxdjFwcQgInGSV2PtvFCuFsYJT4f6wbyrnAKPFyz0UWCOcwo0R302tmCOcMo8SLyadYQIbx CmhLnNlwjBHEZhFQlVi+5R7YEjYBM4nnD7cwg9iiAskS/x4dYYSoF5Q4OfMJWK+IgLDEiv+T gGo4OIQF9CTaHgVDzN/DKPGw9RobSA2ngK3Eh3l7wGYyA9kX5lxngbDlJba/ncMM8ZCaxNVz m8BsIQEtid6znUwTGEVmIVk3C0n7LCTtCxiZVzGy5yZm5qSXG21iBIbzwS2/VXcw3jkncohR moNFSZw33PVCgJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQbGrqBT9gES0n0stziFWddnhnUL XJczr8vZK/24Q2vVt8NXTVK6+R21nD7VTt5qubanwL3uUyF7ZecKxkylQ1dU5k7hmvxej42h u8nv7PSU7FV7r15e2+YoNkPIs2nTt7JjF2tbqla/2lTx/GLB6UWCUoc4EpRdyx5lbVstLK/n t2b+wbJk68tKLMUZiYZazEXFiQCS6kvZNQIAAA==
Subject: Re: [Aggsrv] updated charter proposal
X-BeenThere: aggsrv@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Aggregated Service Discovery \(aggsrv\)" <aggsrv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/aggsrv>, <mailto:aggsrv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/aggsrv>
List-Post: <mailto:aggsrv@ietf.org>
List-Help: <mailto:aggsrv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/aggsrv>, <mailto:aggsrv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2013 09:09:56 -0000

On 2/27/13 8:23 PM, Paul E. Jones wrote:
>> >1) Security - it still seems to me that there is a fundamental
>> >difference in security "contexts" here. In particular, the aggsrv
>> >information must only be given out to the actual "owner" of the account.
>> >The webfinger spec does have a section on access control, aggsrv would
>> >need to have much stronger language. At the very least I think you
>> >should change Section 3.3 of webfinger to include an example of an
>> >authenticated HTTP request and point out in the text that authentication
>> >is required.
> It's mentioned in the WebFinger spec (or is supposed to be) that linked
> resources might require their own authentication.  For mail server
> configuration, for example, I can fully appreciate that one might use a TLS
> connection to some other URI and use basic authentication with the user's
> email server user ID and password for authentication.  The response might be
> some JSON object that contains all of the config data.
>
just a question... how this related with the decision that WebFinger 
MUST run
on TLS?

cheers
/Salvatore