Re: [Cwt-reg-review] [Ace] [EXTERNAL] Re: [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)
Benjamin Kaduk <kaduk@mit.edu> Wed, 11 March 2020 23:50 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: cwt-reg-review@ietfa.amsl.com
Delivered-To: cwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A2AD3A0D8C; Wed, 11 Mar 2020 16:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.362
X-Spam-Level:
X-Spam-Status: No, score=-3.362 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7yV75y9KY5LV; Wed, 11 Mar 2020 16:50:14 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87ED23A0D31; Wed, 11 Mar 2020 16:50:14 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 02BNni7r028272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Mar 2020 19:49:46 -0400
Date: Wed, 11 Mar 2020 16:49:44 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
Cc: Ludwig Seitz <ludwig_seitz@gmx.de>, "drafts-expert-review@iana.org" <drafts-expert-review@iana.org>, "cwt-reg-review@ietf.org" <cwt-reg-review@ietf.org>, "charliemortimore@gmail.com" <charliemortimore@gmail.com>, "chuck.mortimore@visa.com" <chuck.mortimore@visa.com>, "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Message-ID: <20200311234944.GL98042@kduck.mit.edu>
References: <RT-Ticket-1158953@icann.org> <03f0f73f-4c82-9089-0a81-471a5fb54ba8@gmx.de> <d23d83eb-44ef-bece-cfcc-61ee5d951cd8@gmx.de> <rt-4.4.3-14831-1579299068-1542.1158953-37-0@icann.org> <rt-4.4.3-21646-1582059958-678.1158953-37-0@icann.org> <BY5PR00MB06762A9651316668A1290016F5110@BY5PR00MB0676.namprd00.prod.outlook.com> <rt-4.4.3-21645-1582065742-299.1158953-37-0@icann.org> <rt-4.4.3-11175-1582675119-1846.1158953-37-0@icann.org> <4788cad0-d1dc-2947-9e17-cad4f2147a7b@gmx.de> <DM6PR00MB0684B6E29343D9A1D2CAC62CF5FC0@DM6PR00MB0684.namprd00.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <DM6PR00MB0684B6E29343D9A1D2CAC62CF5FC0@DM6PR00MB0684.namprd00.prod.outlook.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cwt-reg-review/NmwIaJ192Jisjn7tU8KEfAaRnAw>
Subject: Re: [Cwt-reg-review] [Ace] [EXTERNAL] Re: [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)
X-BeenThere: cwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CWT Registry Review <cwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cwt-reg-review/>
List-Post: <mailto:cwt-reg-review@ietf.org>
List-Help: <mailto:cwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2020 23:50:24 -0000
On Wed, Mar 11, 2020 at 11:39:00PM +0000, Mike Jones wrote: > [Adding correct e-mail addresses for Chuck, who recently joined Visa] > > > > There are two reasons that I believe not using up one of the scarce one-byte claim identifiers for "scope" is appropriate: > > 1. The claim values for scopes are not short themselves. They are sets of ASCII strings separated by spaces. So the percentage difference in the total claim representation from adding a single byte will typically be small.. ACE allows the scope to be a binary value and to use a different convention than space-separated for multi-value scopes. > 2. The single-byte claim identifiers already registered at https://www.iana.org/assignments/cwt/cwt.xhtml are claims that are likely to be useful to diverse sets of applications, and therefore merit the short identifiers; whereas, the scope claim is specific to the ACE OAuth protocol and not applicable to diverse sets of applications. It's reasonable to give protocol-specific claim identifiers 2-byte representations. (This point I don't have a good response for.) -Ben > > > I'd be interested to hear from the two other designated experts on my assessment of the situation: Hannes and Chuck. > > > > -- Mike > > > > -----Original Message----- > From: Cwt-reg-review <cwt-reg-review-bounces@ietf.org> On Behalf Of Ludwig Seitz > Sent: Saturday, February 29, 2020 6:25 AM > To: drafts-expert-review@iana.org; cwt-reg-review@ietf.org > Cc: draft-ietf-ace-oauth-authz@ietf.org; ace@ietf.org > Subject: [EXTERNAL] Re: [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims) > > > > On 2020-02-26 00:58, Amanda Baber via RT wrote: > > > Ludwig, Hannes, > > > > > > Can you confirm that you can make the CBOR Web Token Claim change > > > requested below? > > > > > > We also have Chuck Mortimore listed as an expert for this registry, > > > but our message to his Salesforce address bounced. > > > > > > Best regards, > > > > > > Amanda Baber Lead IANA Services Specialist > > > > > > > I strongly disagree with the assessment that the scope claim should be pushed into the two-byte range. > > > > The reason we introduced the scope claim is that an ACE RS typically does not have a direct connection to the AS, and is therefore unable to retrieve the scope of an access token from other sources than the access token itself. I therefore assert that ACE access tokens would often need to contain this claim in order to inform the RS. > > Since one of the major drivers of the ACE work has been to reduce the authorization overhead (otherwise we could just have used vanilla OAuth 2.0), I find it strange to needlessly add to the overhead by making the encoding of a frequently used claim longer than necessary. > > > > I am willing to listen to the arguments that have lead the expert reviewer to denying a value in the one-byte range, and discuss the reasoning further on list. > > > > Regards, > > > > Ludwig > > > > > > > On Tue Feb 18 22:42:22 2020, Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com> wrote: > > >> I'm mostly OK with these registrations, however, DO NOT assign the > > >> value 9 to "scope". Rather, please put it in the two-byte range > > >> - for instance, with the value 41. > > >> > > >> -- Mike > > >> > > >> -----Original Message----- From: Cwt-reg-review > > >> <cwt-reg-review-bounces@ietf.org<mailto:cwt-reg-review-bounces@ietf.org>> On Behalf Of Sabrina Tanamal via RT > > >> Sent: Tuesday, February 18, 2020 1:06 PM Cc: > > >> cwt-reg-review@ietf.org<mailto:cwt-reg-review@ietf.org> Subject: [EXTERNAL] [Cwt-reg-review] [IANA > > >> #1158953] Requested review for IANA registration in > > >> draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims) > > >> > > >> Hi all, > > >> > > >> Resending this request for draft-ietf-ace-oauth-authz. > > >> > > >> Thanks, > > >> > > >> Sabrina Tanamal Senior IANA Services Specialist > > >> > > >>> On Sat Dec 21 11:37:11 2019, ludwig_seitz@gmx.de<mailto:ludwig_seitz@gmx.de> wrote: > > >>>> Hello CWT registry reviewers, > > >>>> > > >>>> the IESG-designated experts for the CWT claims registry have asked > > >>>> me to send a review request to you about the claims registered > > >>>> here: > > >>>> > > >>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ft > > >>>> o > > >>>> > > >>>> > > ols.ietf.org%2Fhtml%2Fdraft-ietf-ace-oauth-authz-29%23section- > > >>>> 8.13&a > > >>>> mp;data=02%7C01%7CMichael.Jones%40microsoft.com%7Ce23f64ac1ad74269c > > >>>> 3 > > >>>> > > >>>> > > c408d7b4b65d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63717656 > > >>>> 7656665548&sdata=r01W5Bx0gJh9ZPH8eNS%2BY765CnGq11DkknsHYQ751Dk% > > >>>> 3 > > >>>> > > >>>> > > D&reserved=0 > > >>>> > > >>>> Thank you in advance for you review comments. > > >>>> > > >>>> Regards, > > >>>> > > >>>> Ludwig > > >>>> > > >> > > >> _______________________________________________ Cwt-reg-review > > >> mailing list Cwt-reg-review@ietf.org<mailto:Cwt-reg-review@ietf.org> > > >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > > >> .ietf.org%2Fmailman%2Flistinfo%2Fcwt- > > >> > > >> > > reg- > > >> review&data=02%7C01%7CMichael.Jones%40microsoft.com%7Ce23f64ac1ad > > >> 74269c3c408d7b4b65d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63 > > >> 7176567656675543&sdata=XxBhQmqxGkCRiBxh0PdhX2IJD8TnbwWl%2Feo8VUsH > > >> Osg%3D&reserved=0 > > > > > > > _______________________________________________ > > Cwt-reg-review mailing list > > Cwt-reg-review@ietf.org<mailto:Cwt-reg-review@ietf.org> > > https://www.ietf.org/mailman/listinfo/cwt-reg-review > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace
- [Cwt-reg-review] Requested review for IANA regist… Ludwig Seitz
- [Cwt-reg-review] Requested review for IANA regist… Ludwig Seitz
- [Cwt-reg-review] [IANA #1158949] Requested review… Sabrina Tanamal via RT
- [Cwt-reg-review] [IANA #1158953] Requested review… Sabrina Tanamal via RT
- [Cwt-reg-review] [IANA #1158949] Requested review… Sabrina Tanamal via RT
- [Cwt-reg-review] [IANA #1158953] Requested review… Sabrina Tanamal via RT
- [Cwt-reg-review] [IANA #1158953] Requested review… Sabrina Tanamal via RT
- Re: [Cwt-reg-review] [EXTERNAL] [IANA #1158953] R… Mike Jones
- Re: [Cwt-reg-review] [EXTERNAL] [IANA #1158949] R… Mike Jones
- [Cwt-reg-review] [IANA #1158949] Requested review… Sabrina Tanamal via RT
- [Cwt-reg-review] [IANA #1158953] Requested review… Amanda Baber via RT
- Re: [Cwt-reg-review] [IANA #1158953] Requested re… Ludwig Seitz
- [Cwt-reg-review] [IANA #1158953] Requested review… Sabrina Tanamal via RT
- Re: [Cwt-reg-review] [EXTERNAL] Re: [IANA #115895… Mike Jones
- Re: [Cwt-reg-review] [Ace] [EXTERNAL] Re: [IANA #… Benjamin Kaduk
- Re: [Cwt-reg-review] [EXTERNAL] Re: [IANA #115895… Chuck Mortimore
- Re: [Cwt-reg-review] [IANA #1158953] Requested re… Mike Jones
- Re: [Cwt-reg-review] [IANA #1158953] Requested re… Mike Jones
- Re: [Cwt-reg-review] [Ace] [IANA #1158953] Reques… Jim Schaad
- Re: [Cwt-reg-review] [Ace] [IANA #1158953] Reques… Hannes Tschofenig
- Re: [Cwt-reg-review] [Ace] [IANA #1158953] Reques… Jim Schaad
- Re: [Cwt-reg-review] [Ace] [IANA #1158953] Reques… Mike Jones