Re: [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Ludwig Seitz <ludwig_seitz@gmx.de> Sat, 29 February 2020 14:38 UTC

Return-Path: <ludwig_seitz@gmx.de>
X-Original-To: cwt-reg-review@ietfa.amsl.com
Delivered-To: cwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D37A3A0BE2; Sat, 29 Feb 2020 06:38:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwQ0qqtsF20c; Sat, 29 Feb 2020 06:38:44 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0F6C3A0BDD; Sat, 29 Feb 2020 06:38:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1582987120; bh=4l9k+/dLmGrTCUjuW07KaRCBjV4xalfvvgXUEQ1j6PQ=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=khOX0Gk9xMIaMYID9TUSXvl28gHI53Eyvp+mHtIGfkum+3Dtgd33D0cMa0rA1NyBx smz7BwEjjuqu4lgMTgKb9r43bN/XZ/emqqjxI6pMo698V0dAZbjbWGRuBrfaG3KKga r4l+6tVil40vArp7ltou806G1tWTM29Tmi+DE900=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.1.220] ([84.217.44.37]) by mail.gmx.com (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MJE2D-1inuxr3Rf9-00KdFp; Sat, 29 Feb 2020 15:25:00 +0100
To: drafts-expert-review@iana.org, cwt-reg-review@ietf.org
Cc: "ace@ietf.org" <ace@ietf.org>, "draft-ietf-ace-oauth-authz@ietf.org" <draft-ietf-ace-oauth-authz@ietf.org>
References: <RT-Ticket-1158953@icann.org> <03f0f73f-4c82-9089-0a81-471a5fb54ba8@gmx.de> <d23d83eb-44ef-bece-cfcc-61ee5d951cd8@gmx.de> <rt-4.4.3-14831-1579299068-1542.1158953-37-0@icann.org> <rt-4.4.3-21646-1582059958-678.1158953-37-0@icann.org> <BY5PR00MB06762A9651316668A1290016F5110@BY5PR00MB0676.namprd00.prod.outlook.com> <rt-4.4.3-21645-1582065742-299.1158953-37-0@icann.org> <rt-4.4.3-11175-1582675119-1846.1158953-37-0@icann.org>
From: Ludwig Seitz <ludwig_seitz@gmx.de>
Message-ID: <4788cad0-d1dc-2947-9e17-cad4f2147a7b@gmx.de>
Date: Sat, 29 Feb 2020 15:24:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <rt-4.4.3-11175-1582675119-1846.1158953-37-0@icann.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:gzXLZYAxmB9Gz5+h8TUc7qBBXnQ8BCBEATgqLaWHD/C55CIZVnA uVfyczOuO065irWujV8J+Gl6CfGNxHV7zLTLX1NdzMY6yVZv3wGc/yt3iCXAf9cGBTZQ35o zlezkMdScz8aiw8vX3R6eRYpWvjYv7N4O6V0ezjgiI5DPMqtuVu2aCEZroSObySTGWZtQag 3/NoUsO380j1xZ8Hv6wIw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:O0CRZAQzvvI=:qAk7XgaFi+IjYbWyCudl4W k4V7AnxA4uVdST1U1HNjwt3WhRtKBWRVbxKyVeXz0hwftvk033wwAeRKMgoZf/i2UaNxCT2gR WCGvhgezQbOyEMFPLvOI0V4nyd+EBFxxnBdz+d7jHGLkuwsS13iEyU2GiYuM1A3XO5PllOyF8 RxwFnxsH/8bP5CsO24TZ1k6OYiFguxxvBqbJn8HwTs/rvdg1J7l6usHYEWcnGJKGoOyvZHyhB CzdNB1zXnustUnjczeYOH7tK7tGXTyv37OzOcfchJiMivU1qZVY+c1SjO293svkpCE4RYioi3 KBn+uxadPuhT8TlZnc3rtd1pIETGW01+Jp+ZUL6eWyEd+6DMpdyDpF4S/PBnucVXFpzZsMQmG F7HTAQ1pejpcueZ1kEG5hguRyNZizxxXajTNgCGqLcx7Ob/6Prib148CAmIZYyGW01vnArJqH +BwrnP+X1qmoTWDmJF8qxSSdlhndtR6JIRuHOUxGE8uhQc2G95BrRtL6929ByVCAs7MKDluX7 zqnivgtQ/leFNEISAXNS/KHjIZuwiXtX5nP+jSJkpfNjVuij35WYBaA57P4wFWuKuV0SAEGT4 8bNiS+zhdSe5RnRirl0QrGHu6yWp01ZU3yW35gEqHilv1C8Obn5OL7f4lOjKKJk5La5jycr/l qW94KoIlBRoFLFsREp+h76gGoyac6/TJ8GUBjg7ks56BB0rCBJ2u1e74NThvvJz2fXFRkw2yd 2hWYMxlQ9JmWv9E5EUGBGWscQXemWOdWdvWYLeOItEKcwmuk3LZIwX2pgC4mAHmCi1PpmugVd hXId2zlS3TDHhFm0SLcPIG7fCA5vS/BPYbMUZGbFoSs++x8T0yBaUpCfvQLYnshn7XTmEAsRK Zio9IR6LXfKbMqwtjz85AHABZiy/qxMueRNWAZZnuTSsjSK6upS591f6io0RCVcJBtP8E51t9 cFrfdsFvBdEWGx8ypxAZ8ULF5bL6iu//2xxZ+rIhEI9tvrI/xYg/Lp2+MPfBLObEWjpeZLtTz 6yExWvJIEEYJPV0G9VCLRGntIhtPj9Kzohe/9S9+dfQwpYeKjQEf9mHScEPDGpseFmibx8GTS EbzAhCwbQYAWMPnLNhEMwIlvH9RhrN6ea/lNl2JhV/1r30Hu0VxFNkVKCjUyEFop9T5q2lkSk ulaUNBdtTfyw+2pPszFmnriDsOW9CIqLCcKuYl5NPte2UK3TpqDV80mBUeH2kWpNjC+bUy19S 3ve9hH6kvJs6oZSa+
Archived-At: <https://mailarchive.ietf.org/arch/msg/cwt-reg-review/VZV-bPX1OYD2fndmN8PJhIhG_Mk>
Subject: Re: [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)
X-BeenThere: cwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CWT Registry Review <cwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cwt-reg-review/>
List-Post: <mailto:cwt-reg-review@ietf.org>
List-Help: <mailto:cwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cwt-reg-review>, <mailto:cwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Feb 2020 14:38:47 -0000

On 2020-02-26 00:58, Amanda Baber via RT wrote:
> Ludwig, Hannes,
>
> Can you confirm that you can make the CBOR Web Token Claim change
> requested below?
>
> We also have Chuck Mortimore listed as an expert for this registry,
> but our message to his Salesforce address bounced.
>
> Best regards,
>
> Amanda Baber Lead IANA Services Specialist
>

I strongly disagree with the assessment that the scope claim should be
pushed into the two-byte range.

The reason we introduced the scope claim is that an ACE RS typically
does not have a direct connection to the AS, and is therefore unable to
retrieve the scope of an access token from other sources than the access
token itself.  I therefore assert that ACE access tokens would often
need to contain this claim in order to inform the RS.
Since one of the major drivers of the ACE work has been to reduce the
authorization overhead (otherwise we could just have used vanilla OAuth
2.0), I find it strange to needlessly add to the overhead by making the
encoding of a frequently used claim longer than necessary.

I am willing to listen to the arguments that have lead the expert
reviewer to denying a value in the one-byte range, and discuss the
reasoning further on list.

Regards,

Ludwig


> On Tue Feb 18 22:42:22 2020, Michael.Jones@microsoft.com wrote:
>> I'm mostly OK with these registrations, however, DO NOT assign the
>> value 9 to "scope".   Rather, please put it in the two-byte range
>> - for instance, with the value 41.
>>
>> -- Mike
>>
>> -----Original Message----- From: Cwt-reg-review
>> <cwt-reg-review-bounces@ietf.org> On Behalf Of Sabrina Tanamal via
>> RT Sent: Tuesday, February 18, 2020 1:06 PM Cc:
>> cwt-reg-review@ietf.org Subject: [EXTERNAL] [Cwt-reg-review] [IANA
>> #1158953] Requested review for IANA registration in
>> draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)
>>
>> Hi all,
>>
>> Resending this request for draft-ietf-ace-oauth-authz.
>>
>> Thanks,
>>
>> Sabrina Tanamal Senior IANA Services Specialist
>>
>>> On Sat Dec 21 11:37:11 2019, ludwig_seitz@gmx.de wrote:
>>>> Hello CWT registry reviewers,
>>>>
>>>> the IESG-designated experts for the CWT claims registry have
>>>> asked me to send a review request to you about the claims
>>>> registered here:
>>>>
>>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fto
>>>>
>>>>
ols.ietf.org%2Fhtml%2Fdraft-ietf-ace-oauth-authz-29%23section-
>>>> 8.13&a
>>>> mp;data=02%7C01%7CMichael.Jones%40microsoft.com%7Ce23f64ac1ad74269c3
>>>>
>>>>
c408d7b4b65d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63717656
>>>> 7656665548&amp;sdata=r01W5Bx0gJh9ZPH8eNS%2BY765CnGq11DkknsHYQ751Dk%3
>>>>
>>>>
D&amp;reserved=0
>>>>
>>>> Thank you in advance for you review comments.
>>>>
>>>> Regards,
>>>>
>>>> Ludwig
>>>>
>>
>> _______________________________________________ Cwt-reg-review
>> mailing list Cwt-reg-review@ietf.org
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcwt-
>>
>>
reg-
>> review&amp;data=02%7C01%7CMichael.Jones%40microsoft.com%7Ce23f64ac1ad74269c3c408d7b4b65d45%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637176567656675543&amp;sdata=XxBhQmqxGkCRiBxh0PdhX2IJD8TnbwWl%2Feo8VUsHOsg%3D&amp;reserved=0
>