Re: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".
Songhaibin <haibin.song@huawei.com> Tue, 11 September 2012 01:08 UTC
Return-Path: <haibin.song@huawei.com>
X-Original-To: decade@ietfa.amsl.com
Delivered-To: decade@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9B2321F86AB for <decade@ietfa.amsl.com>; Mon, 10 Sep 2012 18:08:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.344
X-Spam-Level:
X-Spam-Status: No, score=-5.344 tagged_above=-999 required=5 tests=[AWL=1.254, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAe5J07GmnVc for <decade@ietfa.amsl.com>; Mon, 10 Sep 2012 18:08:35 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id CA82621F8653 for <DECADE@ietf.org>; Mon, 10 Sep 2012 18:08:34 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id AKN66064; Tue, 11 Sep 2012 01:08:33 +0000 (GMT)
Received: from LHREML403-HUB.china.huawei.com (10.201.5.217) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 11 Sep 2012 02:08:26 +0100
Received: from SZXEML422-HUB.china.huawei.com (10.82.67.161) by lhreml403-hub.china.huawei.com (10.201.5.217) with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 11 Sep 2012 02:08:32 +0100
Received: from SZXEML534-MBX.china.huawei.com ([169.254.2.70]) by szxeml422-hub.china.huawei.com ([10.82.67.161]) with mapi id 14.01.0323.003; Tue, 11 Sep 2012 09:08:15 +0800
From: Songhaibin <haibin.song@huawei.com>
To: Wangdanhua <wangdanhua@huawei.com>, "DECADE@ietf.org" <DECADE@ietf.org>
Thread-Topic: An open issue for "An HTTP-based DECADE Resource Protocol".
Thread-Index: Ac2CpCj8fl0YRwWDTHeBcwdmL2UFSANFW9XQ
Date: Tue, 11 Sep 2012 01:08:15 +0000
Message-ID: <E33E01DFD5BEA24B9F3F18671078951F23B2E502@szxeml534-mbx.china.huawei.com>
References: <AFD688AF30E249418739DBDC55B9C75B34D77B27@SZXEML507-MBS.china.huawei.com>
In-Reply-To: <AFD688AF30E249418739DBDC55B9C75B34D77B27@SZXEML507-MBS.china.huawei.com>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.41.123]
Content-Type: multipart/alternative; boundary="_000_E33E01DFD5BEA24B9F3F18671078951F23B2E502szxeml534mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: Re: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".
X-BeenThere: decade@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "To start the discussion on DECoupled Application Data Enroute, to discuss the in-network data storage for p2p applications and its access protocol" <decade.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/decade>, <mailto:decade-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/decade>
List-Post: <mailto:decade@ietf.org>
List-Help: <mailto:decade-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/decade>, <mailto:decade-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 01:08:37 -0000
Hi Danhua, Personally I think OAuth is a good base for the access and resource control. I realize that OAuth is also considering solutions to prevent token leaking or abuse. I think that's also useful for DECADE context. -Haibin From: decade-bounces@ietf.org [mailto:decade-bounces@ietf.org] On Behalf Of Wangdanhua Sent: Saturday, August 25, 2012 5:30 PM To: DECADE@ietf.org Subject: [decade] An open issue for "An HTTP-based DECADE Resource Protocol". Hi all, The following is one of the open issues left for "An HTTP-based DECADE Resource Protocol" (draft-wang-drp). We're looking forward to your opinions and comments. As to access and resource control, we authors once had several candidate protocols in our mind, they are Kerberos, AAA, and OAuth. 1. During the latest DECADE WG meeting in IETF 82nd Taipei, we realized that Kerberos isn't the right solution for resource control, since it works on the basis of "tickers" to allow nodes to prove their identity to one another in a secure manner. 2. As to AAA, it is mainly used in management environment. Extending the binary-value-pairs may be possible to grant network resources for data access, but a text-based protocol may be preferred. 3. OAuth 2.0 is used to grant access to the resource owner's resources from a third party without explicitly exposing the resource owner's credentials. Certain grant types can be extended for access and resource control in DECADE. In summary, we believe that OAuth2.0 seems to be the most suitable protocol for DECADE access and resource control till now. Maybe it's time for us to write a protocol using OAuth 2.0 and see what problems we may meet. Thanks a lot. Best wishes, Danhua Wang
- [decade] An open issue for "An HTTP-based DECADE … Wangdanhua
- Re: [decade] An open issue for "An HTTP-based DEC… Songhaibin
- Re: [decade] An open issue for "An HTTP-based DEC… Hongqiang Harry Liu