Re: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".

Songhaibin <> Tue, 11 September 2012 01:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9B2321F86AB for <>; Mon, 10 Sep 2012 18:08:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.344
X-Spam-Status: No, score=-5.344 tagged_above=-999 required=5 tests=[AWL=1.254, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yAe5J07GmnVc for <>; Mon, 10 Sep 2012 18:08:35 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id CA82621F8653 for <>; Mon, 10 Sep 2012 18:08:34 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.5-GA FastPath queued) with ESMTP id AKN66064; Tue, 11 Sep 2012 01:08:33 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 11 Sep 2012 02:08:26 +0100
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 11 Sep 2012 02:08:32 +0100
Received: from ([]) by ([]) with mapi id 14.01.0323.003; Tue, 11 Sep 2012 09:08:15 +0800
From: Songhaibin <>
To: Wangdanhua <>, "" <>
Thread-Topic: An open issue for "An HTTP-based DECADE Resource Protocol".
Thread-Index: Ac2CpCj8fl0YRwWDTHeBcwdmL2UFSANFW9XQ
Date: Tue, 11 Sep 2012 01:08:15 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_E33E01DFD5BEA24B9F3F18671078951F23B2E502szxeml534mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: Re: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "To start the discussion on DECoupled Application Data Enroute, to discuss the in-network data storage for p2p applications and its access protocol" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Sep 2012 01:08:37 -0000

Hi Danhua,

Personally I think OAuth is a good base for the access and resource control. I realize that OAuth is also considering solutions to prevent token leaking or abuse. I think that's also useful for DECADE context.


From: [] On Behalf Of Wangdanhua
Sent: Saturday, August 25, 2012 5:30 PM
Subject: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".

Hi all,

The following is one of the open issues left for "An HTTP-based DECADE Resource Protocol" (draft-wang-drp). We're looking forward to your opinions and comments.
As to access and resource control, we authors once had several candidate protocols in our mind, they are Kerberos, AAA, and OAuth.

1. During the latest DECADE WG meeting in IETF 82nd Taipei, we realized that Kerberos isn't the right solution for resource control, since it works on the basis of "tickers" to allow nodes to prove their identity to one another in a secure manner.
2. As to AAA, it is mainly used in management environment. Extending the binary-value-pairs may be possible to grant network resources for data access, but a text-based protocol may be preferred.
3. OAuth 2.0 is used to grant access to the resource owner's resources from a third party without explicitly exposing the resource owner's credentials. Certain grant types can be extended for access and resource control in DECADE.

In summary, we believe that OAuth2.0 seems to be the most suitable protocol for DECADE access and resource control till now. Maybe it's time for us to write a protocol using OAuth 2.0 and see what problems we may meet.

Thanks a lot.

Best wishes,
Danhua Wang