IETF Logo Mail Archive

Re: [httpapi] Link relationship types for authentication

Erik Wilde <erik.wilde@dret.net> Wed, 27 January 2021 08:03 UTC

Return-Path: <erik.wilde@dret.net>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48EF03A109A for <httpapi@ietfa.amsl.com>; Wed, 27 Jan 2021 00:03:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MGaBQoXj5DEY for <httpapi@ietfa.amsl.com>; Wed, 27 Jan 2021 00:03:24 -0800 (PST)
Received: from postoffice.gristmillmedia.com (dret.net [209.188.86.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8788A3A084D for <httpapi@ietf.org>; Wed, 27 Jan 2021 00:03:24 -0800 (PST)
Received: from 77.128.78.83.dynamic.wline.res.cust.swisscom.ch ([83.78.128.77]:55079 helo=dretpro.home) by postoffice.gristmillmedia.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <erik.wilde@dret.net>) id 1l4fnO-00058J-KM; Wed, 27 Jan 2021 03:03:22 -0500
To: Evert Pot <me@evertpot.com>, httpapi@ietf.org
References: <CAO0N9X4TTcQTk_Nrd9hYCs3wFkx6pNfsXaig7BVFzvVFQU-1+Q@mail.gmail.com> <DM6PR00MB08458672E57AACC3BB8367EEF0BC9@DM6PR00MB0845.namprd00.prod.outlook.com> <CAP9qbHXLep=+5dBxqSh829PSkKVjxcEnRn6XHWcRdgQrHc9uAA@mail.gmail.com> <e0db5e86-0b68-7b9a-b9c5-ea12745aab93@evertpot.com> <CAPBurBvUuQZigMCPHu3h5FhyNJDJauzZQdWbNR2R5yxWO9R_4w@mail.gmail.com> <4e8f45e7-298f-ac3d-4dd6-66dcadb1479a@evertpot.com>
From: Erik Wilde <erik.wilde@dret.net>
Message-ID: <f695e7a6-fc65-4def-a6a3-e29f97e0b175@dret.net>
Date: Wed, 27 Jan 2021 09:03:21 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <4e8f45e7-298f-ac3d-4dd6-66dcadb1479a@evertpot.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - postoffice.gristmillmedia.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - dret.net
X-Get-Message-Sender-Via: postoffice.gristmillmedia.com: authenticated_id: birdhouse@dret.net
X-Authenticated-Sender: postoffice.gristmillmedia.com: birdhouse@dret.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/minV4M1zRvB4MSC0kwhgIIxsKFA>
Subject: Re: [httpapi] Link relationship types for authentication
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2021 08:03:26 -0000

hello.

On 2021-01-26 23:11, Evert Pot wrote:
> On 2021-01-26 4:24 p.m., Graham Cox wrote:
>> Apologies if this has already been covered, but have you looked into 
>> the overlap between this and OpenID Connect? I'm far from an expert, 
>> but it seems that some - though not all - of the relations defined 
>> here correspond well with the actions that OIDC offer, though 
>> obviously they work in notably different ways. (The /authenticated-as/ 
>> relation doesn't have any direct mapping in OIDC that I can think of, 
>> but they others all map on to *something*)
> I'm somewhat aware of the specifications and general plumbing. The link 
> relations I'm hoping to register are extremely general though, and don't 
> impose any sort of protocols or media types.

ideally, that's the case for *all* registered link relation types. it's 
not what happens in practice, but good design would imply that link 
relation types are agnostic of implementation details, and these details 
then are established by using link relation types in a specific context, 
such as a protocol that has certain media types for passing messages around.

> For example, a browser extension might find a a link with rel="logout", 
> and render a logout button in a toolbar. It would be good to know if 
> this is fundamentally incompatible with protocols like OpenID Connect, 
> but I'm also not the person to say anything about this with confidence.

if OIDC doesn't have the model of generally applicable link relation 
types, then another possible way forward would be to change that and 
make the OIDC link relation types reusable (and register them), but that 
of course depends on the details of OIDC and how interested that 
community is to create reusable building blocks as part of their spec.

cheers,

dret.

-- 
erik wilde | mailto:erik.wilde@dret.net |
            | http://dret.net/netdret    |
            | http://twitter.com/dret    |

v2.37.1 | Report a Bug | By Email | System Status