IETF Logo Mail Archive

Re: Adding user@ to HTTP[S] URIs

Rick van Rein <rick@openfortress.nl> Mon, 27 January 2020 12:24 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B37EC12008D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 Jan 2020 04:24:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=openfortress.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUJVicTexJV2 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 27 Jan 2020 04:24:11 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4006F1200DF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 27 Jan 2020 04:24:11 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1iw3Q7-0003dp-Vz for ietf-http-wg-dist@listhub.w3.org; Mon, 27 Jan 2020 12:23:12 +0000
Resent-Date: Mon, 27 Jan 2020 12:23:11 +0000
Resent-Message-Id: <E1iw3Q7-0003dp-Vz@frink.w3.org>
Received: from mimas.w3.org ([2603:400a:ffff:804:801e:34:0:4f]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <rick@openfortress.nl>) id 1iw3Q6-0003d4-C9 for ietf-http-wg@listhub.w3.org; Mon, 27 Jan 2020 12:23:10 +0000
Received: from lb3-smtp-cloud9.xs4all.net ([194.109.24.30]) by mimas.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <rick@openfortress.nl>) id 1iw3Q2-0003l6-PB for ietf-http-wg@w3.org; Mon, 27 Jan 2020 12:23:10 +0000
Received: from popmini.vanrein.org ([83.161.146.46]) by smtp-cloud9.xs4all.net with ESMTP id w3PyiL2HIT6sRw3Pzi7rwx; Mon, 27 Jan 2020 13:23:03 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openfortress.nl; i=rick@openfortress.nl; q=dns/txt; s=fame; t=1580127773; h=message-id : date : from : mime-version : to : cc : subject : references : in-reply-to : content-type : content-transfer-encoding : date : from : subject; bh=wy9xHB7HwvVvxpgL+V3oG0mp7VnY9w5PFVN49sPz/jM=; b=RXYwG/m2l9oqYEkV4xP6e74KYCvc+KfSbkajYyWsYbgF5g0EffcWJfV1 tNJ0RHYx5wunKiw27SuGBeY65BgvfT8wEiPz+ysGOZtLt2N9UlPmqV7XRa xzZ73E2Go9k5ZlftgWEqv9EDPUzZTgB0pTJAxsL/Cr7JZAAEn7xtL6Ydo=
Received: by fame.vanrein.org (Postfix, from userid 1006) id 37ECD25695; Mon, 27 Jan 2020 12:22:41 +0000 (UTC)
Received: from airhead.local (phantom.vanrein.org [83.161.146.46]) by fame.vanrein.org (Postfix) with ESMTPA id BF62425691; Mon, 27 Jan 2020 12:22:39 +0000 (UTC)
Message-ID: <5E2ED60E.8070304@openfortress.nl>
Date: Mon, 27 Jan 2020 13:22:38 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Amos Jeffries <squid3@treenet.co.nz>
CC: ietf-http-wg@w3.org
References: <5E2B76EC.5000300@openfortress.nl> <5E2D64F3.1050807@openfortress.nl> <ee6987a1-e6a3-cc67-bb17-97cf9bf824d1@gmx.de> <5E2D75E0.5040803@openfortress.nl> <f1e3abe0-b34c-feac-ab6b-1d5f2d1e662b@treenet.co.nz>
In-Reply-To: <f1e3abe0-b34c-feac-ab6b-1d5f2d1e662b@treenet.co.nz>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=1.2.4
X-CMAE-Envelope: MS4wfKL2fgTII53TBXt4ank8ereyl3ENKuh5hly0lcaGvST7A7soHfVIzZGeqoGoIrvRoVxjAXG5ix/bID11krF0z93dK/i3qY2dsr49WCXYgCHfMCqlenxy 8lGpynQof5d7TXaPxmto2UYkDK4gufk22oirJlxrN8YrvXZQLW5BwFAXZ/roO5myTY5sgTH5hIFuBw==
Received-SPF: pass client-ip=194.109.24.30; envelope-from=rick@openfortress.nl; helo=lb3-smtp-cloud9.xs4all.net
X-W3C-Hub-Spam-Status: No, score=-4.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1iw3Q2-0003l6-PB 0faf6328b0784dae96c8a5e81f01f234
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Adding user@ to HTTP[S] URIs
Archived-At: <https://www.w3.org/mid/5E2ED60E.8070304@openfortress.nl>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37295
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi,

>> Compatibility with other protocols: You cannot copy/paste your gmail
>> address to your browser to access it as webmail.
>
> Counterpoint: I (and many, many others) cannot do that even with your
> spec change because the login to my gmail account is a name and domain
> completely different to the email address URI. A government department
> is the credentials authority - not Google or '@gmail.com'.


You are actually _making_ my point :)

The john.doe@gmail.com represents a resource according to the URI
specs.  Some HTTP implementations have forcefully tied it to
Basic/Digest authentication.  My point is that the authentication
pathway needs a completely different pathway.

In the spec, I used an example with just a username, but this line of
thinking easily extends to allowing forms like amos@jeffri.es as well.

The next step, and now I'm really warming up, is to allow the gmail
server to authenticate amos under the realm of jerffri.es.  That is
possible with these other drafts I've posted last week:

HTTP Authentication with SASL
https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/

Realm Crossover for SASL and GSS-API via Diameter
https://datatracker.ietf.org/doc/draft-vanrein-diameter-sasl/

This architecture allows you to authenticate to gmail.com with your
credential hosted at your example domain jeffr.es.

Point of order: This is a lot extra and we should not discuss it in this
thread; there are other threads and other WGs for the other specs.  I
only mention them here to answer the recurring "why" to the call for
more semantics and better separation of user names in resources and
authentication.  I hope it serves to show that this is not a frivolity.


Cheers,
 -Rick

v2.23.0 | Report a Bug | By Email