Re: [Id-event] "aud" vs. receiver issue raised in WGLC
Marius Scurtescu <mscurtescu@google.com> Mon, 23 October 2017 21:38 UTC
Return-Path: <mscurtescu@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9610413A42F for <id-event@ietfa.amsl.com>; Mon, 23 Oct 2017 14:38:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.44
X-Spam-Level:
X-Spam-Status: No, score=-2.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0KvyJqzcAko for <id-event@ietfa.amsl.com>; Mon, 23 Oct 2017 14:38:55 -0700 (PDT)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72BB813A5CF for <id-event@ietf.org>; Mon, 23 Oct 2017 14:38:55 -0700 (PDT)
Received: by mail-it0-x22e.google.com with SMTP id n195so7681817itg.2 for <id-event@ietf.org>; Mon, 23 Oct 2017 14:38:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kl//8Bz9bniiD5CN+0PEyQWx8qDW+O/1YMHU3GWCli8=; b=J+HK1fwDbWCQHrrpLRvcU96GEntGX0tuMAuGSE0+AhhPJ9iwDw5sQ7GvmBxtjMweSG VByKhAhZLpAY+0okft02fEPZx35KputXEvvdqfsUJdwDetd3BrqVGq14NIyIt9vWuqyj 6huJUoA+PD48g0d/0QtgDMHPSek3UtVNLSE5/wWoFmIywMzS8HiqG1nxpzFmewgoXoQZ Y9vDSSY3XqRF4GRshcoMq/CByJNWmkenS3qawoC2cRWJrdhYJT3JPv5r+6xJrA5pUBJi GRong40FiYpX80Q4gKKrqVci9UoYsDLzDkVIwG5kToo0qUNN8wE/5fyrhXmri0A/r0+P GSzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kl//8Bz9bniiD5CN+0PEyQWx8qDW+O/1YMHU3GWCli8=; b=X6f6gaXCw8WpWVtBBPlELT+wWDNL+H5CFrOWrW9VI9g3E0A5aGO9g32rxfevXpTyhS lZ5cvWmFCV6a7woax+wbD8jH+cc6y76t49zqcKu6cWnelYZ37vVa6UQWgF8SZMV3Y61u MfqXSPW7pihp5xV+p7XO0Or+26l06ariijmFsCWrKl0Ov4dJ90/0ONRie3VcC4dAWKp6 14G+KRzc6CdwJIAjlC0RKW2DJ14un4jkA+VYTlUTUEt6R1mlJ82ZXMsKsGiLwbRuTGdb FpqWWhD44LR9XFf2AvqzXA/zx0df1QXwJCW8DpZ6YLOqrdwswo7O7OC5WR99P/QxKD+L pktQ==
X-Gm-Message-State: AMCzsaXLWZCRLbYAC1hqAVn85F02K9kBN7eKOp6BtwckGb0SYhvhBRlN k3Pej2KbnH6XeCXFnrcW5f74qh762oBx1lT2SANrtg==
X-Google-Smtp-Source: ABhQp+Ret5lbQYqcgPw6BvX3d8TfSNnwPSG5Y+UTN0cxZyAzDjpK6TYqJhYaKiuwO009mi7+zjTjFb2oZZ4yCEThyTc=
X-Received: by 10.36.178.85 with SMTP id h21mr11883583iti.118.1508794734335; Mon, 23 Oct 2017 14:38:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.34.9 with HTTP; Mon, 23 Oct 2017 14:38:33 -0700 (PDT)
In-Reply-To: <684D9C6F-C59A-4850-9A1B-24A026278A62@oracle.com>
References: <e6649728-f94a-93f5-9885-c948a5b0ed49@gmail.com> <CAGdjJpJtfV9q2iaL-uao1b7XpQjx5uJrX=fnoM36POXLFYrqow@mail.gmail.com> <fa06137b-516f-4a57-8ed5-08cd2cc63af6@sit.fraunhofer.de> <71FA69AE-F8F6-45AB-9550-36BC9395DE32@gmail.com> <684D9C6F-C59A-4850-9A1B-24A026278A62@oracle.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Mon, 23 Oct 2017 14:38:33 -0700
Message-ID: <CAGdjJpLYxzUqOGxZ9oTLiCzZAwffTEqjxBYNtZO09nF6RnzOAA@mail.gmail.com>
To: Phil Hunt <phil.hunt@oracle.com>
Cc: ID Events Mailing List <id-event@ietf.org>
Content-Type: multipart/alternative; boundary="f403045d9a142ea019055c3da68b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/51eGm0j8kzH_cXDuwLEahWw1oGE>
Subject: Re: [Id-event] "aud" vs. receiver issue raised in WGLC
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2017 21:38:58 -0000
I think "aud" is perfectly fine. IMO it should make no difference for the Transmitter that the event is actually handled by an outsourced entity, the RP trusts that entity and the event is generated and targeted to the RP and not to the current outsourced processor. Marius On Mon, Oct 23, 2017 at 10:57 AM, Phil Hunt <phil.hunt@oracle.com> wrote: > > All, > > I am reviewing the previous feedback from WGLC and will be bringing up any > unresolved issues for quick discussion/confirmation… > > Following up on Marius and Henk’s comment, I am concerned that “aud” has a > very specific meaning and is often tied to a security domain definition. We > should not necessarily say this is the receiver though it often turns out > to be. For example a RP (“aud”) has outsourced events processing to a third > party (the so called receiver). > > I am happy with the current claim set, but maybe some text explaining that > a receiver does not have to be the aud is appropriate? I don’t see any > benefit to having a receiver claim as this could complicate processing more > than its worth. > > There are a few other comments in this thread, but this one seemed the > most unresolved. > > Phil > > > On Aug 3, 2017, at 8:03 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> > wrote: > > Hello, > > to me, the "audience" claim seems to be a good choice here. > > Viele Grüße, > > Henk > > On 08/02/2017 11:45 PM, Marius Scurtescu wrote: > > The abstract mentions "issuer" and "receiver" in the last sentence. > "receiver" does not sound right (that should be used in the context of a > transmitter), but I don't have a better suggestion. Audience? > The last paragraph of section 1 mentions "subscriber". I think it should > be either "receiver" or "audience". > The explanation for figure 1 states that the issuer denotes the > transmitter. If the issuer and the transmitter are assumed to be the same > entity, then the transmitter definition in section 1.2 should make that > clear. > Figure 3, I think the "sub" claim should be nested in the event, next to > the issuer that provides the correct context. The "iss" and "sub" > definitions in 2.1 also touch on this, providing conflicting advice. > Section 2,1, definition of "nbf". The definition says that this is the > event time. I see two problems: > - the name suggest "not before", not exactly the same as event time > - there can be multiple events > maybe this claim should be dropped? > Section 2.1, definition of "exp". Omitting this claim is the short term > solution to the confusion issue. Why not mention that and that it SHOULD > NOT be used? > Section 2.1, definition of "events". It states that all events must refer > to the same logical event. Lately in discussions we reached the conclusion > that all events in a SET should be defined in the same profile, which is a > stronger requirement. I think this definition should mention that. > Regarding events and profiles. There was a proposal to add a new claim to > uniquely identify the profile. I think we need to discuss that. > Figure 5. Maybe a signed example would be better, especially that the next > paragraph mentions that signatures or encryption should be used. > Section 4.5, second paragraph. Mentions that "nonce" is also required, but > that is not actually true. Id Tokens issued at the token endpoint for > example will not have it. I suggest we drop the whole paragraph. > Marius > On Mon, Jul 31, 2017 at 1:40 PM, Yaron Sheffer <yaronf.ietf@gmail.com < > mailto:yaronf.ietf@gmail.com <yaronf.ietf@gmail.com>>> wrote: > This is to announce working group last call on this draft > (https://urldefense.proofpoint.com/v2/url?u=https- > 3A__datatracker.ietf.org_doc_draft-2Dietf-2Dsecevent-2Dtoken_&d=DwIGaQ&c= > RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= > JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=UUydIFEV9SQ_lw_ > LNE4lvS7pQLXEZEWA2F1i7bfAuUY&s=9SIT98RlAb1C9Md1W54IRl6cxjlKfj > qT99u5-Ojw4Fw&e= <https://urldefense.proofpoint.com/v2/ > url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf- > 2Dsecevent-2Dtoken_&d=DwIGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5Y > TpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=UUydIFEV9SQ_ > lw_LNE4lvS7pQLXEZEWA2F1i7bfAuUY&s=9SIT98RlAb1C9Md1W54IRl6cxjlKfj > qT99u5-Ojw4Fw&e= >). > Please send your comments to the list. Even if you are perfectly > happy with the draft, please let us know that you support its > publication as-is by posting to the list. > Because of the summer holidays, this last call is open for 3 weeks, > until Aug. 21. > Thanks, > Dick and Yaron > _______________________________________________ > Id-event mailing list > Id-event@ietf.org <mailto:Id-event@ietf.org <Id-event@ietf.org>> > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__www.ietf.org_mailman_listinfo_id-2Devent&d=DwIGaQ&c= > RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= > JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=UUydIFEV9SQ_lw_ > LNE4lvS7pQLXEZEWA2F1i7bfAuUY&s=jX1QgcFI8umtt8pEkthXa3uL_ > TsJINLVTXORUpSDnvA&e= <https://urldefense.proofpoint. > com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_id- > 2Devent&d=DwIGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= > JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=UUydIFEV9SQ_lw_ > LNE4lvS7pQLXEZEWA2F1i7bfAuUY&s=jX1QgcFI8umtt8pEkthXa3uL_ > TsJINLVTXORUpSDnvA&e= > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www. > ietf.org_mailman_listinfo_id-2Devent&d=DwIGaQ&c= > RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= > JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=UUydIFEV9SQ_lw_ > LNE4lvS7pQLXEZEWA2F1i7bfAuUY&s=jX1QgcFI8umtt8pEkthXa3uL_ > TsJINLVTXORUpSDnvA&e= > > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www. > ietf.org_mailman_listinfo_id-2Devent&d=DwIGaQ&c= > RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r= > JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=UUydIFEV9SQ_lw_ > LNE4lvS7pQLXEZEWA2F1i7bfAuUY&s=jX1QgcFI8umtt8pEkthXa3uL_ > TsJINLVTXORUpSDnvA&e= > > > > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://www.ietf.org/mailman/listinfo/id-event > >
- [Id-event] WG Last Call for draft-ietf-secevent-t… Yaron Sheffer
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] WG Last Call for draft-ietf-seceve… John Bradley
- Re: [Id-event] WG Last Call for draft-ietf-seceve… William Denniss
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… M.Lizar@OCG
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Nat Sakimura
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Adam Dawes
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Richard Backman, Annabelle
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Richard Backman, Annabelle
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Richard Backman, Annabelle
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Marius Scurtescu
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Henk Birkholz
- [Id-event] "aud" vs. receiver issue raised in WGLC Phil Hunt
- Re: [Id-event] "aud" vs. receiver issue raised in… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt (IDM)
- Re: [Id-event] "aud" vs. receiver issue raised in… Marius Scurtescu
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt (IDM)
- Re: [Id-event] "aud" vs. receiver issue raised in… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt
- Re: [Id-event] WG Last Call for draft-ietf-seceve… Benjamin Kaduk
- Re: [Id-event] "aud" vs. receiver issue raised in… Mike Jones
- Re: [Id-event] "aud" vs. receiver issue raised in… Phil Hunt