IETF Logo Mail Archive

Re: [Id-event] Thread: Clarifying use of sub and iss in SET tokens

Benjamin Kaduk <bkaduk@akamai.com> Tue, 07 March 2017 01:06 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3052B129644 for <id-event@ietfa.amsl.com>; Mon, 6 Mar 2017 17:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.69
X-Spam-Level:
X-Spam-Status: No, score=-2.69 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjMYp93_5Dn4 for <id-event@ietfa.amsl.com>; Mon, 6 Mar 2017 17:06:50 -0800 (PST)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id 8BF64129565 for <id-event@ietf.org>; Mon, 6 Mar 2017 17:06:50 -0800 (PST)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id D4D4520003A; Tue, 7 Mar 2017 01:06:49 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id B067E200017; Tue, 7 Mar 2017 01:06:49 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1488848809; bh=DJD4rPXJtFmafftCIHkD9Zs7btJCHoG3zyUouc5igro=; l=9288; h=To:References:Cc:From:Date:In-Reply-To:From; b=uB2BlLNnwFP1OWn1pv0YrUVXDEw228PIrnnhxKHGCH2Z+PsmoAziHEosJF7ypgb9R 1UX8bjPi5J8o5pQBCZ+q2ur7kS2id764NRunT5U+Wydfaz6H1wyRwH58VMuGLzqP/m sFBqnHFwPoP+gqtVr8vkpffeWfsLbniJIjQbxXWs=
Received: from [172.19.17.86] (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id 148D698084; Tue, 7 Mar 2017 01:06:47 +0000 (GMT)
To: Mike Jones <Michael.Jones@microsoft.com>, Justin Richer <jricher@mit.edu>, "Phil Hunt (IDM)" <phil.hunt@oracle.com>
References: <4611E3C8-9772-44EA-940D-077E1EA6247F@oracle.com> <7f44a710-0545-157c-b75e-d46853cf2e06@mit.edu> <4B014CCA-BCBE-4894-9F2F-17DA2541509A@oracle.com> <1bbfcb1f-c554-3baf-e260-fbd475c803bb@mit.edu> <CY4PR21MB0504F24541054228A72FC93FF52F0@CY4PR21MB0504.namprd21.prod.outlook.com> <6e1e3988-43c7-5ac1-529d-4160ced6cc90@akamai.com> <CY4PR21MB0504B001DBF5BFBC1F572536F52F0@CY4PR21MB0504.namprd21.prod.outlook.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <6a4c90e0-e46d-82ec-7d60-ed6eea2a85f6@akamai.com>
Date: Mon, 06 Mar 2017 19:06:47 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <CY4PR21MB0504B001DBF5BFBC1F572536F52F0@CY4PR21MB0504.namprd21.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------F63551F1232522AEDBB82097"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/YhB2YHJdsTPIlqvtyIyEjJ2_19E>
Cc: ID Events Mailing List <id-event@ietf.org>
Subject: Re: [Id-event] Thread: Clarifying use of sub and iss in SET tokens
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 01:06:53 -0000

I can get behind that statement! :)

(Now just to make it clear in which cases they actually are required to
be identical, whether that's subject to an OOB agreement between the
parties involved, etc....)

-Ben

On 03/06/2017 07:02 PM, Mike Jones wrote:
>
> I agree that if the two pieces of information in two fields are
> allowed to be different but happen to be the same, that both fields
> should be carried in the SET with identical values.  What I was
> talking about was the case in which two fields are required to be
> identical.  That’s the case in which duplication is harmful.
>
>  
>
>                                                                 -- Mike
>
>  
>
> *From:*Benjamin Kaduk [mailto:bkaduk@akamai.com]
> *Sent:* Monday, March 6, 2017 4:55 PM
> *To:* Mike Jones <Michael.Jones@microsoft.com>; Justin Richer
> <jricher@mit.edu>; Phil Hunt (IDM) <phil.hunt@oracle.com>
> *Cc:* ID Events Mailing List <id-event@ietf.org>
> *Subject:* Re: [Id-event] Thread: Clarifying use of sub and iss in SET
> tokens
>
>  
>
> On 03/06/2017 06:39 PM, Mike Jones wrote:
>
>     Justin, I suspect you didn’t see my earlier reply to Phil’s note
>     that you also replied to, so I’m repeating it here and sending it
>     to you directly.  (It wouldn’t be the first time that DMARC
>     policies caused some of my contributions to be not received by
>     some participants. :-( )
>
>      
>
>     Agreed that this is unclear.  Duplicating information in a
>     protocol **always** introduces an unnecessary error case – the
>     need to define how to handle the situation in which two pieces of
>     information that are required to be identical are different. 
>     Information in a SET should occur at most once.
>
>      
>
>
> That seems a dangerous road to tread, as it requires care in defining
> "information" -- duplicating the same data strings at different levels
> of the hierarchy of a JSON object may very well not be duplicating
> information, due to the extra context provided by the hierarchy.  In
> my mind, it's not a clear case that you should never send the same
> name/value multiple times in different parts of an object, as
> sometimes it is good to keep the semantic separation clear.
>
> -Ben
>

v2.23.0 | Report a Bug | By Email