IETF Logo Mail Archive

Re: [Id-event] Thread: Clarifying use of sub and iss in SET tokens

Justin Richer <jricher@mit.edu> Tue, 07 March 2017 15:27 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 278791294F4 for <id-event@ietfa.amsl.com>; Tue, 7 Mar 2017 07:27:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cP3F2I2vts3o for <id-event@ietfa.amsl.com>; Tue, 7 Mar 2017 07:27:05 -0800 (PST)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29396129512 for <id-event@ietf.org>; Tue, 7 Mar 2017 07:27:05 -0800 (PST)
X-AuditID: 1209190f-7afff70000001915-84-58bed1471dbc
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id A7.00.06421.741DEB85; Tue, 7 Mar 2017 10:27:03 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id v27FR2Ff028772; Tue, 7 Mar 2017 10:27:03 -0500
Received: from [192.168.128.57] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v27FR1a4002673 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 7 Mar 2017 10:27:02 -0500
To: Benjamin Kaduk <bkaduk@akamai.com>, Mike Jones <Michael.Jones@microsoft.com>, "Phil Hunt (IDM)" <phil.hunt@oracle.com>
References: <4611E3C8-9772-44EA-940D-077E1EA6247F@oracle.com> <7f44a710-0545-157c-b75e-d46853cf2e06@mit.edu> <4B014CCA-BCBE-4894-9F2F-17DA2541509A@oracle.com> <1bbfcb1f-c554-3baf-e260-fbd475c803bb@mit.edu> <CY4PR21MB0504F24541054228A72FC93FF52F0@CY4PR21MB0504.namprd21.prod.outlook.com> <6e1e3988-43c7-5ac1-529d-4160ced6cc90@akamai.com>
From: Justin Richer <jricher@mit.edu>
Message-ID: <2cd1b77c-ca3c-a773-4068-21da43509e8b@mit.edu>
Date: Tue, 07 Mar 2017 10:26:56 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
In-Reply-To: <6e1e3988-43c7-5ac1-529d-4160ced6cc90@akamai.com>
Content-Type: multipart/alternative; boundary="------------4244CD4910F3228F2FC35F9F"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsUixG6nout+cV+Ewe1/FhaNmxtZLToWdDNZ 7J32icViwfxGdgcWj8lHFjB7LFnyk8mjdcdfdo+PT2+xBLBEcdmkpOZklqUW6dslcGXsPFVb sMagovviF8YGxvVqXYycHBICJhJ7+zYxdTFycQgJtDFJPHzdzArhbGCUOHXlHTuEc4tJYsni iSwgLcIC3hLtc9sZQRIiAj2MEovb57DBVfU3HQSrYhbQk1i98zsTiM0moCoxfU0LkM3BwStg JbH7kBGIySKgIrH/SQVIhahAjMTe/vtg1bwCghInZz4Bm8IpYCfxpu8O1MQwiSUtV5knMPLP QlI2C0kKwraVuDN3N5QtL9G8dTaUrSuxaNsKdmTxBYxsqxhlU3KrdHMTM3OKU5N1i5MT8/JS i3RN9HIzS/RSU0o3MYIigFOSfwfjnAbvQ4wCHIxKPLweZ/dFCLEmlhVX5h5ilORgUhLlPdUD FOJLyk+pzEgszogvKs1JLT7EKMHBrCTCm7sDKMebklhZlVqUD5OS5mBREucV12iMEBJITyxJ zU5NLUgtgsnKcHAoSfDuPw/UKFiUmp5akZaZU4KQZuLgBBnOAzR8B0gNb3FBYm5xZjpE/hSj opQ473KQhABIIqM0D64XlKAS3h42fcUoDvSKMO/0C0BVPMDkBtf9CmgwE9Bgbde9IINLEhFS Ug2MOjXnrp4PTdxhZXJgoVNagYrU67UPTZ+ulGSdqtx/ZdrstaE919/ZKrf+/7Xi30NNhcXy q5m9tl0q1O1hnsjl99fszLJv3DF/N8d/WyxwnuP0JXvms557yps2hbp96Kvrrr0z//uXl3fz b8iUssy0KRAOdq/ZMTlI6VL6jv2pMl4Nja/9clfcUWIpzkg01GIuKk4EADKswq8rAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/eoBpDRfCMVoi1PGFfrrULIptd6I>
Cc: ID Events Mailing List <id-event@ietf.org>
Subject: Re: [Id-event] Thread: Clarifying use of sub and iss in SET tokens
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2017 15:27:22 -0000

+1


On 3/6/2017 7:55 PM, Benjamin Kaduk wrote:
> On 03/06/2017 06:39 PM, Mike Jones wrote:
>>
>> Justin, I suspect you didn’t see my earlier reply to Phil’s note that 
>> you also replied to, so I’m repeating it here and sending it to you 
>> directly.  (It wouldn’t be the first time that DMARC policies caused 
>> some of my contributions to be not received by some participants. :-( )
>>
>> Agreed that this is unclear.  Duplicating information in a protocol 
>> **always** introduces an unnecessary error case – the need to define 
>> how to handle the situation in which two pieces of information that 
>> are required to be identical are different.  Information in a SET 
>> should occur at most once.
>>
>>
>
> That seems a dangerous road to tread, as it requires care in defining 
> "information" -- duplicating the same data strings at different levels 
> of the hierarchy of a JSON object may very well not be duplicating 
> information, due to the extra context provided by the hierarchy.  In 
> my mind, it's not a clear case that you should never send the same 
> name/value multiple times in different parts of an object, as 
> sometimes it is good to keep the semantic separation clear.
>
> -Ben

v2.23.0 | Report a Bug | By Email