IETF Logo Mail Archive

Re: [OAUTH-WG] We appear to still be litigating OAuth, oops

Warren Parad <wparad@rhosys.ch> Wed, 24 February 2021 11:04 UTC

Return-Path: <wparad@rhosys.ch>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C89663A13D3 for <ietf@ietfa.amsl.com>; Wed, 24 Feb 2021 03:04:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rhosys.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-UNNl547OHs for <ietf@ietfa.amsl.com>; Wed, 24 Feb 2021 03:04:52 -0800 (PST)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2936D3A13D2 for <ietf@ietf.org>; Wed, 24 Feb 2021 03:04:52 -0800 (PST)
Received: by mail-il1-x130.google.com with SMTP id g9so1365629ilc.3 for <ietf@ietf.org>; Wed, 24 Feb 2021 03:04:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhosys.ch; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iWqCBlH9sbYetg2YNZAjSd8zkk1yn20xy2RI7oTCwbg=; b=dm3drBWgz9Vt3hElnMhm7UrE0GIloo/j8CkhuuqZRM35EOGFGZ/s49/QRv4jb8ea8O A+AnRcCJk1i8Rl73jHib57BPZ09JWi5DvBmU59FY/n5rmeIfUBpwPsN65D7/qJWn+DFO woAsJVK9+pxywSUriMoNaklXkncAZfaxMA7oQi0qvR0L1vA6K80zd2ShRNOC7McsDBJU HnXx4N4cex3bXGNoF+2/Z9s/a8SL79gr8m2a2WEofzFcJS5plEJl/h/CTl9fprp8lcNh nirAylgBYVrnjqFeSs/LDPaSn8PicDa2r1wmaZlPRs4xVDjEBDGtvmRhfb8gI0Ammwsr dScw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iWqCBlH9sbYetg2YNZAjSd8zkk1yn20xy2RI7oTCwbg=; b=AYX4BEbSTySODy8PCMO5qP8giVyPO4rFZLipXfFjwZr7JMuLn4oeteFb8M3kwuaeH6 zZV1ph5GBUT9kosRdKM4oY+Rr274SrwMPEXwcH3hPWuMR7s7wYzAYYYE7SWC/tMOg3XX l2IRsyeDEb/dKVGZERyu1FA3HCZ+imhcXx/Q8NaLWjQgDetjoZhLWIX2t6/n6evXRFuP WTczd4ntYSI0HWD2MN31W+qurOfhU5giVlQwlNCeOMa72WODT12d+bXBePBR/E6EBi2K Sa7GzGg1+yO7UMb55UXxvJct3mR36tMrk625tzh9MXdu6w4Kf2jrCww4XHGVsMROC5ju 25pw==
X-Gm-Message-State: AOAM531Cd7+ZVms4I91WHPPKrmDazUfynASzvoJAx//r4lLLbEguRbgJ JG43eorAhkq4CowGGdTOLINlBsB51rJmV92tOCce
X-Google-Smtp-Source: ABdhPJwWd0euqp01Ne8FmpMFvbmfckXX69MQPPJ3kFhjsLHA16xhHKVQPMyYcm5L5k2RFAa7FPO9DbmF0gs6naT3m5U=
X-Received: by 2002:a05:6e02:1a29:: with SMTP id g9mr22767810ile.54.1614164691037; Wed, 24 Feb 2021 03:04:51 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwgbK3HYDjSHnTN3f6hWSQCQrEjHLNn6z0JpfY7hdxaQpg@mail.gmail.com> <A8128346-B557-472F-B94F-8F624F955FCE@manicode.com> <eb2eaaa7-7f7e-4170-ab87-1cc1fdd3359b@www.fastmail.com> <CAJot-L0PS_3LxEkC-jd1aqXDdYF+z8BajSs4Rhx3LgRPn6wkdQ@mail.gmail.com> <DAB127D7-809F-4EC2-A043-9B15E2DB8E07@tzi.org>
In-Reply-To: <DAB127D7-809F-4EC2-A043-9B15E2DB8E07@tzi.org>
From: Warren Parad <wparad@rhosys.ch>
Date: Wed, 24 Feb 2021 12:04:40 +0100
Message-ID: <CAJot-L1e8GegjXjADRQ87tGqnSREoO4bEKLX+kPkZFsQpevGQA@mail.gmail.com>
Subject: Re: [OAUTH-WG] We appear to still be litigating OAuth, oops
To: Carsten Bormann <cabo@tzi.org>
Cc: Bron Gondwana <brong@fastmailteam.com>, Phillip Hallam-Baker <phill@hallambaker.com>, "oauth@ietf.org" <oauth@ietf.org>, ietf@ietf.org
Content-Type: multipart/alternative; boundary="00000000000004ce5305bc130194"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/2iskYAWbLAKeh3zvYgADMJB70Zs>
X-Mailman-Approved-At: Wed, 24 Feb 2021 08:40:45 -0800
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 11:04:54 -0000

I would prefer Bron to answer that question, as they are the one who
started this email thread.

However let's look at GNAP, I've honestly been struggling to understand at
least one fully documented case that GNAP supports. It seems in every
document the only thing that is clear is GNAP wants to allow "everything",
doesn't actually talk about an example.

By NxM, I assume we mean that the end user or client is free to select
whichever AS they want, in a way which the RS can verify the AS credential
and the user identity, without the RS having to (and really without the
ability to limit) which AS are allowed.

Would you agree with that statement?

Warren Parad

Founder, CTO
Secure your user data with IAM authorization as a service. Implement
Authress <https://authress.io/>.


On Wed, Feb 24, 2021 at 11:36 AM Carsten Bormann <cabo@tzi.org> wrote:

> On 2021-02-24, at 11:22, Warren Parad <wparad=40rhosys.ch@dmarc.ietf.org>
> wrote:
> >
> > Should we solve the NxM problem, and if so, how do you propose we do
> that?
>
> Let GNAP do that.
>
> Grüße, Carsten
>
>

v2.23.0 | Report a Bug | By Email