Re: [jose] Call for adoption

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 14 February 2013 08:04 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 674F421F8887 for <jose@ietfa.amsl.com>; Thu, 14 Feb 2013 00:04:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.732
X-Spam-Level:
X-Spam-Status: No, score=-100.732 tagged_above=-999 required=5 tests=[AWL=-0.712, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsjMiqRhBKZB for <jose@ietfa.amsl.com>; Thu, 14 Feb 2013 00:04:07 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 0133B21F8886 for <jose@ietf.org>; Thu, 14 Feb 2013 00:04:06 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.28]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0Ls6Bl-1V2yrK3lHj-013udY for <jose@ietf.org>; Thu, 14 Feb 2013 09:04:05 +0100
Received: (qmail invoked by alias); 14 Feb 2013 08:04:05 -0000
Received: from unknown (EHLO [10.255.133.10]) [194.251.119.201] by mail.gmx.net (mp028) with SMTP; 14 Feb 2013 09:04:05 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/MLLY7mEjM7ETGBCSIVCjQHPrJmirh5ymq4RWrTN j0xF2v0nEydxRz
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=windows-1252
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <CAL02cgSFe=Sphj9PL-GF56-F_G_1JtpZ2OzMW3JiFgzRCUkxTA@mail.gmail.com>
Date: Thu, 14 Feb 2013 10:03:58 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <EADF8FEF-7C0F-4C7A-8336-23AC2782B975@gmx.net>
References: <02b601ce0a17$db6c3370$92449a50$@augustcellars.com> <CAL02cgSFe=Sphj9PL-GF56-F_G_1JtpZ2OzMW3JiFgzRCUkxTA@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Cc: Jim Schaad <ietf@augustcellars.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Call for adoption
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2013 08:04:08 -0000

Hi Jim, 

I agree with Richard on the serialization documents. 

On the use cases I have a mixed view. As we have seen in the OAuth working group with use cases it is easy to get the group to add a new use case document but very difficult to get others to find reviewers to get it finished. I am not sure what the target audience would be with such a document. 

Let's assume that the audience for the document is the JOSE group. First, the requirements are not really adding a lot to the discussion since they are really basic (more or less what can be found in the charter). The use cases in Section 4 are out-of-date and are typically better described in the referenced documents. One of the four use cases is obsolete by now: the ATOCA use case is gone with the decisions from the last IETF meeting since the group entire group got trashed. ALTO IMHO does not seem to go anywhere either.

Sorry if I do not get excited anymore about the value of use case (and requirements) documents. The main challenges are that 

a) you don't want to describe use cases that relate to work where it hasn't even been decided to use the specific technology (in this case JSON), and 
b) when a use case of interest to the group is found that requires additional functionality then a new extension/solution is defined in a separate document that typically provides a better description than in the use case document itself.

Consequently, the value of separate use case document goes close to zero. 

Ciao
Hannes


On Feb 14, 2013, at 5:23 AM, Richard Barnes wrote:

> I support the adoption of the use cases draft.  Clearer use cases will help this group refine a lot of the ideas that are floating around. 
> 
> I do not support the adoption of the JSON serialization documents.  A JSON serialization should be part of the base documents. I have already made a proposal to the list for how to do this, which is essentially the same as the one in the JSON serialization documents.  It would have a small impact on the base specs, and make the base format much more usable. 
> http://www.ietf.org/mail-archive/web/jose/current/msg01465.html
> 
> --Richard
> 
> 
> 
> On Wednesday, February 13, 2013, Jim Schaad wrote:
> The chairs of the JOSE working group have dropped the ball on this (really me).
> 
>  
> 
> At the last face-to-face meeting there was a call for the following documents to become working group documents:
> 
>  
> 
> Draft-barnes-jose-use-cases – Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)
> 
>  
> 
> Draft-jones-jose-jwe-json-serialization – JSON Web Encryption JSON Serialization (JWE-JS)
> 
>  
> 
> Draft-jones-jose-jws-json-serialization – JSON Web Signature JSON Serialization (JWS-JS)
> 
>  
> 
>  
> 
> The chairs are going to assume that the working group wants to adopt these three documents as that was the overwhelming response in Atlanta.  Thus you only need to reply if you object to these documents being adopted.  This call will end 27 February.
> 
>  
> 
> (Note that we will be looking at the private key drafts during the Orlando meeting and issuing an adoption call shortly after that meeting.)
> 
>  
> 
> Jim
> 
>  
> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose