Re: [Jwt-reg-review] JWT claim registration review request : draft-ietf-stir-passport-shaken
Brian Campbell <bcampbell@pingidentity.com> Thu, 01 November 2018 19:57 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: jwt-reg-review@ietfa.amsl.com
Delivered-To: jwt-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E533312D4E8 for <jwt-reg-review@ietfa.amsl.com>; Thu, 1 Nov 2018 12:57:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id saZoC202VWxa for <jwt-reg-review@ietfa.amsl.com>; Thu, 1 Nov 2018 12:57:10 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BC86128BCC for <jwt-reg-review@ietf.org>; Thu, 1 Nov 2018 12:57:10 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id k17-v6so13109364ioc.4 for <jwt-reg-review@ietf.org>; Thu, 01 Nov 2018 12:57:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9spuM44brvYBLPv82sYErC+roG6NgLCJwQ2Dks0sMno=; b=Pe+72zspyhrqFlujIkjI8toSeOYfG3ZhAHM0T41ClYygGt3Xt0u+XlhrilrX1FtsW/ dJGN955aNjub+hKj/2xZXABcNfEzTkVlzhMmhEWNg+zHE4eWmHu0QvnajPqxF6SLUkhf jTEntoSwNhQtP0ytfXSZ6j7OGlZN8FU39/Er4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9spuM44brvYBLPv82sYErC+roG6NgLCJwQ2Dks0sMno=; b=cZrfPclt0Psb0HSQZX6oFT/zLqJijo8Xy5CU/yfzEXa1Qwy5mVkkwkMtKzTZETy6Nc zcDEERkLDZvqDlLqn4OKFINajl4MFzGde1EQNuULIPZ2DRnAseZqGFyi69axYHXBosgH EXTcrtJt/nzYFSHxnFyUmEyQ0bQDPiSey4xL12xazy/NI4fWw07YXwMMZjJUcjBqM3vG frpbULl39nMkopD8TXDPRjJUR/JMczcrn4K6JOEiqtVjsykjWIMKdrCt52x3cVOK2eH7 I6sPfaqhHOj6bf7iCsMhMFF2RuD0xpyPIjsaq2tWGteacd0lCPJKT9ArCcOIlYUS58Vt xZEQ==
X-Gm-Message-State: AGRZ1gLCK3msgdC3CI/yuewJhS/QcLFlb+jDBMGfaSko80ZSIJq3PRLo 6w77MMslmsIkW4r2zwqw0aaJJ0z+J4c4Yh3HxDoEP12B1luAmTqGWww7aY66t+3QuyupoCDLqaa 1zSfxcfYQCa6JfpIpcWyQ2hQkdA==
X-Google-Smtp-Source: AJdET5e4612oo8bGastKQbnoSjN0S140OaAjQY3/pM+Yk1NsN0pwX3qBSkrfrRG43F2tIlDw6lCokqrjObpbC+idv4w=
X-Received: by 2002:a6b:710b:: with SMTP id q11-v6mr5700540iog.138.1541102229298; Thu, 01 Nov 2018 12:57:09 -0700 (PDT)
MIME-Version: 1.0
References: <20181101170618.GC45914@kduck.kaduk.org>
In-Reply-To: <20181101170618.GC45914@kduck.kaduk.org>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 01 Nov 2018 13:56:42 -0600
Message-ID: <CA+k3eCSgLihY==1mQ-sKJdtuKSuVN0PjNisgvhrt1PiUZQ-5FA@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: jwt-reg-review@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f0c42805799fd236"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jwt-reg-review/O4rmJbMOZZFbi6mlVk6VHp-xUs8>
Subject: Re: [Jwt-reg-review] JWT claim registration review request : draft-ietf-stir-passport-shaken
X-BeenThere: jwt-reg-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Expert review of proposed IANA registrations for JSON Web Token \(JWT\) claims." <jwt-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jwt-reg-review/>
List-Post: <mailto:jwt-reg-review@ietf.org>
List-Help: <mailto:jwt-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jwt-reg-review>, <mailto:jwt-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 19:57:13 -0000
That's a good question, Ben. I don't think we've necessarily established normal in that regard and have maybe been somewhat inconsistent about it. In practice, registration is really the only option for a spec that wants to have a short claim name while also having some protection against name collision - even for things that are application specific and aren't wildly applicable. As such, I support registration of claim names even when they are defined in or for an application specific context. However, I'd prefer to see such names not being generic but rather to have some indicator of their specificity. These claims from draft-ietf-stir-passport-shaken do seem to fall into that category and I'd be happier if they were "shkn-att" and "shkn-ogid" or something along those lines. But like I said, we've been been rather inconsistent about that kind of thing historically as you can see with the current registrations https://www.iana.org/assignments/jwt/jwt.xhtml and so I'm somewhat hesitant to rock the boat by pushing back on these kinds of registration requests now. Especially because it's typically a PITA for the WG or whoever is making the request to make changes to their spec by the time they've gotten to the point of making a JWT claim registration request. And the downside is only that a generic looking name gets taken for a more specific context. There's nothing in the registry or registration process or guidelines that would allow for or account for usage in alternative contexts. So registration is effectively all or nothing. I'm not sure that really answers your question. But that's the best answer I've got. I'm also not sure where that leaves us with this particular request. On Thu, Nov 1, 2018 at 11:06 AM Benjamin Kaduk <kaduk@mit.edu> wrote: > The requested registrations include: > > "attest", "Attestation level as defined in SHAKEN framework" > "origid", "Originating Identifier as defined in SHAKEN" > > It seems unlikely to me that SHAKEN is the only group that will ever want > an attestation level, and probably not the only one for an originating > identifier either (though I did not read the draft yet and am going just by > the name). What are the normal considerations that the Experts are > applying about generic names and whether additional references could be > added for the claim indicating its usage in alternative contexts? > > -Ben > > _______________________________________________ > Jwt-reg-review mailing list > Jwt-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/jwt-reg-review > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [Jwt-reg-review] JWT claim registration review re… Robert Sparks
- Re: [Jwt-reg-review] JWT claim registration revie… Benjamin Kaduk
- Re: [Jwt-reg-review] JWT claim registration revie… Brian Campbell
- Re: [Jwt-reg-review] JWT claim registration revie… Benjamin Kaduk
- Re: [Jwt-reg-review] JWT claim registration revie… Mike Jones
- Re: [Jwt-reg-review] JWT claim registration revie… Benjamin Kaduk
- Re: [Jwt-reg-review] JWT claim registration revie… Brian Campbell
- Re: [Jwt-reg-review] JWT claim registration revie… Benjamin Kaduk