Re: [netconf] UserId for authentication in https-notif
Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Fri, 11 October 2019 19:42 UTC
Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEED5120096 for <netconf@ietfa.amsl.com>; Fri, 11 Oct 2019 12:42:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwMOqfCoEChG for <netconf@ietfa.amsl.com>; Fri, 11 Oct 2019 12:42:18 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::61c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57D9D12002E for <netconf@ietf.org>; Fri, 11 Oct 2019 12:42:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mTvU+phQoPPal4zRRXu4bl0E+cxgPEkbS7mZcGlJNnB7zPmzdwBAC2ULtofrr/vFpfPA4w1Ng+khaEKM+ICwqRSTgo1KU05wLwScxr1H7Inr0LywM0Q1o1GNMzNa0dA2t/xgc2AvNxhj49puNNvnTTwc3u1m0KVNJdGciCEQWCZTZxKNlzPYaZynkvOwNIBF69y3S55Pz4AUbCQr/D8J7Iy4nW+KIN8LOQrYMhLyhu7BhxMTKDkeMF4/Wvz6d80WkHiuwD2gxtW/Fd+X6IH1OglKgZm+S/8lvg3jKeLhl/eiFEV9haMGAQT7HAkUxWwL/Df7Y7k4OszXmzVb8NgAhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wzKuIpaSc64lMeZfQ+T86y0r2plbFja7PqAla5zyuKs=; b=O/GCQfPggyp3UmeE+Zu4A5sLBBU4D5BeuuXfTb+yyg1tGRrkM/eSWfePG5pqgBYyGf6zGRkTJ0jsGXo0RlwHm4PcvAg7O0Q+r3os7UPiyDgKSa0q/YtKYm7d610hlJAgXV4oeLiTXY8p5pqB1Witmqn5XNZDW94ceoaf2BHSSF0JbPgli4O/vkOg06GeBm7GdUi5ke7ncoP94YwZaYBQ8YRz1vJhfVZYuR7HV3v8WNK6Fsgfp8zmDqKijr1yj7zGFwVXN/9u1x6uG7BL9NnytKkf0pdXSwtDp37UFtRqpo5DE/dbaLOYetThzPgH2zFdP24vjKL7gsP9oyimGBSTcw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wzKuIpaSc64lMeZfQ+T86y0r2plbFja7PqAla5zyuKs=; b=Din0VHfn5Nf/YUQPA91hP5qApwqFLgm/8Idywx08bIBKeW+7qZ278oR/NGMs53UJ8aBAPYvPpqgCmtlkRGD7zhgfs1LOvr5SigUC/y1eUZKdMeGCFEdQTHi4hKvy0Bzw0sNGZFr66cQhl0RA7THLMsftTLorl2H5xogYfMGvUFY=
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6SPR00MB250.EURP190.PROD.OUTLOOK.COM (10.169.227.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Fri, 11 Oct 2019 19:42:15 +0000
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908%4]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 19:42:15 +0000
From: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
CC: Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org>, "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: [netconf] UserId for authentication in https-notif
Thread-Index: AQHVgGhAwhHAHCNTOk6mw7OMqq8oCqdV1yUA
Date: Fri, 11 Oct 2019 19:42:15 +0000
Message-ID: <20191011194214.lyqsqnqmtvpyfvf5@anna.jacobs.jacobs-university.de>
References: <VI1PR0701MB228689F4451F67AC255DEFAFF0970@VI1PR0701MB2286.eurprd07.prod.outlook.com> <82EF0CC8-3112-47C1-8DB0-94BF118E5BAC@gmail.com>
In-Reply-To: <82EF0CC8-3112-47C1-8DB0-94BF118E5BAC@gmail.com>
Reply-To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR07CA0009.eurprd07.prod.outlook.com (2603:10a6:208:ac::22) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1ec318de-c453-41b3-fc6d-08d74e831e77
x-ms-traffictypediagnostic: DB6SPR00MB250:
x-ms-exchange-purlcount: 2
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DB6SPR00MB25082AF5A281329B1B22359DE970@DB6SPR00MB250.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:4502;
x-forefront-prvs: 0187F3EA14
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(136003)(396003)(366004)(39850400004)(189003)(199004)(3450700001)(6506007)(86362001)(46003)(486006)(76176011)(99286004)(476003)(102836004)(54906003)(11346002)(316002)(786003)(446003)(52116002)(5660300002)(2906002)(256004)(14444005)(71200400001)(71190400001)(43066004)(53546011)(1076003)(66446008)(66556008)(66476007)(64756008)(386003)(66574012)(45776006)(7736002)(6916009)(6246003)(81166006)(81156014)(4326008)(25786009)(186003)(66946007)(6486002)(305945005)(8936002)(6116002)(229853002)(6306002)(8676002)(6512007)(6436002)(14454004)(1411001)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6SPR00MB250; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HLrMxYHcabEylaPTVo23peEeyJQtlmfzAoIE9mtNCBscLtHU+SKQqpPRZ5w6vrTs5/UbKny/03cyBStvuLa+OIW8/YlzfR9y8VLwrbFrdAXimZteJkj/hNC7ce64PfKXYhuhjSg0wxfOuqL7rZXEbX5NIJAhKZQqoKpmOnvMbFbWMqcjZ40NGanyvaDdv4ZH53DTkBMIfzdHDl2G0jUshfDK0qyXo6GhB4defOoVJJo7BXcT1LF+s8LjXUfMbmP7k+MnhMJHlee+N8oUor9N82ewYA82QD0cXEyVBKJz321GncJWBlVNnAJ5LqKNP58ZGDCN2yrC2LSDJVTwFruE3QXEt6sYKFosl3xpz9lGJyZ7eYanrwvvomahfHngVD6JV7Tp6hHHf70eVG0wf8CXq48EQRd8lbf/L94OFEbJXsVfxA8BKHnyd0YdzfVCC8gI
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <F29938091E625D488397C029D1C1A69A@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ec318de-c453-41b3-fc6d-08d74e831e77
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 19:42:15.6855 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3KXsw2ORlE0Da4LDejmg8jmLdaY0hWfUPJ6WPBuJ0guRp82KslUOmmHoSQv/r/xc1rsnfj8g2+wlWsYnAuIvctkqqZREs2NUG2V7gfy+ing=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6SPR00MB250
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/QnXgmyT2Q-WCcEzD6VJ1ZwZkLws>
Subject: Re: [netconf] UserId for authentication in https-notif
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 19:42:22 -0000
On Fri, Oct 11, 2019 at 12:15:01PM -0700, Mahesh Jethanandani wrote: > Hi Balasz, > > > On Oct 11, 2019, at 2:43 AM, Balázs Lengyel <balazs.lengyel=40ericsson.com@dmarc.ietf.org> wrote: > > > > Hello, > > What userId will be used to perform access control on outgoing notifications transferred via https? > > This was also discussed in an earlier thread, when Martin brought up the broader question of whether we are planning on using PUT or POST, to which URI, and authorization. > > Kent suggested that user-id will be part of http-params supported by the http client/server draft, and will be the user-id used by NACM. The example in the draft will be augmented thus: > > <receivers > xmlns="urn:ietf:params:xml:ns:yang:ietf-https-notif"> > <receiver> > <name>foo</name> > <tcp-params> > <remote-address>my-receiver.my-domain.com <http://my-receiver.my-domain.com/></remote-address> > <remote-port>443</remote-port> > </tcp-params> > <tls-params> > <server-authentication> > <ca-certs>explicitly-trusted-server-ca-certs</ca-certs> > <server-certs>explicitly-trusted-server-certs</server-certs> > </server-authentication> > </tls-params> > <http-params> > <client-identity> > <basic> > <user-id>my-name</user-id> > <password>my-passsord</password> > </basic> > </client-identity> > <path>/some/path</path> > <http-params> > </receiver> > </receivers> > Are you saying that the idea is to configure a user id on the local RC server pushing notifications to a remote receiver, i.e., the user id is by config related to the certs used to protect the communication channel? Note that RFC 7589 (NC over TLS) suggests an algorithm mapping certificates to user names. RFC 8040 (RC) also refers to this algorithm for obtaining the client identity. [Is this algorithm actually taken care of in the configuration IDs?] /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
- [netconf] UserId for authentication in https-notif Balázs Lengyel
- Re: [netconf] UserId for authentication in https-… Mahesh Jethanandani
- Re: [netconf] UserId for authentication in https-… Schönwälder
- Re: [netconf] UserId for authentication in https-… Kent Watsen
- Re: [netconf] UserId for authentication in https-… Schönwälder