IETF Logo Mail Archive

[nfsv4] Re: Feedback on user ID for any bis work

Chuck Lever III <chuck.lever@oracle.com> Fri, 20 September 2024 20:07 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD768C151992 for <nfsv4@ietfa.amsl.com>; Fri, 20 Sep 2024 13:07:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b="GtBATLCD"; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b="gGQ8RwKN"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9dsFt-XqOlg for <nfsv4@ietfa.amsl.com>; Fri, 20 Sep 2024 13:07:27 -0700 (PDT)
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by ietfa.amsl.com (Postfix) with ESMTP id 36342C15198B for <nfsv4@ietf.org>; Fri, 20 Sep 2024 13:07:27 -0700 (PDT)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48KItbXv007601; Fri, 20 Sep 2024 20:07:12 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=corp-2023-11-20; bh=+8iBzyN+LbUX702UdAeX1sL2mEUdx0Kq0COg0wi9x 4M=; b=GtBATLCDNAyou4OuJJdSLT49F1gpflD7MDtlAmqgKu4aeWQ6IUIyRemX3 /C6UESKOU24nP14ftltthpC9mtMdqJPxFMPM7j2rthsjLqUPn2rXvghLU6DyYNb2 FgxlSIDflHSpJv33xFAWq0i7hrvGmW/8K+Mwit+IBEuA5tZFKQzUEyALryzRKaCC +Hiw2AMKX17CRUhQ3skGJIfxciPRcbckjxiQrOUIPfrqCNfYRqj9o0tPVhseL54k SDbpLApKyzRPyGpyFo67sgClzbqMKfQsW9FyK6Y+nfgw8BMuzTG0h8E1Bo1A60+c 1+RVDOafpvt5XKxOlHZzB+DPo4k/w==
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 41n3nsqs63-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Sep 2024 20:07:11 +0000 (GMT)
Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 48KK533F008314; Fri, 20 Sep 2024 20:07:08 GMT
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 41nyfgmgmu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Sep 2024 20:07:08 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wINr/hfvOUX+j+HDoW6VQwc1NqKeOwNNtYT20CSRglN46ejFa3qdmG1oFB/9rmWJBz56AddEm9ClEa+//MliM9TSPkR0mTT8EMaWGIQTLmN87pQ4qtqcmR6Qt0IW5eTFp13wCIjhGga9TOn/w290K6fHbqYfw+PM7Kc6/UAnsTGlcDn71hxoquAZZ/lwqTW2Ti7ype8m/ogfHNRKtfidlr8hQ3ZKlXKMT1qijg72F4JzjD7xdxMC3My1/Drf+x8doW7Zhwl9im0+tiG3XvKb12QlnA/mGYZJsBLCK9sHsTDZ5ywWpT02sOgb+rutt5T+O9bZDSezbtt/xLZu+Oc91g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+8iBzyN+LbUX702UdAeX1sL2mEUdx0Kq0COg0wi9x4M=; b=sPue9wOtlbSCbUfUGtIiCTsWAvQo18siq3FySxx8211KywrP/rAiBAvDoZssIQc7S17qdH4YdQIq7Jt9WkYZYl3qEIcF3rxYrYmAimX910xXTWK4pBBf5hSCH2e41KpBv83G16ChC6a4sC3gtXBWC9SmKDunkXbS4A6TnO6Vh3qHwzKCT/1JVgGN8DBJD+1eQOMwkkeoWTu+GWc6OmsBsyHvJUj5ysXK3v5dp2YJf0NF5HrRtHd1bitvIxaS3THua5yN+vW7zeZH8sXErlgXW16J45bDc2lp+pkznO4COUdm4XqSexMulyB+a5qEYq8Rylcj3I2KKYA8m+tV5/L/4w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+8iBzyN+LbUX702UdAeX1sL2mEUdx0Kq0COg0wi9x4M=; b=gGQ8RwKNj0StD3Q8X11+jUEzYVah2LNCbnYesqmCoJW35GjIpWA27Z0tbUwliKuVmmdPAPu3ZThvsh830PBT6lPWCSru9kUdTjoUxzdkuekRKUDbZBxsDxVLevPFMzOxM5BFEmKFz/x7KKHOz+m/K3PVy+4CEnFIHxK9hSpoqOA=
Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by BY5PR10MB4388.namprd10.prod.outlook.com (2603:10b6:a03:212::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.10; Fri, 20 Sep 2024 20:07:06 +0000
Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::743a:3154:40da:cf90]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::743a:3154:40da:cf90%6]) with mapi id 15.20.8005.010; Fri, 20 Sep 2024 20:07:06 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: "Mkrtchyan, Tigran" <tigran.mkrtchyan@desy.de>
Thread-Topic: [nfsv4] Feedback on user ID for any bis work
Thread-Index: AQHa8La8LHMqdZrk2EKESDyTfr7ObbI+Z2UAgCLodYA=
Date: Fri, 20 Sep 2024 20:07:06 +0000
Message-ID: <70E9D638-5878-46CE-AB8B-5EDE4DD37884@oracle.com>
References: <EFD2C35A-9FC4-4381-82F2-475957CEE07B@cert.org> <1452890090.47955225.1723888278946.JavaMail.zimbra@z-mbx-2> <2C377184-60B5-43B3-9FAD-33F682DBAC5D@oracle.com> <1086079167.54167075.1724943726342.JavaMail.zimbra@desy.de>
In-Reply-To: <1086079167.54167075.1724943726342.JavaMail.zimbra@desy.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3776.700.51)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0PR10MB5128:EE_|BY5PR10MB4388:EE_
x-ms-office365-filtering-correlation-id: eaff7096-aaec-4b5a-41a9-08dcd9afccf1
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: PggGRfQ4D7IY4IdRCLxr5O46kAl5ZlswMuXewiEje/D9le/gg7NwSJQaZgxTHdRVutL1R4qN8ICX1n7DhK3RAQ+FIumKE55pGJynysrrhqi+XNKsz0L49bLWQblkeruxS8V6WN8bb2zump5xgD1jh/RnPS7lJInkTH25nHIaDa3t8hWDHisNgyRZVpy9Pd1jC8S2tHuiJMcVZtQmahdEmZPwBsmJM2VPYXuElSstJ5iGna72at9Q3QWjm+1Pmx7dHHyG4YpdYQx38kiJVL4gAv8Vg0P3LJmbAZvwmz+m7Ctyo4n3nZwec1ysuzPWh8kZENstriVVJ3veN0BDu8EvUbCPo5u0SlBSAcq1P5u7LXYG/WbwrlyIHgLci7Ul45DHAq4MUAGMaepR3RP36LZ61jshzWQ4kEnehstsBve9MOiWWob25bIkB6rdwN8ZIOC7Bwj6wOsdVoXHNN3XzeZtsOf9/5Fhrp4/RNeplVYB59dJ9b4DxGabieF5EFD0vPpTwSIkFDTTeuYSvKRt8uPDSkVB+2o03ssj4zunpr9A4o/cfx79d3W5tZd3K3JxiRzOGqmc6NqRvnDovipd5uQpX3BQPlGdWKpd2Xrw2Rvk4S+GX5v8Z/cRsRrSlwSuN93qxpsiKWzT1TWR25tUU78cegBU5eDQjfXyYsyXIT0ktJny84XbiVmYnwWutcumDbmhHIRZdwJIn/fuHCliNNVzb07u3qctd5b8H6Z9ckevX9nINeliogf67/q29nZSPlwx6nMdzyLrih93rpNq74/k84BxKiTzSRJljLirmp0ddq7OWmmZxa2/KzNRAlbVTw7OW7lB4ASzY7myxHXfziZrf/FtW3lRSPrXi7h2dtOuj0ew0Byl6QCWRHmy6299iDftAEqXZWOek9T8+ZHt3QENBT915cetqoBdzGeCkjwfmdwdtXsH9K7grsQLBr9ZLn/qkDRmihIhrW9zaYSDYIta7J5+Y1osuRdcabJZJDOax9FYTDrH5Pp9r85n3AZaDrtodAkUKdbcc8A+2Z5h+r7BUtpF+6e95/O72FtyjWaxGimypalX341+AfptUbX0nyeTKr59dQaq9AIVcFzmkUxaBsBJ6RNi51qP/GS/LedfhOUEiMkEydqQS4PTpk4vtOdQmiEzpjdRNgSJikP3w9DNZ63H7cWe7yoJPmb+TXKDphTfkk+EyZJGiNByiwCEJe2o3gXmuNHDwSTSXAUhimpFqk1UkN5y2MgQRddA7xycorRlv1zw7gz2jmevE2MCbti1o9vAai0MX/X7CwU2uz+ezOapK1z9Ziu+5BYuF0kz5oBP+vljseGN29AxzOjajU3RUFICB52a7RgDTH8B13nkjnU7YBEfOCQ2TNNDSpzC/84=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR10MB5128.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jMj0cOlkm+CuW0uC7QyaPDFtd0YynAT5IUVKTYUrpNIsp/Hfe2hQ9rluDoPLl+fqVZdHyWjq5LXxRPWLsAABsuqWa+MUtmDPoLoTYFbzG2OK/eW4AfWh5MJL7aO6qTkjhymzAlMqWMd/QrPhLJ5dyxhon+iAr2RMhAZFIsu27B883YN9rBjVHqxxe6fc6WxtllF7mqRdWmMZfSBcUGjpJZ0kykCmln1sng6EUovYWv4AXyubwUpsUj8CrOzTgwP72pskEXWjo5nn015t7ZDuWEKFXxtUA4V6qwwQKui78+r0jXIghPIlTS+8pQsM9MqRgRhws9qXz4OWAHd3pc4G9p3jH8brbtPiE7Wwmv426W5moAqUF4yYSo3Tdayz+7btNAuvY7MbwGEH8MEZJAtGvqfFSAA8ekyc2cg/y6tUy2wW6JwORNwcI/HkwJpvwRB9P4jyAQHAAZ+sjdjmrvD5ijb9vwIVDszZX97WLPSHjfivhE7R68sebJX5Dp9syxlUBy6Aa5gNPhko+MJ81V/S8AYmolRtiW6SeJM7er1KngDxWQhn0DvamxnDKdwQH2AtlMhFSyoFOZJFvn71G1b0tj+R8JWBJWcrX5cn0EUhFPMH4pz2KsfAXQP1ZXxq8wjLJazjBXMYxr09k3JzdpvfmrObMii5Hylv2hFQF4Mvtg/RYuz+uZpkwBeXS5B8C/RDMCB1ApjH7XXUSEZEgbu3EP/ijiMVVD1FIxNFKtfv5hNzEX/51l1NQCsp9l8Y/hkFpCW3gKK9DfMpFHP9iwyyDExILhnoExX3gro3SKak48IZoneFysMat/RiadBn+27FWwp//NNkyUomOtQW9CHDOofK8CKCxHXQO/epXrTQDCx3SpBsYLaSypNfOIoeODnlH/WJjBn1UpsX0X8rbeP6Uy1FNQDBapmuNLA8jzfBppt5l9xDS6N5mUynqBzlgA6TtShlX4FDrbK2X91DOTZjaPtynptBqCeop3FH32v6HUtTQfDHH+Zh1vIn6dr4Rb3W+GgWORbrH6daD37OGN4O7WoOxHY6CbiJDnRWDXqemRiNWvhHfTsEnjlXNZR/bOdWyAIBpxYS0ijVxPddPHIxf9eI/d/48ZIM5mG+9MSVo2LV6pv3JhKWznYfT18NvNTA2gPyy/94/+S/mX5iHJ11Y2P/6aPASX8vbcjFEMhPGLnXYAsshXofLAJx2R/WWskSLna+INMbp8LUHJjVWy4hFnimw+gShrNkAERhXajKwgOSRVkLoby1yGWAwRafy2AKt4qeCpxNs4FGMCxSUp3BhaoPgNlUuCGS/FrIe3oibzrzP8hapsJckh4n9xxy0acWobacndlQ7jYhO6tfBYdWM5YHTI2SRHQdQtCRfeguqGtW/c/m0B1zhc2ASGcICBHH4HdM5+cLFSr1PKr995QMEX0wcOq9ST1vXHesRTxUo0/4zow1y5c70CTQRU/h7W5OnV8upjwln1kz0p2N/AnYf/fSwxrgeWgt7Ihx6l4ExQE5RlBhMMGkm8vDRsADMo9wiREKSO8uMsffkeIeyj9wHntNI5jbsRnWbiSR5T3Hg+EwjfZCblVnP80kh0wPnmWxwKFae2P/TCgJiSA07nzo4A==
Content-Type: text/plain; charset="utf-8"
Content-ID: <387B7415A5D64F46A147C0D55A2552D1@namprd10.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: Z9zOPW/kxuON060ZJ5ETHtYfjVYg+2weg4lX/LnXoW881CprgIxt6LeHKbJDylQXhpNa2G5Igqh91IPnChkjTmPWF2P+4UFkALFydLbhqL54lu+0h9GXeDXxcq72yIIuE8Q40S4ckSlOWYQJdIaBDQCjWPLVV9/mfgDZRk7qiT1CI53BBsyhfMtYpWy0BDYwJb57JYcP4B74gJYVyzqD1Blovfeh+qV65Oqx3Oo4uAtiuL5nuD/6qevs/45MemeRVWw7LNQh7X+Sob+/MXD27iJiI0QX6y+olQHAL2985UgZUY9A/42JimQVDhix0jsh5ahoo2ljRJI8LxrcJKZiwqHba/+lUOz539YhaGqEvo6cQ7J1/WTiaf/x2i7RjF09xOIBOcdKnOJQ+gairfjw24RyM5j+YCOxtQ1dWkbN/BD6e3/zL0u/IUHEBNbl0be+01prQn/3+ACXnqBhrj0rFG/JLIp7N6UWo3Ba/m5FpcJcsFOcVHtPzCVfFOr6OXKpKt/e3FEQ6RJcBWvPWdzLjFmImyOPxIbvh2AIoijkXglUFLqX27uX40laFFe6cpO/EN4dPrRUgQ7XVlvWW1jgNYlyaZDIrJIUubThanTfb/0=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eaff7096-aaec-4b5a-41a9-08dcd9afccf1
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2024 20:07:06.0305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ACxeDjk/hE5ZawPVMRh7L6Xsgu15XI2zYOty2KABAAIs9FoJC8fGH1VLpsBf4XDAWqkPy6Xllus1Rw/44F1vKA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB4388
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-20_09,2024-09-19_01,2024-09-02_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 bulkscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2408220000 definitions=main-2409200145
X-Proofpoint-GUID: YUhma-3NIILABwAKWKjQWKACEqJahFdE
X-Proofpoint-ORIG-GUID: YUhma-3NIILABwAKWKjQWKACEqJahFdE
Message-ID-Hash: S5RKQGC2JFYM7SC5URMNUJUIEGI2HR7O
X-Message-ID-Hash: S5RKQGC2JFYM7SC5URMNUJUIEGI2HR7O
X-MailFrom: chuck.lever@oracle.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NFSv4 <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Feedback on user ID for any bis work
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/ZUnFPKCxvFZttONiavze-0O6eTs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

> On Aug 29, 2024, at 11:02 AM, Mkrtchyan, Tigran <tigran.mkrtchyan@desy.de> wrote:
> 
> The current state is available at:
> 
> https://github.com/kofemann/rpc-sec-oidc/blob/main/draft-tigran-nfsv4-rpcsecoidc.md
> 
> It is still quite raw, but indeed, if people comment, this will give me some guidelines and momentum.

I'm told that Amazon S3 uses Oauth for authenticating REST access.

I haven't found a clear reference to this, but if it is true, then
that could help us understand what needs to be done for an RPC
authentication flavor based on Oauth/Oauth2.

https://docs.aws.amazon.com/amazonglacier/latest/dev/security-iam.html

The documentation here is interesting because it describes the
issues in terms of identity management rather than strictly as
a problem of user authentication.


There appear to be several open source implementations of S3 that
could be studied to better understand it. For example:

https://github.com/awslabs/mountpoint-s3/

And as several folks here are aware, NFS/Ganesha can gateway S3 to
NFS.

--
Chuck Lever

v2.39.1 | Report a Bug | By Email | System Status