Re: [oauth-ext-review] [IANA #1146174] Expert review for nfv_token (oauth-parameters)
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 11 September 2019 08:51 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth-ext-review@ietfa.amsl.com
Delivered-To: oauth-ext-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E11B3120838 for <oauth-ext-review@ietfa.amsl.com>; Wed, 11 Sep 2019 01:51:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=vfmgXEam; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=e8LZMvxX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMASaZSNM3jt for <oauth-ext-review@ietfa.amsl.com>; Wed, 11 Sep 2019 01:51:29 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80053.outbound.protection.outlook.com [40.107.8.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13EFA1200B2 for <oauth-ext-review@ietf.org>; Wed, 11 Sep 2019 01:51:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zw+uRYF8KpeMMrSFLNs0dmTL4ME3yT2GVYCy71a++qo=; b=vfmgXEam/dWnh7JkUjTJv82y7OgEmyEGGrC1tVJ8G1EVC9ICKUym+QzZYkPLg2k+RzM5LCLcR37b5yrB4BFSL2EcERnL8rw2qmbXISO7ymCGn3kVP/CBxyXsjDAcdV/9Gj90smpkiDqWOXoIi2aTgxgI7+N7fEvPzCQF0MZzRtg=
Received: from VI1PR08CA0215.eurprd08.prod.outlook.com (2603:10a6:802:15::24) by AM6PR08MB3973.eurprd08.prod.outlook.com (2603:10a6:20b:ab::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.15; Wed, 11 Sep 2019 08:51:25 +0000
Received: from DB5EUR03FT004.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::204) by VI1PR08CA0215.outlook.office365.com (2603:10a6:802:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15 via Frontend Transport; Wed, 11 Sep 2019 08:51:24 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT004.mail.protection.outlook.com (10.152.20.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.14 via Frontend Transport; Wed, 11 Sep 2019 08:51:22 +0000
Received: ("Tessian outbound 6ca4f653aa3e:v29"); Wed, 11 Sep 2019 08:51:19 +0000
X-CR-MTA-TID: 64aa7808
Received: from 6270dc9cbd26.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.0.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 0FC537D9-72DD-4FBA-8F01-8980A18063D0.1; Wed, 11 Sep 2019 08:51:14 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp2050.outbound.protection.outlook.com [104.47.0.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 6270dc9cbd26.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Wed, 11 Sep 2019 08:51:14 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DoWkCn9bw/AevdP7MAyeaA1iOkmKkaeDLOJKT60XDQn8fwvNbO1WSK3ut+zlQ6uDE0WiPOZwtBIAPIY7I7xYup0Z2eArmBMDfKttzjYc6o/r21+/hf5V+kCi5kSrZTbjqNk/OVYG+ykSRC8QgAxJLDe1jDwMEA0yZ+coYiN1Lz4uLOw+pN5aIilh4pA0aSLFTxHuNfqR7aGGysNq+jKfPfHDV0qVDTUE/f4yKFS2Swy+F8k5z6RyWbgC8fNpPEUmyeCmVpKbaW7UoQGGgaqGM/taE5pv/q3o1vf1CZZKdMpA/2CiooD5kQuyu2OEpEy4zl4SretMFFQgPAnzhaDV5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i8WZ+dnT+5cHDz/7VM/RlSa7lxbXKXg0/Hf4CnH56yE=; b=OZkDjy55mUtKoVgow3ogBMhKx5ITsMrjoeBSbPsIlXtb5/b7bYfEbiQYgmnGi+Q406opny5sXxhERqRb/Fiq6+PZJ7MNQHmYSL8hBc4cGYfQntsViP+bZvZvEYWfdiOWs62ZVoGxR9x0qIzJWpm2EdMOAqMH2MtwigrSeKBKqd/MkHqyiHzZBmItJFyy52Ue6IM9DoJXX6KF7Y9/zl+korINMqDoxQSqTSzHBUkWkXeae3Y7ZUr2KuVflJOUJVgz+Og8hDcxqwyNwimYaTcqyiNb23PG6sm/1kmt0ItVrrKBOtWbjvgl0belZeMSbKaA23gaIXXbxQVYX/31bwFOWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i8WZ+dnT+5cHDz/7VM/RlSa7lxbXKXg0/Hf4CnH56yE=; b=e8LZMvxXu41on75fDwLdMTsXFq38bSvEkv9ssSvnuknJojZdCGzH8HVazoEDoVsGP+L4EiT3uaXn+GAR7rdyC95P8pTOhCdOXRZDUkLHcar6xuYj9ECUch/ZoCJWFRHtzy1OZxj+xBcdx8CJF7+D+L4rzRFUh4iOsoQVVgilt2A=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.245.74) by VI1PR08MB4319.eurprd08.prod.outlook.com (20.179.26.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.13; Wed, 11 Sep 2019 08:51:12 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::75c6:eb5c:b4d5:8bed]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::75c6:eb5c:b4d5:8bed%3]) with mapi id 15.20.2241.022; Wed, 11 Sep 2019 08:51:12 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Miguel Angel Reina Ortega <MiguelAngel.ReinaOrtega@etsi.org>
CC: Sabrina Tanamal via RT <iana-prot-param-comment@iana.org>, "oauth-ext-review@ietf.org" <oauth-ext-review@ietf.org>
Thread-Topic: [IANA #1146174] Expert review for nfv_token (oauth-parameters)
Thread-Index: AQHVZ1NVSgpvQTm2/0+UjXsfRIg7pKcmKySg
Date: Wed, 11 Sep 2019 08:51:12 +0000
Message-ID: <VI1PR08MB5360B934076939AFD8E1B397FAB10@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <RT-Ticket-1146174@icann.org> <rt-4.4.3-364-1561670178-1230.1146174-9-0@icann.org> <rt-4.4.3-4604-1561670999-1173.1146174-9-0@icann.org> <rt-4.4.3-2233-1568063569-1730.1146174-9-0@icann.org>
In-Reply-To: <rt-4.4.3-2233-1568063569-1730.1146174-9-0@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 997ea68f-c30c-486b-93e6-fc51e0f9840e.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.116.176]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: c2010660-41b8-4388-7e9c-08d7369538cd
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB4319;
X-MS-TrafficTypeDiagnostic: VI1PR08MB4319:|AM6PR08MB3973:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Antispam-PRVS: <AM6PR08MB39737C2C2A38915CA4451AA0FAB10@AM6PR08MB3973.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
x-forefront-prvs: 0157DEB61B
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(136003)(346002)(39860400002)(376002)(51914003)(189003)(199004)(14444005)(5660300002)(256004)(66946007)(2906002)(11346002)(102836004)(446003)(8936002)(476003)(478600001)(6306002)(186003)(66066001)(53936002)(486006)(66556008)(26005)(14454004)(9686003)(55016002)(6246003)(6506007)(25786009)(76116006)(71200400001)(6116002)(4326008)(3846002)(6916009)(7736002)(64756008)(66476007)(66446008)(54906003)(81166006)(52536014)(229853002)(74316002)(316002)(81156014)(7696005)(6436002)(71190400001)(99286004)(86362001)(76176011)(8676002)(305945005)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB4319; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: HdAmlzU0xeOKMk9aWQR68Hx6uE39wAK5WDXHXyYVs0P7lKn3TGEJY3jfh9iiX7kdmFnWcZ19s/QCqgcfAuxLnuksjQrV7wkZhJHYZFWKDldwf9K2G/5P+Kt9xmb1sBOQdDGAXSM8Hw39TGre00YNPJwF9Usm0DVgk4yDaM6X3p5Eh+ifdKNW7LBvghuIHGvytJ23PuBY7vaQS18CydyFfBKpvU9bnIKJ+ltgQBudxFvO0DbDlusT4GhovDf1s4Ohye9Qy6dajHo3ZQMheTjmalvauqioJx5wIrrraYGuAHUwJcrqSpuFAzOqLur/hAOyOYkA/2h5fSLooum523TK0jH8Lf3mtfGyPjyg5hNhPUcbTwYT6TmewQTbJ4LsjqXjYgXOthXFgR1sEMgsVi7mFmJvEcScLpDqR2pbnnwO0c8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB4319
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT004.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(376002)(346002)(51914003)(40434004)(199004)(189003)(229853002)(446003)(11346002)(5660300002)(70206006)(6862004)(70586007)(26005)(9686003)(81166006)(81156014)(4326008)(74316002)(7736002)(47776003)(66066001)(8676002)(8936002)(305945005)(50466002)(14444005)(5024004)(356004)(186003)(7696005)(86362001)(99286004)(336012)(436003)(6506007)(2486003)(6306002)(6116002)(2906002)(33656002)(476003)(25786009)(126002)(486006)(3846002)(478600001)(26826003)(55016002)(316002)(76130400001)(54906003)(22756006)(23676004)(52536014)(76176011)(63370400001)(63350400001)(6246003)(14454004)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3973; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 0d35834b-64ae-4f47-c304-08d7369532ea
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600166)(710020)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:AM6PR08MB3973;
X-Forefront-PRVS: 0157DEB61B
X-Microsoft-Antispam-Message-Info: sXx+7xem+3f+EhEANrMKms+Kbdt3rAgkeANTR5ajFi38UYzFewsBBBYmvsRzkbU6rcCuD6eIEpRnb7i7WkaopOK+n0vldaHzv9RRcPc7O8gi3YnxbRYKlJ0x9zV6whZnud7O88CBIcVfETLNF2p7Pxx3qUAyUJizKhUZV4tZo6T1Qc0re7Nqw4RCvVKDemyhqJ4xmoc1kKxRqgL8iKlyy9TA5MNGsMkmOspuVf0VEHmYBY1i8seE398u9HS2HcKx8OZmiUuwmqZa4nIz8AnGwxlAoUySKaVt0jTfoVHDjA2j8OQnIoHstkrOqwSGn6ldr9iVUPMT2qKaVUwbGcg9u0ERq06Gm03dgmReBrA+Tuh5YCaHIcLjshDa0oqncPjGqroYh8noa4lu05mRZHiVI6uTWLvELkJRpNNmJF88x+c=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Sep 2019 08:51:22.6672 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c2010660-41b8-4388-7e9c-08d7369538cd
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3973
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth-ext-review/QBLDY90p_TM2pUpjKT8dfMCgBWE>
Subject: Re: [oauth-ext-review] [IANA #1146174] Expert review for nfv_token (oauth-parameters)
X-BeenThere: oauth-ext-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Review of proposed IANA registrations for OAuth." <oauth-ext-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth-ext-review/>
List-Post: <mailto:oauth-ext-review@ietf.org>
List-Help: <mailto:oauth-ext-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth-ext-review>, <mailto:oauth-ext-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2019 08:51:32 -0000
Hi Miguel Thanks for the registration and sorry for my slow response. The registration is fine in terms of provided parameters although the reference to the OpenID Connection specification confuses me a little bit. I do, however, have a question regarding the nfv_token parameter. I looked at your spec and, if I understand it correctly, you want to return a proof-of-possession access token in the token response. What I don't understand is why you need a new parameter for carrying the nfv_token. You could just return the PoP token in the access_token parameter. The profiling of the content of the access token, as you are doing in Section 5.5, is OK. From a quick look at your specification it appears that you have to register many other parameters with IANA as well, for example the client meta-data and the AS discovery meta-data. Am I wrong? Ciao Hannes > > On behalf of ETSI NFV ISG, I would like to submit the following > registration request for the “OAuth Parameters” registry: > > > * Parameter name: nfv_token > * Parameter usage location: Access Token Response > * Change controller: ETSI (pnns@etsi.org) > > * Specification document(s): clause 5.4 > <https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse> > of the present ETSI GS NFV-SEC > 022<https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI > _ID=54060> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- Re: [oauth-ext-review] [IANA #1146174] Expert rev… Hannes Tschofenig
- Re: [oauth-ext-review] [IANA #1146174] Expert rev… Hannes Tschofenig
- Re: [oauth-ext-review] [IANA #1146174] Expert rev… Miguel Angel Reina Ortega
- Re: [oauth-ext-review] [IANA #1146174] Expert rev… Hannes Tschofenig