Re: [OAUTH-WG] Namespacing "type" in RAR

Vladimir Dzhuvinov <vladimir@connect2id.com> Fri, 17 July 2020 18:13 UTC

Return-Path: <vladimir@connect2id.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 974613A0A1E for <oauth@ietfa.amsl.com>; Fri, 17 Jul 2020 11:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S2blORhADx03 for <oauth@ietfa.amsl.com>; Fri, 17 Jul 2020 11:13:52 -0700 (PDT)
Received: from p3plsmtpa09-04.prod.phx3.secureserver.net (p3plsmtpa09-04.prod.phx3.secureserver.net [173.201.193.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97E533A0A1B for <oauth@ietf.org>; Fri, 17 Jul 2020 11:13:52 -0700 (PDT)
Received: from [192.168.43.133] ([212.5.158.80]) by :SMTPAUTH: with ESMTPSA id wUrljoofxPsLmwUrmjb0DR; Fri, 17 Jul 2020 11:13:52 -0700
X-CMAE-Analysis: v=2.3 cv=bM5o382Z c=1 sm=1 tr=0 a=SIc9C+CZCxIlZgaa/X0Iow==:117 a=SIc9C+CZCxIlZgaa/X0Iow==:17 a=q0rX5H01Qin5IyBaTmIA:9 a=vQagBGPUGkCqwmVu_toA:9 a=QEXdDO2ut3YA:10 a=D8lnhvtxf0AONpHuB7QA:9 a=ZVk8-NSrHBgA:10 a=30ssDGKg3p0A:10
X-SECURESERVER-ACCT: vladimir@connect2id.com
To: oauth@ietf.org
References: <E9F67961-B83D-40EF-A9CC-F3E4B495379F@mit.edu>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Autocrypt: addr=vladimir@connect2id.com; prefer-encrypt=mutual; keydata= mQENBFQZaoEBCACnP2YMDex9fnf+niLglTHGKuoypUSVKPQeKDHHeFQVzhRke+HBEZBwmA9T kZ+kEhyrNqibDPkPYVPmo23tM8mbNcTVQqpmN7NwgMpqkqcAqNsIyBtt09DjWOQVm57A3K+y uXI7SdNErdt79p2xQseOhqSC9+LgWuyh+mZsl2oFD4glFFfKSCMp2jATXrAMeGzigTnW+Xe0 tRzrwFN9zqykKxhUq9oHg1cNvoDtfxgsc9ysVHbxM/PM8o9lgj3YTQwKMBcCFclTqohji7ML fQ08eQo+acKTwC1WRzeLt9PknGt3C4TmvdCl0c1BQTTTNiF96Hu4kbaiBIbsfxJOR8+VABEB AAG0LFZsYWRpbWlyIER6aHV2aW5vdiA8dmxhZGltaXJAY29ubmVjdDJpZC5jb20+iQE+BBMB AgAoBQJUGWqBAhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAZ0vUyOqri Ql62B/wOO0s2JC/QvO6w9iSsRhCOa/JZi+wO+l01V7eGCQ1cYf1W26Y7iKiUlY4/Kz+cr69D pMtkv3UpDTGejKEfspLUxz5Vo3T4oAKbTtNtVIZL/XxH3/JhJ719Jj4eLoe9/djKkGYTX2O5 bMk8TpO1DDjbIw4r9XKI9ZIk96zlKnZvrg7Ho7oOl0ZIf8AzcvdqZEUogDwyr8uwOU+jIyux mOTthepBzXCNjjBjnc8I1//9YppAIaGJ5nnXelVVD1/dyOszogervzFNANEIOvNvCd9G5u4e s7qkDKWKY7/Lj1tF+tMrDTrOh6JqUKbGNeTUB8DlPvIoNyqHUYfBELdpw1Nd
X-Enigmail-Draft-Status: N11100
Organization: Connect2id Ltd.
Message-ID: <4ea6f9af-d67f-97df-6bae-752cf34f920c@connect2id.com>
Date: Fri, 17 Jul 2020 20:13:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <E9F67961-B83D-40EF-A9CC-F3E4B495379F@mit.edu>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000705010307040309010109"
X-CMAE-Envelope: MS4wfDBjKQSHgf2BPutvhXzzhgBMo38hRh3lfG1frCdajZuCcMvUTW3rVPFXKKWwPdArYR1iOXcefQINtKI3PpYOIlDox6XedUfOl967wFu59Fxl5FqQZZj2 bYrYe+1iwFSHH5rGx1kbUwCb8T4TI4t96dDFxgB3GSYmr2AZBjmLgGfY
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/0xuYXJkTmbcGEi1v7m-LWtMLpBY>
Subject: Re: [OAUTH-WG] Namespacing "type" in RAR
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 18:13:54 -0000

On 17/07/2020 17:38, Justin Richer wrote:
> And all that brings me to my proposal: 
>
> 4) Require all values to be defined by the AS, and encourage specification developers to use URIs for collision resistance.
>
> So officially in RAR, the AS would decide what “type” means, and nobody else. But we can also guide people who are developing general-purpose interoperable APIs to use URIs for their RAR “type” definitions. This would keep those interoperable APIs from stepping on each other, and from stepping on any locally-defined special “type” structure. But at the end of the day, the URI carries no more weight than just any other string, and the AS decides what it means and how it applies.

Define, but not publish in AS metadata?


> My argument is that this seems to have worked very, very well for scopes, and the RAR “type” is cut from similar descriptive cloth.

I would argue that it didn't work so well for scopes - the OAuth
Resource Indicators spec is a testament to that.

But one could also argue that scopes were not defined along the lines of
your proposal for "type" in RAR. In fact, RFC 6749 has no mention of
collision resistance or name spacing for scope values.


Vladimir