IETF Logo Mail Archive

Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access

Justin Richer <jricher@mit.edu> Sat, 23 March 2024 09:38 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83E3FC18DBA4 for <oauth@ietfa.amsl.com>; Sat, 23 Mar 2024 02:38:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NL8HbCP4ucla for <oauth@ietfa.amsl.com>; Sat, 23 Mar 2024 02:38:20 -0700 (PDT)
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2127.outbound.protection.outlook.com [40.107.212.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20472C18DBA1 for <OAuth@ietf.org>; Sat, 23 Mar 2024 02:38:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TSuW8t/+JmL31aWRXeFEcjbKnYW+s11rY5++A3lYauRP70QSzkworm1z9CYTcrFaYmyUf7Jc9lmd80tGnvWLsdskBTDkWoVOzmxcCDV68FTkvRop6YuMU6hkUcNr77VkUovqmEDWQLH579XQVCqzVLjL7gUz2Oh6F/sqoqsqc93Q9+ax6kx7M3DyBRt7inR6Udqa8VABXYhXpaEa8/Htu6d0l6Wa0sOpuwg46psihbfQK63i06CqzWqP+J0FA0a337aQkhThHuGoHSgsxgwA8/Tt+1rJWcDuFhloaiTHI1xt4DfG9oiBNgsaCVk7cZ9Au2DV8G+jJRi+BSotub+2Yw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+LNCz6ZP8hD1YrpVyhIDAKPnPVorOmgToHfh3DYvHCE=; b=fZQjqU8JGbFW6lIGEoFy+ysd6wS/2Jwyf/b7Ubfqyw35l0RgClLsrymc8FCrsdMmkkz/cZN17ouEKJYc4+KqlxpqpFH/9BTeGAT1sis7jUZa1oDHruTqVvxc+9XWAscmwCyRP4YQ7kTpnob6dtZxUHWIBv7ecT9cgskPmEhi3deCOyt0eNsaGcWluC0Iqz9CMIPIQJ5JHeeVILIq3sxFKs6BU4ZO7teDyMEw9dKooLuqklENQLcZBX7kptR8OgKPQnVaVunEhybRTenAK4EU1B8VALIq2EAK6ITQI2v+sfPLJ+g8W0UY7t2/SNYU1uLIMhuAa1EflNHJltNqBNbNGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+LNCz6ZP8hD1YrpVyhIDAKPnPVorOmgToHfh3DYvHCE=; b=mJOLHGxkCSmzAzeiTshb8tJYFMwik7mk/uLeltMESl115i9fu+lE8g+jy7JfYZ7e7NYIw4xkyqoRZIax4n0oJFdxLHpS6MToMpNMAVIMmh4RDjPFhcAWucRW8r2RP2YWy3pMJyjRDacUE3hy/15qKmvztaXppH0BPqvxv0OhJbo=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SJ0PR01MB8144.prod.exchangelabs.com (2603:10b6:a03:4e9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.24; Sat, 23 Mar 2024 09:38:16 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef%3]) with mapi id 15.20.7409.026; Sat, 23 Mar 2024 09:38:15 +0000
From: Justin Richer <jricher@mit.edu>
To: jiangcheng <jiangcheng612@163.com>, "OAuth@ietf.org" <OAuth@ietf.org>
CC: zhangjl382 <zhangjl382@chinaunicom.cn>, jill32 <jill32@chinaunicom.cn>
Thread-Topic: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access
Thread-Index: AQHaemfes9NvxzqvNECmft7shf29sbFFFOJY
Date: Sat, 23 Mar 2024 09:38:15 +0000
Message-ID: <LV8PR01MB8677E37852D44BF495B13FABBD302@LV8PR01MB8677.prod.exchangelabs.com>
References: <eb5d039.2726.18e5985d157.Coremail.jiangcheng612@163.com>
In-Reply-To: <eb5d039.2726.18e5985d157.Coremail.jiangcheng612@163.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SJ0PR01MB8144:EE_
x-ms-office365-filtering-correlation-id: fa191293-45a2-48d3-7ed4-08dc4b1cf72d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9WHI63W5Gshc1G1IhziDQKDS3jRDwDti34qSczhf0cHNz5gz/k31T8FND1b8BfxiZ9h8HH6ugJkkrEv716LeWD1J8Vwe14/fVxwT+iGI4hzL0RUQb3TMQFxu4eEmzi+XXHOhW36dP2Oh1CFwU2WWkm0gMgbZXk5TLYy+TzaZAmyvUwTZaQs6GTLbrBgCvOfqfla1rQs5sJtPxTiYOZ++F7gG4imT8BiYAW+wmklTI7XwMKr5NVE77+sdqH1tV2vsBiM7o5keE7UX9ZT5gT7JXvldtwqnbzLgrNn0m5+Jo4Tp3Ngr5Jv9o6yW/nuXWkvdS6e13eA5dePYM8XbKmT7XOnXizmNLhhECMNPRKNKwwToR2IyHX+Ba/0DBt1zgFoyQClJ3J4byTHKZ7LuUsGueS/FOhxb0H6GWOLr76PBzVpGJN8nmz3BBQAwJgIKII6YhKD3D/UEsyajoh9sG0K5xB0P/mgYCXj7gCugoK9YTn88dIJHRXbZYqhcj3MssHx5Tg2MU7MGh2Q2p8Eh6XIiJ1aSbMJT75MaD5Yz41P5KaCuQSaAlGfCO4Nv8kYdN10Ik/3AqLz0+Q2uZd3jrt5B/hFn6HTj2ZNrWSpanJuFhpxLJqRBnn17fRXW94d2aLdmAyDBthj/hRtvJ8cXvACpkdW4FzJLsnC+XDj89B/T+D8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:ja; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LV8PR01MB8677.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: y3LOhmH2quHNd7AecQNmIYpyWh55dn2ybybXrYZxrHikKfYbbR3W2CF7ad411N9/btJzm3wQraIkKlw459lhnMbZRqYWzkJyIWEvQ+1vs7BXKcP2Xg5kBjh50imbUArIyxWsNGDQ+Hlltah9plrtmmS79LYrskYA1lBKeWVzx1eizdX0yHF8HwmAJMsv7ZdR5ULSuX79U2HLzK2AhitIa9BDpkDeeEpjmcKn4Dy8VEQlyDsQSNRm13RYx8gmYC5c/dBVovmbm1gEpkLBlDs6MZSr69NFcF89g3/PsIhLnjUs0baGMSW4LICE7ZGS2G2nVPkw35YbJ1zreqzEVA+CNzylVi+ToRhNY+8qmHqlFevVPKFhi5yBsl6L56RCbxtaMa+Fxw1b6puw/mP0FP7m6hMyr4DuQmEvGhbaPPRLkK64zD1k4bKFhfNGuCEA0q6/fFOHIbPGjQ+mAAUvpH1Iy85o9za4XaeQhr8mjYqNrmqP5cCVOLDkMOC2W6UaB/FpBm9ivm4hsytSBTXf5pBnUkrqXXDUs7TeWhO0NzfY3zog36TR97g9YMhAkHyniIsNvCsqLM+JwUY5d/VlULOzXj1S/h4wS9bpakDiJhB8ZtUFtGW7jCbmnubn4+OoLU1WvXjIs8RhsEuzAynOZJVFFAg1YTVV5BT5UH0VzOj1rBb0xsSt04C5kbHFpmyPPRdne6hlZTGLwNbJsWzw4byRZDEmtJ9dcBNY54S1jCY2F6RVYXVQ/odzp1loTsFW5vmbM+Xq2HD7SxepPoEEN7fM8W9xxOcNMU78OXAAjO+PjOluOhA0KaqbalmmnPJFxBh/gWU0gBtyzZ0si4H8DRYtie3QBqAplfewsQ6RF0U1CDMsv8/Ez7lL92/D1req9R6DmuKM9B3UyytQYrayXbKb5BvouD62giXGA7soxFs5+8Hv7tnYMZ4DsLZtZQ4Qsoz+mKNHJIjTvrAuzZ88mlpPsLNCnAVuvEEEvesyjQ7etni/z15Qy/ItSCjKcIjlz6dJCRTmXJKLjFmh1l+an7I/EVYAT30jyggp17u8GPMec52N+tmgKVgX+JOlAx6dKM8dmGR0RRm9JvepigeDsoL1SmJYXtXxbnzZBu2z6ekP3WR6qyWZUuXkWgL+dMDueMQ9TeDJhOdiUzWAM0wDZ/5XbR3kJ++o9Slf75aG6rDD5SBzvsmLkv8fIytb2OzIbhrVbCEUgxN+q6sHvkOhcJC5zLXKBj5CJNAkdwN7TM4Zqi0coN4M/84zb8iVaqOZ1VZPgz710zavav+lZhi8LgfwsLRnIfZ1NlXn8wsCy2HnrTQP2MIYWCJW4bxwu1J+QjFPEidae0SohnxIJZ0xosIT+yninAHRUpz4ZqLrSkbBkzexKAAk/11xN5PuHP/NPE2htvPEQZhHwotdqpb3kNbA4jAzLTIvqjHHTgL6dyPlxTIATMTEhyr22T7o7rGDrZEpL6/8WoY60QMGsywXLgyKVpioxifmoaLiiEeFK2cA2D3ogScQwGvAHKIusI3t0hsTiHJ+Hbv9xyBA4UttbDKR2dt3STAEIh1erNiHs9pkvq4=
Content-Type: multipart/alternative; boundary="_000_LV8PR01MB8677E37852D44BF495B13FABBD302LV8PR01MB8677prod_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fa191293-45a2-48d3-7ed4-08dc4b1cf72d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2024 09:38:15.7278 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3DrHshegonADBIwvr+BdFrbxLo3ebrNOVYGN6xhXQajorHe536w0hwHW3IOOKaj2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB8144
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/2rQyPohVBMuxVb5QoTHQFyoSLaU>
Subject: Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 09:38:24 -0000

Thank you for presenting your proposal to the group in Brisbane.

Reading through the draft, it seemed that there are really two topics in here, and I'm wondering how they could be split:

1, a data structure for complex access rights

2, a cryptographic mechanism for selectively encrypting some of those rights to protect them from unintentional audiences.

The data structure used to convey the access rights seems very similar to the object structure defined by RAR, RFC9396: https://www.rfc-editor.org/rfc/RFC9396

I was unable to find something in this data structure that is required to provide the cryptographic hiding functionality, have I missed something? Or would it be possible to apply this to RAR objects?

Does the key distribution happen or of band of the protocol? In the oauth world, would these keys become part of the RS configuration?

Thank you,

- Justin
________________________________
From: OAuth <oauth-bounces@ietf.org> on behalf of jiangcheng <jiangcheng612@163.com>
Sent: Tuesday, March 19, 2024 9:42 PM
To: OAuth@ietf.org <OAuth@ietf.org>
Cc: zhangjl382 <zhangjl382@chinaunicom.cn>; jill32 <jill32@chinaunicom.cn>
Subject: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access


Dear oauth,



      We have a draft and we are looking forward to soliciting comments on it.

      https://datatracker.ietf.org/doc/draft-zhang-jose-json-fine-grained-access/


Best regards

v2.23.0 | Report a Bug | By Email