IETF Logo Mail Archive

Re: [OAUTH-WG] issuing new refresh tokens

Torsten Lodderstedt <torsten@lodderstedt.net> Thu, 22 July 2010 21:10 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 155C83A69B7 for <oauth@core3.amsl.com>; Thu, 22 Jul 2010 14:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.226
X-Spam-Level:
X-Spam-Status: No, score=-1.226 tagged_above=-999 required=5 tests=[AWL=-0.836, BAYES_20=-0.74, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfbmIr5PiCvt for <oauth@core3.amsl.com>; Thu, 22 Jul 2010 14:10:34 -0700 (PDT)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.29.7]) by core3.amsl.com (Postfix) with ESMTP id BAC1E3A69BE for <oauth@ietf.org>; Thu, 22 Jul 2010 14:10:31 -0700 (PDT)
Received: from p4ffd12ee.dip.t-dialin.net ([79.253.18.238] helo=[127.0.0.1]) by smtprelay03.ispgateway.de with esmtpa (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1Oc32S-0004xh-3N; Thu, 22 Jul 2010 23:10:44 +0200
Message-ID: <4C48B3CC.2010708@lodderstedt.net>
Date: Thu, 22 Jul 2010 23:10:36 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5
MIME-Version: 1.0
To: Brian Eaton <beaton@google.com>
References: <C861C06B.37142%eran@hueniverse.com> <D66D8157-CC63-4B2B-9A23-0EBDC1E71DAD@gmail.com> <AANLkTil2LvtB7cEtFQhdY9f9r03GxDe9CGnu97QbaV_J@mail.gmail.com> <DB7D6CD4-9EDB-4F68-8EF9-20F42B442CB4@lodderstedt.net> <AANLkTikyeQecxRNvDWPgvOtkfcY5823Ong0_DcYhYsOo@mail.gmail.com> <4C3E2CF2.1000108@lodderstedt.net> <AANLkTiniBqJd0MrDWA1pgp_pl-C0n2oUtYNBhTXIRS3_@mail.gmail.com>
In-Reply-To: <AANLkTiniBqJd0MrDWA1pgp_pl-C0n2oUtYNBhTXIRS3_@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Df-Sender: 141509
Cc: Kris Selden <kris.selden@gmail.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] issuing new refresh tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2010 21:10:38 -0000

Am 15.07.2010 07:14, schrieb Brian Eaton:
> ...
> My use cases for this are a little different.
>
> 1) I'm interested in the two-legged flows as well as three-legged flows.
>      For example, imagine an autonomous client that is registered once,
> and then after that maintains its own key material.  Regular rotation
> of the key material is good cryptographic hygiene.
>    

How is the client registered? Out of band or via API?

> 2) I'm interested in distributed scenarios.
>      For example, imagine a geographically distributed client
> application, or a client application that is extremely busy.  In both
> these cases, you run into race conditions where refresh tokens are
> changed even as they are being used.
>    

What is the difference between rotating a key and changing the refresh 
token with respect to such race conditions?

> 3) I'm interested in authentication besides bearer tokens, in
> particular public keys used to verify assertions.
>    

Authentication between which parties? client and authz server, client 
and resource server?

> 4) I'm less interested in installed applications.
>      I understand your use case for rotating refresh tokens, but it's
> somewhat less important for me.
>
> That said, maybe we could arrive at a set of protocol flows that we
> would both implement the same way, and would meet all of those use
> cases?  For example, would a protocol where the client secret for
> installed applications changed regularly work for you?
>    

Why not? Let's talk about :-)

The following comments are given with focus on installed application.

> Maybe something like this:
>
> - when a client contacts the authorization server, it would provide a
> hint that it supports key rotation
>    

where would the initial secret come from? Would it be the same secret 
for all installations? I assume there is no initial secret and key 
material is used to protect the refresh tokens only. It is not used to 
authenticate the client.

> - the authorization server may return an error code that says "key
> rotation needed"
> - the client would then generate a new secret key (this could be
> either a machine-generated password, or an HMAC key, or a
> public/private key pair.)
>    

I would prefer if the authz server would issue the fresh secrets (at 
least for shared secrets).

> - the client would then contact the authorization server again,
> signing the message with the old key, and providing the verification
> material for the new key.
> - the authorization server would then store the new key, and mark the
> old key for expiration.
>    

when will the old key expire? Instantly?

> - subsequent requests from the client would be signed with the new key
>
> Note that in the case of installed applications using the
> user-approval flows, you would associate the new key material with the
> client-id and refresh token together, rather than the client-id alone.
>   Otherwise it's impossible to look up the verification material for
> requests, since you would quickly run into problems with a single
> client-id mapping to zillions of secrets.
>    

what about clients with multiple refresh tokens from the same authz 
server? Would they need different secrets? Or would you suggest to 
associate all refresh tokens with the respective key material?

I would rather suggest the following approach:

We distinguish clients (application type) and client instances 
(installation).
Every installed application is registered with the authz server as a 
separate client instance (identified by an new client_id). As far as I 
remember, there has been a proposal on the list to introduce instance 
identifiers recently.
Key material is managed per client instance. Refresh tokens are assigned 
to a particular client instance.

That way an authz server can identify and lock out particular 
installations (e.g. the media center app on my iPhone). The same holds 
for end-users, a self care UI could vizualize different installations 
and their authorizations. If the authz server also manages the relation 
between clients and client instances, a particular application can be 
black listed, too.

Bottom line: it's an viable alternative to rotate keys instead of 
issuing new refresh tokens. In my opinion, this is the more complex way 
to protected installed applications because it requires a client 
registration and key rotation protocol. On the other hand, (in 
combination with instances) it has some additional advantages.

What is your assessment?

regards,
Torsten.

> Cheers,
> Brian
>    

Assumptions

in the case of installed applications, the secret is used to protect 
refresh tokens only
no client authentication

v2.34.0 | Report a Bug | By Email | System Status