IETF Logo Mail Archive

[OAUTH-WG] Re: DNS Handles

Warren Parad <wparad@rhosys.ch> Tue, 21 January 2025 20:13 UTC

Return-Path: <wparad@rhosys.ch>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0706C151539 for <oauth@ietfa.amsl.com>; Tue, 21 Jan 2025 12:13:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rhosys.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCwGno124AD5 for <oauth@ietfa.amsl.com>; Tue, 21 Jan 2025 12:13:53 -0800 (PST)
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A6FC14F5E5 for <oauth@ietf.org>; Tue, 21 Jan 2025 12:13:53 -0800 (PST)
Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-ab2e308a99bso33394266b.1 for <oauth@ietf.org>; Tue, 21 Jan 2025 12:13:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhosys.ch; s=google2024; t=1737490432; x=1738095232; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QkZtj2Obl+jcPQLN8t+MitvZRri189bG0T+zdLmaePk=; b=YnVFQdzzWPPdy3yk3TmBtMbB4pYac3QV00WEPicEowVD3kMNykmwu06we/BeTZEOEe zEWJBiw9EZ+SmeotqfoGKpqTi49QioudigOqOChs80C0HbqkCcDw8bFSEk5Fu/ZC0rtJ I3MpZBzZ2vseJTkWEUIC5zQ8IyjO/XVt5NdE0wsgql6SXNjXvvU88q0lITY6p3kKWSbT Jc9ocs8sFur3nSsf+JfUVWxrhqIP9ewjyFMfodzIFN3olX/FdFANPFuqt+1P0X30pcte DkyZVm8VqG7RoXgDklGs5xPfwLfD0gkgy4Ssd9Ax+drTJX8x6RiD8hOVccP6KbmbTj9U eotw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737490432; x=1738095232; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QkZtj2Obl+jcPQLN8t+MitvZRri189bG0T+zdLmaePk=; b=UMDaELzxHXaQ2YRMRme251XgvH1tLJ4XzQOvLeRqCU4jSOxNikScwmo8qxLjOjNkxI xxIFYWJvRgbQTqRibtescV20D+Sm1olCvId4Xp7oGCzhQD6j8GbMpgtIq8rqKSpsIgzU JEkKI1j6UgegzOn08Wfyxh8CqiOey1lZErmq8JuYp9+WMKgWy9DFH0Ch0CF8oq8ZlcUZ lUT08DwXHEF2Nw5k+0VLzrkrfFgzNoRaYOgTDUdQINUkW66utEu0VLm/RBDbV4Y1XOh/ /yNCV2oXt8Tq4AP0ZF1Ecmx/sjH63SerdIQ4pBD85D/tiv8CmMlyktMNJYoegIi+fpj+ x5Xg==
X-Forwarded-Encrypted: i=1; AJvYcCVUwlSaqDZ9D4dn877nzOUYtx/j4kg4r38bkbRdv7o6pUJ3gcc6g4RjBIPqgiuxavX+tsUckA==@ietf.org
X-Gm-Message-State: AOJu0Yzrb3FQE86I4Xmp+fn6+j7WCs5X0UeabtMPRtflXZigzZ4vGEbD Lj4KKz+jDPNu5zbG/XTQDhfieqhPHFj2JvUHhB4qkT5NUhDMGVgM99INW/CuntHhVRtfijUi4v0 gYp/W2Xn8qpFJxgagIHgUG5/Tn6RnYtft580X
X-Gm-Gg: ASbGncuGbG1XHcv/xfX7NTJOfKv6U/h8Y4itiTOL46Uk10/idheYNnicgTlSAWV21if HGo5/+jIuai0KzyCKvASDpka2tRlEkqi1G1wTyZViILT+88vXLwQ=
X-Google-Smtp-Source: AGHT+IHhITqIgKZ6kqVyqDADwMz/87XimmGSIYMSF5hgu8TTA7ORsp5Ks4vsr5rZdgTdWuyqxZP7z/lkP5Soh5Q/rGs=
X-Received: by 2002:a17:907:268a:b0:aa6:938a:3c40 with SMTP id a640c23a62f3a-ab36e479602mr2045678466b.24.1737490432087; Tue, 21 Jan 2025 12:13:52 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+Lwgykk+B2UspfXBcLipFiTifNBf-WG-DeXPpWT39syqqVg@mail.gmail.com> <CAD9ie-tYsCODGfNTBDZgr46s4O4B9-u79jR=G10y4sN5HBiKgQ@mail.gmail.com> <CAMm+Lwje3G7EPkapFfVksbNtPN11LOs7Gj3Jj09uuFyvAb4FRQ@mail.gmail.com> <CAJot-L06J-T7vK2FJY4JGFQj4Zu=xFyNnKpnNM2SktCpOuTDKw@mail.gmail.com> <CAMm+Lwg+OizX_+bW7gkFqE3S6OGdF=h=7hpMSgnREWiqawiA5g@mail.gmail.com> <CAJot-L1rbkYg3rooqLrWw5StrqJMFZp7puc4GK+ACOqPtVbaig@mail.gmail.com> <CAMm+Lwj6qFy+njAd1T1F70EieJfxHCnkEcVLiGf8u7gSjhg0Kw@mail.gmail.com>
In-Reply-To: <CAMm+Lwj6qFy+njAd1T1F70EieJfxHCnkEcVLiGf8u7gSjhg0Kw@mail.gmail.com>
From: Warren Parad <wparad@rhosys.ch>
Date: Tue, 21 Jan 2025 21:13:41 +0100
X-Gm-Features: AbW1kvbXX_O5DF_8n7T35lG9P3HBciYpluFSUG7sWnahkm0cGWWVpSkHA7VC1J4
Message-ID: <CAJot-L0chuJT26xPJHYzXzBgGKm=79brf88-7fqucmf9DDs5Hw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="000000000000017ca0062c3d0484"
Message-ID-Hash: 3LS7FOBEMBKV3GHIB7QV3JPBXJYO4JQI
X-Message-ID-Hash: 3LS7FOBEMBKV3GHIB7QV3JPBXJYO4JQI
X-MailFrom: wparad@rhosys.ch
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Dick.Hardt@gmail.com, oauth@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: DNS Handles
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/6vIpHeI-xVhfmKX_TCx2jjqT1Xg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

I'm not really following. Maybe let's start at the end and work ourselves
backwards. As an Identity Provider today, we generate JWTs for our users
that applications can use. Users log in to applications via our
Authorization Server and get application specific JWTs. Based on your
suggestion how does the result JWT different from the one that we are
generating for the user+application today?

On Tue, Jan 21, 2025 at 9:02 PM Phillip Hallam-Baker <phill@hallambaker.com>
wrote:

> On Tue, Jan 21, 2025 at 2:43 PM Warren Parad <wparad@rhosys.ch> wrote:
>
>> The only thing lacking is a base of authentication service providers that
>>> are willing to give users control.
>>
>>
>> As someone who works for one of those "authentication service providers",
>> what exactly would we need to support that we don't already?
>>
>
> I am writing a draft. The short answer is almost nothing. But not nothing.
>
> The longer answer is that we need to have:
>
> 1) A detailed explanation that puts ALL the information needed to
> implement against the profile in one place. I am working on an Internet
> draft to do exactly that.
>
> 2) A discussion of how to best present the scheme as something whose
> primary purpose is as an authentication provider rather than an account
> with one social media property that can also be used elsewhere.
>
> 3) A discussion of how to use the DNS handles to enable end-to-end secure
> messaging. If Bob is reading a comment by Alice under @alice.example.com,
> that is the handle he is likely to want to use to message her.
>
> 4) A discussion about what else we might want a DNS handle provider to
> support. I have a prototype running that extends to supporting the IoT
> requirements raised in SETTLE.
>
> Right now, we have 'a' way to do this which is not necessarily the best
> way or the way that allows us to grow in all the ways we might want in the
> future.
>
> I have a history of being able to market protocols and get them into
> widespread use. I haven't always been successful but have more successes
> than failures and I think I know what it takes to make DNS Handles widely
> used, which businesses I need to approach, etc. etc.
>
> The reason I am raising this here now, is that before I go round to the
> DNS registrars (and their affiliates) and the VPN providers and such to say
> this is the thing to do, I want to make sure we have everything straight at
> a technical level so we are all on the same page.
>
>
>

v2.38.3 | Report a Bug | By Email | System Status