IETF Logo Mail Archive

Re: [OAUTH-WG] draft-bradley-stateless-oauth-client-00

Nat Sakimura <sakimura@gmail.com> Mon, 04 November 2013 21:56 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B59AF11E8212 for <oauth@ietfa.amsl.com>; Mon, 4 Nov 2013 13:56:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.51
X-Spam-Level:
X-Spam-Status: No, score=-1.51 tagged_above=-999 required=5 tests=[AWL=-0.576, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DvtCNjb+E-Sj for <oauth@ietfa.amsl.com>; Mon, 4 Nov 2013 13:56:12 -0800 (PST)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) by ietfa.amsl.com (Postfix) with ESMTP id A79DC11E813F for <oauth@ietf.org>; Mon, 4 Nov 2013 13:55:18 -0800 (PST)
Received: by mail-lb0-f175.google.com with SMTP id z5so5841963lbh.20 for <oauth@ietf.org>; Mon, 04 Nov 2013 13:55:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=t5kkRrCy9pQoMhKvuDFEmVMskPvgbiZ2auKZ7pA4oH0=; b=wkEwoHJACs1OSA1LOC+CaK+JvyfSVOyLF9hcKmv3y2IHVaQi7s8ME8I7/f8u9mSlFM WOEcRMvLy4KARa9X7JJuoEj7XoTV+SaKRFtSw2GYwFkS2hKZL4Ta2Y7zf/yC2XdqS8H3 4MWmfDZOW2IDO15gAxHcuf5+9tFZBlv//Wj+DaF7A25xahWpXYH8NuEv0JKbU5pPEqBE BdVKy6gQ13iVJowJtSdLuzRFvJreRKSmqbqMspT281KbvD2bQntQxqS44Wfkw1h5bMXW FJ5AH/Bx3p3Wlu//IqINODMx6wSqDfx7Qs8FGoXSiyYrAvjAXawiKUvDjMVdtcj2T/PP Iu0A==
MIME-Version: 1.0
X-Received: by 10.152.27.129 with SMTP id t1mr2926071lag.37.1383602117606; Mon, 04 Nov 2013 13:55:17 -0800 (PST)
Received: by 10.112.134.38 with HTTP; Mon, 4 Nov 2013 13:55:17 -0800 (PST)
In-Reply-To: <46053D48-F380-4579-BDE9-A7C1BFE1A374@mitre.org>
References: <5273E5AD.7010408@gmx.net> <3F75FA0B-CAC3-439A-866B-CFE116FADA4E@ve7jtb.com> <5273F7A2.70409@gmx.net> <CABzCy2A+ghM7uv7GLjSzu2Cp5H8fEzpWoN9XwmxrS9nmriMzyg@mail.gmail.com> <46053D48-F380-4579-BDE9-A7C1BFE1A374@mitre.org>
Date: Tue, 05 Nov 2013 06:55:17 +0900
Message-ID: <CABzCy2CEeU53p3M8=mfq1dFgvjtwvPxKAqe8pDHEc-w9QmurOA@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: "Richer, Justin P." <jricher@mitre.org>
Content-Type: multipart/alternative; boundary="089e0160bcb8bb04ce04ea60f8b7"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-bradley-stateless-oauth-client-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2013 21:56:13 -0000

2013/11/5 Richer, Justin P. <jricher@mitre.org>

>  Since the client isn't really supposed to be poking around inside of the
> client_id anyway, I think that JWS is a reasonable starting place, with JWE
> if you want to actively hide something inside of the client_id from the
> client (and browser and other parties that see the client_id). Most of the
> stuff that's tied to a client's configuration isn't that sensitive, in my
> opinion.
>

It may or may not. It depends, really. Switching between encrypted and just
signed depending on the cases seems to be a bit of overhead, though I agree
that signing is a bit easier.


>
>  Also, there are other ways to have a symmetric client secret that's
> stateless beyond packing it into the client_id here. For one, since
> client_secrets are also opaque to the client, you could just issue a
> client_secret that's a signed JWT in its own right (or some other signed
> blob), letting the AS check the signature but the client merely presenting
> it as a normal client_secret. Alternatively, you could issue a bearer
> assertion and accomplish the same thing. Both of these would still need to
> be communicated to the client along side its client_id, the trick is coming
> up with a mechanism whereby the AS can recognize it.
>

That's probably more reasonable. Linking two JWT with sub claim or
something like that.

>
>   -- Justin
>
>
>
>  On Nov 4, 2013, at 1:37 PM, Nat Sakimura <sakimura@gmail.com> wrote:
>
>  Since the client_id is supposed to be opaque, it would probably be
> better to JWE encrypt (note: all JWE encryption are integrity protected as
> well) by the authorization server upon issuing it to the client. This way,
> we have exactly one way of doing the things, and it works for both
> symmetric and asymmetric case.
>
>  I see this more useful in the case of symmetric client secret.
>
>  If the client were just using public key crypto to authenticate itself
> to the server, using the URI of the location of the client metadata as the
> client_id would suffice.
>
>  This has an advantage of smaller client_id.
>
>
> 2013/11/2 Hannes Tschofenig <hannes.tschofenig@gmx.net>
>
>> Hi John,
>>
>> thanks for the super-quick response.
>>
>>
>> Am 01.11.13 19:18, schrieb John Bradley:
>>
>>  The client_id would continue to be opaque to the client as it is now.
>>> The AS can send a JWE using AES_128_CBC_HMAC_SHA_256 to encrypt and
>>> provide integrity if it is using a symmetric key (probably the
>>> simplest thing if we are talking about a single registration endpoint
>>> paired with a single AS)  In more complicated scenarios where perhaps
>>> a group of AS share a single registration endpoint you probably want
>>> to use asymmetric signature  then asymmetric encryption + integrity.
>>> Those are deployment decisions that need to be documented but can be
>>> transparent to teh client.
>>>
>>
>>  Maybe it would be good to state that in the document that this is a
>> possible option without introducing further complications (other than the
>> verification procedure is different). If the AS signs the JWT then it just
>> needs to compare whether the issuer field matches what it had previously
>> put in there. If someone else signs the JWT then it needs to check with
>> some trust anchor store or something similar whether it trusts that
>> specific issuer.
>>
>>
>>
>>
>>> Sorry to my mind it is obvious that the JWT would be integrity
>>> protected/signed for all clients including clients using asymmetric
>>> authentication to the token endpoint, and and
>>> signed+encrypted+integrity for clients using symmetric
>>> authentication.   That can be made clearer.
>>>
>>
>>  It would be good to say that because the effort is rather low and there
>> are benefits in doing so.
>>
>>
>>
>>> It might make sense to assume the issuer is just the AS but the AS
>>> can do that without the benefit of a spec now, as there is no
>>> interoperability issue.
>>>
>>> The spec defining the JWT structure and signing and encryption
>>> methods has the most benefit when you don't have such a tight
>>> coupling between registration and AS.
>>>
>>> That is likely why Justin and I didn't think a spec was necessary for
>>> the simple case other than to show people this is possible with the
>>> existing registration spec.
>>>
>>
>>  I think there is value in providing that information for implementers
>> even though it does not require new extensions or so.
>>
>>
>>
>>> I am OK with strengthening the wording on signing/integrity
>>> protecting and encryption.  eg if a symmetric key is included the JWT
>>> MUST be encrypted.
>>>
>>
>>  Cool.
>>
>>
>>> I don't necessarily want to make any algorithm a must as that limits
>>> algorithm agility in the future.
>>>
>>  OK.
>>
>>
>>
>>> Thanks for giving it a read, see you Sunday I expect.
>>>
>>  Unfortunately not since I am unable to attend the upcoming IETF meeting.
>> Derek will run the show.
>>
>> Ciao
>> Hannes
>>
>>
>>
>>> John B.
>>>
>>>
>>> On Nov 1, 2013, at 2:32 PM, Hannes Tschofenig
>>> <hannes.tschofenig@gmx.net> wrote:
>>>
>>>  Hi John, Hi all,
>>>>
>>>> I read your document and here a few remarks.
>>>>
>>>> In the dynamic client registration conference calls the topic of
>>>> the stateless client was raised since there was the argument in the
>>>> air that the current OAuth 2.0 RFC requires clients to be stateless
>>>> due to the nature of the client identifier.
>>>>
>>>> It seems that you have found a way to make the client stateless
>>>> with regard to the client identifier (i.e., that the authorization
>>>> server does not need to store information about the client) by
>>>> dumping state information in the client identifier itself. In your
>>>> case you use a JWT, which is clever.
>>>>
>>>> Since RFC 6749 explicitly says that the client identifier string
>>>> size is left undefined  and that the client should avoid making
>>>> assumptions about the identifier size I don't see a problem with
>>>> the proposed approach.
>>>>
>>>> Now, there is one issue that I am wondering about. The client
>>>> identifier itself is not sufficient for authorizing the client (for
>>>> confidential clients). Instead, there is typically the need to have
>>>> a secret. Now, the secret is not conveyed in the JWT, at least not
>>>> in the way you have define it. You could of course do that and
>>>> there is a document that provides prior art, see
>>>> http://www.ietf.org/rfc/rfc5077 The story essentially is that the
>>>> structure (JWT in your case) includes the key but of course then
>>>> you have to encrypt the entire blob.
>>>>
>>>> In the case of public clients wouldn't you want to mandate at least
>>>> a digital signature or a keyed message digest for the JWT since
>>>> otherwise there is the risk that the client changes some of the
>>>> parameters to impersonate someone?
>>>>
>>>> A few other questions:
>>>>
>>>> * You write: "The issuer SHOULD sign the JWT with JWS in such a way
>>>> that the signature can be verified by the authorization server. "
>>>>
>>>> I believe what you want to say is the following: The authorization
>>>> creates the client identifier (using the JWT) and the client does
>>>> not parse the received content since it treats it as opaque.
>>>> However, the authorization server MUST be able to process and
>>>> verify received client identifiers it previously created, which
>>>> requires to apply cryptographic processing when a JWT is signed
>>>> (using a JWS) and when a JWT is encrypted (using a JWE).
>>>>
>>>> (I ignore the issue that I believe the JWT needs to be signed [for
>>>> public clients] and encrypted [for confidential clients].)
>>>>
>>>> * You should submit the document as draft-bradley-oauth; this makes
>>>> it easier to find the document.
>>>>
>>>> * You write: " The issuer MAY encrypt the JWT with JWE. "
>>>>
>>>> I think you want to be stronger by saying that JWE MUST be used
>>>> when the authorization server wants to apply confidentiality
>>>> protection of the JWT. While the authorization server could use
>>>> other techniques as well the purpose of the document is to describe
>>>> one way to accomplish the goal and therefore it makes sense to be
>>>> specific.
>>>>
>>>> I would even go as far as suggesting specific algorithms to use, as
>>>> an example.
>>>>
>>>> * Although not stated directly I believe you allow the client
>>>> identifier to be created by a party other than the authorization
>>>> server. While this would theoretically make sense wouldn't it be
>>>> useful to just assume that the issuer is the authorization server?
>>>>
>>>> Ciao Hannes _______________________________________________ OAuth
>>>> mailing list OAuth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>
>>>
>>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
>
>
>  --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>  _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

v2.23.0 | Report a Bug | By Email