[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - Revocation Drafts @ Tue Jun 11, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

Giuseppe De Marco <demarcog83@gmail.com> Wed, 12 June 2024 20:07 UTC

Return-Path: <demarcog83@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC4D0C14F6F4 for <oauth@ietfa.amsl.com>; Wed, 12 Jun 2024 13:07:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwj9eHh1Ry0z for <oauth@ietfa.amsl.com>; Wed, 12 Jun 2024 13:07:49 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7652DC14F6F1 for <oauth@ietf.org>; Wed, 12 Jun 2024 13:07:49 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-57ca578ce8dso135828a12.2 for <oauth@ietf.org>; Wed, 12 Jun 2024 13:07:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718222868; x=1718827668; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=IBzGrc647pMshMa0r9V/Y5kTGCybHlSGBVc+pnDeJxo=; b=mgNRWe2QreGLlfLc+DI9SDZOf5ezMAQU8XkNIKoMl/ezHJ3G1i8CHfyjBYfapMFmjp dxfwcD2DTBXy7C8f7Ih1cy++F0p3ih8RJKbBSJmTImQM1hayUcFUu6o52A8HJUpGc3Rh 2+kC0Rf8972LVM8yH/BhBQMPb7lNBNH96iWl58+aCTV2ESL/ZyjVmuBodDkj2tzLcLtU 4ZoStTfE3SCEQIc/agZaTswiWFna2RXwSF/B8RlnNkk3WM1OZ5AWX033qdOJlXXljZ8X pUs4QqNqnXuFRjLNIaDKAIffIAKcQBS7pjeH3HNncRdhrKP+UtW+8XmxW/VJJNig0MUD S2Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718222868; x=1718827668; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IBzGrc647pMshMa0r9V/Y5kTGCybHlSGBVc+pnDeJxo=; b=RMMeIYv1mcYb0+MkL1IsPew9EXERO+DUa6iraOR61V3aZARNrjpLSwVN1wBOgoofvP SC+6IiBG8aaBqjQOYK+ib6gFUaxCF+gYhuwVlNXFhz9eZ7KcPFF+pQrlyNwiNUEX3tQX 8CVuwDOcf+55jNY6NEv7c579YgnYERGMYEHT8JBffunvL5l7MZ23gjWFuqMfwfgKfG7v te5YcICVDQBy4HsSaMn51IeYU6HJECr696dbQ11q0vVyOEEgyHb95AZGRSARkN0ZTQBu pzbwoOchs2v0+WvjHua48m4AjRDkLqQhmNa5kxMoCgTZWmTxAQFymuMmkgUsgmAgJ78P ggFw==
X-Gm-Message-State: AOJu0YwWYLbVN7SMVI4y+6hW/cFObPT+yq30npmUaGSpuI1W/jTGqGgs xBjKf8ffy1z1yBFHl5KlFkg0ljR94Hv8+E27sn6a20Y1YtvYSk5tQtb/RzuykwAp6DuuR97pJZd ODHXrRx5bcawXpp4xsIcv/eGk08a0sEet0DY=
X-Google-Smtp-Source: AGHT+IGXZLNsP1W3FAyTugNuvEEHxnSgAL+h825VcmUejsMcHOY1HsT6aCmXaC82UvZ5/nrXJC76dOsl/Ghph/u3g34=
X-Received: by 2002:a50:d705:0:b0:57c:6338:3285 with SMTP id 4fb4d7f45d1cf-57ca9760069mr1643574a12.6.1718222867474; Wed, 12 Jun 2024 13:07:47 -0700 (PDT)
MIME-Version: 1.0
References: <calendar-8ce2e749-ad28-4f62-a06b-e86bdf8a3e94@google.com> <CADNypP-QSKjgDip8uCSj9EOvP8Pqq9ESw9bA42PEBj=6dmstkQ@mail.gmail.com>
In-Reply-To: <CADNypP-QSKjgDip8uCSj9EOvP8Pqq9ESw9bA42PEBj=6dmstkQ@mail.gmail.com>
From: Giuseppe De Marco <demarcog83@gmail.com>
Date: Wed, 12 Jun 2024 22:07:36 +0200
Message-ID: <CAP_qYymbU=CTmp7iToGnow-4+GbXNz1mqATpT888s9s4hera+g@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a92fc4061ab6efd9"
Message-ID-Hash: 4V5ZXNX77IUYU7OUMGJENWVJG3JI6VXJ
X-Message-ID-Hash: 4V5ZXNX77IUYU7OUMGJENWVJG3JI6VXJ
X-MailFrom: demarcog83@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - Revocation Drafts @ Tue Jun 11, 2024 12pm - 1pm (EDT) (oauth@ietf.org)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/J7ZF3zvGCaw266_jC-WWF6bUeu4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Thank you Rifaat and Arndt

and also Paul, Cristian, Kristina and Oliver for their valuable questions
(many of those embedding the answer in the smart way they use to do).

In particular for the github issues and the actions that me and other
author will be able to achieve, like:

- optioanlly protect the endpoint also with DPoP using a key specialized
for this purpose:
https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/32#issuecomment-2161206939
- further points about status list in comparison with status assertions are
collected here:
https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/50#issuecomment-2129474975
- regarding short-lived credentials and refresh token: there might be
concerns about the preservation of the LoA high, here some insights about
the refresh tokens: https://github.com/italia/eudi-wallet-it-docs/issues/178
- regarding Kris concerns I can say that the wallet doesn't obains the
revocations on behalf of the verifier: the wallet obtains the proofs that
its credentials are not revoked first of all. The wallet therefore can use
these proofs to the relying party in fully compliance to the wallet
paradigm where everything passes through the wallet. The strong privacy
requirement that demonstrate weakness with the status list is that using
status list the RP can monitor the status of a credential over time and
outside the user control, while with status assertion this cannot happen

thank you for your patience in reading all the stuffs and your interest in
this I-D,
best
G
  -

Il giorno mer 12 giu 2024 alle ore 20:52 Rifaat Shekh-Yusef <
rifaat.s.ietf@gmail.com> ha scritto:

> Attached are the slide decks presented during this meeting.
>
> The following is a link to the meeting notes (thanks to Arndt!):
>
> https://datatracker.ietf.org/meeting/interim-2024-oauth-06/materials/minutes-interim-2024-oauth-06-202406111600-00
>
> The following is a link to the meeting video recording:
> https://www.youtube.com/watch?v=Bq6hBh8Tyg4
>
> Regards,
>  Rifaat
>
>
>
> On Mon, Apr 29, 2024 at 11:37 AM Rifaat Shekh-Yusef <
> rifaat.s.ietf@gmail.com> wrote:
>
>> OAuth WG Virtual Interim - Revocation Drafts
>> The Web Authorization Protocol (oauth) WG will hold a virtual interim
>> meetingon 2024-06-11 from 12:00 to 13:00 America/Toronto (16:00 to 17:00
>> UTC).Agenda:Token Status Listhttps://datatracker.ietf.org
>>
>> The Web Authorization Protocol (oauth) WG will hold a virtual interim
>> meeting
>> on 2024-06-11 from 12:00 to 13:00 America/Toronto (16:00 to 17:00 UTC).
>>
>> Agenda:
>> Token Status List
>> https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/
>> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-oauth-status-list%2F&sa=D&ust=1714836900000000&usg=AOvVaw1HlvJPhhfjHM40vdIoCKTH>
>>
>> OAuth Status Attestation
>> https://datatracker.ietf.org/doc/draft-demarco-oauth-status-attestations/
>> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-demarco-oauth-status-attestations%2F&sa=D&ust=1714836900000000&usg=AOvVaw1b_4yOp5w33mpcQYI6A3os>
>>
>> Global Token Revocation
>> https://datatracker.ietf.org/doc/draft-parecki-oauth-global-
>> token-revocation/
>> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-parecki-oauth-global-token-revocation%2F&sa=D&ust=1714836900000000&usg=AOvVaw0YkD8P4IYpmtB1x2dVtCRR>
>>
>>
>> Information about remote participation:
>> https://meetings.conf.meetecho.com/interim/?group=79913841-
>> 6dcc-4d63-a1f4-26484e75fee9
>> <https://www.google.com/url?q=https%3A%2F%2Fmeetings.conf.meetecho.com%2Finterim%2F%3Fgroup%3D79913841-6dcc-4d63-a1f4-26484e75fee9&sa=D&ust=1714836900000000&usg=AOvVaw1FfDTai6oHv3ckeSHdiihf>
>>
>>
>>
>> --
>> A calendar subscription for all oauth meetings is available at
>> https://datatracker.ietf.org/meeting/upcoming.ics?show=oauth
>> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2Fupcoming.ics%3Fshow%3Doauth&sa=D&ust=1714836900000000&usg=AOvVaw1fGtX11YuZg7Lezh8ZBI5y>
>> WhenTuesday Jun 11, 2024 ⋅ 12pm – 1pm (Eastern Time - Toronto)
>> Guests
>> Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com> - organizer
>> oauth@ietf.org
>> View all guest info
>> <https://calendar.google.com/calendar/event?action=VIEW&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0>
>> Reply for oauth@ietf.org
>> Yes
>> <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&rst=1&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0>
>> No
>> <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&rst=2&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0>
>> Maybe
>> <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&rst=3&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0>
>> More options
>> <https://calendar.google.com/calendar/event?action=VIEW&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0>
>>
>> Invitation from Google Calendar <https://calendar.google.com/calendar/>
>>
>> You are receiving this email because you are an attendee on the event. To
>> stop receiving future updates for this event, decline this event.
>>
>> Forwarding this invitation could allow any recipient to send a response
>> to the organizer, be added to the guest list, invite others regardless of
>> their own invitation status, or modify your RSVP. Learn more
>> <https://support.google.com/calendar/answer/37135#forwarding>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>