[OAUTH-WG] Re: Review of draft-ietf-oauth-selective-disclosure-jwt-10
Denis <denis.ietf@free.fr> Wed, 14 August 2024 16:00 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0337C14F6BC for <oauth@ietfa.amsl.com>; Wed, 14 Aug 2024 09:00:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sa7GJjjuned8 for <oauth@ietfa.amsl.com>; Wed, 14 Aug 2024 09:00:50 -0700 (PDT)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7771FC14F68C for <oauth@ietf.org>; Wed, 14 Aug 2024 09:00:50 -0700 (PDT)
Received: from [192.168.1.11] (unknown [90.91.46.145]) (Authenticated sender: pinkas@free.fr) by smtp6-g21.free.fr (Postfix) with ESMTPSA id 16FA578050F; Wed, 14 Aug 2024 18:00:45 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------0FhPe9LkwS7hdyPZ0VHvmFw0"
Message-ID: <3022b44e-d39e-420b-a476-c666febb744f@free.fr>
Date: Wed, 14 Aug 2024 18:00:39 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Kristina Yasuda <yasudakristina@gmail.com>, Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
References: <SJ0PR02MB7439CC07D6FB13A1DAA664E1B7BE2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCQRU95pNKEdRFoAOLaKR=QLZZMYE9NoF2Yeg=_cenF=gw@mail.gmail.com> <CAFje9Pi=V+pHriMwa3wSPT7wHLa6J60KRuN8TYXHZKXrRWe1jQ@mail.gmail.com>
Content-Language: en-GB
From: Denis <denis.ietf@free.fr>
In-Reply-To: <CAFje9Pi=V+pHriMwa3wSPT7wHLa6J60KRuN8TYXHZKXrRWe1jQ@mail.gmail.com>
Message-ID-Hash: XAZFXK7HLSZXJ7OXR5BZQZOZZPC2KIHR
X-Message-ID-Hash: XAZFXK7HLSZXJ7OXR5BZQZOZZPC2KIHR
X-MailFrom: denis.ietf@free.fr
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: Review of draft-ietf-oauth-selective-disclosure-jwt-10
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/JMtH80iwJbuP47UwhRvwHYd2bys>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Hi Kristina, I concur with Mike: the language needs to be adjusted . > *1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1>Introduction > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-introduction>: > The usage of “Holder” in “used a number of times by the user > (the "Holder" of the JWT)” inconsistent with its usage in the > definitions, which defines “Holder” as being “an entity”. The > usage here in the introduction makes the holder into a person > rather than an entity. Please adjust the language here to not > confuse the user who utilizes the holder with the holder itself.* > > *-> Holder is defined as an entity and a person can be considered an > entity. We also have a phrase "the user (the "Holder" of the JWT)" in > the introduction. Hence the editors consider the current wording to be > sufficient.* The following definition is confusing: Holder: An entity that received SD-JWTs from the Issuer and has control over them. Is this "entity" a human being or an application ? It can't be both. It is important to make the difference between an individual (the holder) and an "holder application" (e.g., a digital identity wallet). About Key Binding: Key Binding: Ability of the Holder to prove legitimate possession of an SD-JWT by proving control over a private key during the presentation. An application under the control of a Holder can do it, but an individual is unable to perform the necessary cryptographic computations to prove it. For example, in Figure 1: SD-JWT Issuance and Presentation Flow, "Holder" should be changed into "Holder application". Two terms should be defined and used: "Holder" and "Holder application". The two following definitions are proposed as a start: Holder: individual that has the control over an Holder application Holder application: application able to receive SD-JWTs from an Issuer and to process them The introduction states: However, while both JWT and SD-JWT have potential OAuth 2.0 applications, their utility and application is certainly not constrained to OAuth 2.0. Outside the context of the OAuth 2.0 Framework, *collusion attacks* between individuals will need to be considered, and the Holder application will need to be a TA (Trusted Application) running in a TEE (Trusted Execution environment). Unfortunately, the acronyms TA (Trusted Application) and TEE (Trusted Execution environment) appear nowhere in the document whereas they should appear in section 10. "Security Considerations". When requesting a digital credential to an Issuer (which is *not* the topic of this document), it is the Holder application that generates key pairs before sending a public key to the Issuer in its credential request. The Holder application will need to demonstrate to the Issuer that the key pair has indeed been generated by a TA. An individual does not generate key pairs. However, it is the individual (the person soon-to-become a Holder) that instructs his digital identity wallet to request digital credentials to an Issuer. As the vocabulary is going to be used in other contexts / documents, it is important to make the difference between a "Holder" and a "Holder application". Denis > Thank you very much, Mike. > > Majority of your comments have been incorporated in this PR > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/452, > which has been merged. > Below, in bold, please find explanations for the points that have not > been reflected. > > We appreciate your review. > > Best, > Kristina > > On Mon, Aug 5, 2024 at 8:11 PM Brian Campbell > <bcampbell=40pingidentity.com@dmarc.ietf.org> wrote: > > Thanks Mike! The detailed review is appreciated. The document > authors will work on addressing and/or responding to the comments. > As you are no doubt aware, doing so can take some time, so in the > meantime I wanted to send this quick note of acknowledgement and > thanks. > > On Sun, Aug 4, 2024 at 9:56 PM Michael Jones > <michael_b_jones@hotmail.com> wrote: > > I read > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html > in its entirety, resulting in these suggestions. Some are for > readability. Some are for consistency with related > specifications, including JWT. Some are for security and > correctness. The most important comments, including those > addressing correctness issues, are in red. > > *1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1>Introduction > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-introduction>: > The usage of “Holder” in “used a number of times by the user > (the "Holder" of the JWT)” inconsistent with its usage in the > definitions, which defines “Holder” as being “an entity”. The > usage here in the introduction makes the holder into a person > rather than an entity. Please adjust the language here to not > confuse the user who utilizes the holder with the holder itself.* > > *-> Holder is defined as an entity and a person can be considered an > entity. We also have a phrase "the user (the "Holder" of the JWT)" in > the introduction. Hence the editors consider the current wording to be > sufficient.* > > *1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1>Introduction > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-introduction>: > In “"Claims" here refers to both object properties (name-value > pairs) as well as array elements.” change “array elements” to > “elements in arrays that are the values of name/value pairs” > (or something like that). Without saying what the array > elements are, readers will be confused about what’s being > referred to. I’d apply this clarification in 4.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-4.1>SD-JWT > and Disclosures > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-sd-jwt-and-disclosures> > *and other applicable locations as well. > > *-> There is a misunderstanding. the intended meaning here is exactly > what the text says: "each element in the array (regardless if it is a > name/value pair or not, an array element as a string counts too) can > be selectively disclosed".* > > *1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1>Introduction > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-introduction>: > In “they hold the private key associated to the SD-JWT”, > change “associated to” to “associated with”.* > > *-> there is a historical reason behind this wording that the editors > would like to respectfully preserve: > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/394#discussion_r1416409939. > * > > *1.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1.1>Feature > Summary > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-feature-summary>*: > In “A format for enabling selective disclosure in nested JSON > data structures, supporting selectively disclosable object > properties (name-value pairs) and array elements”, consider > expanding “array elements” in the same manner as the preceding > comment to make the meaning more evident. > > *-> same as above. There is a misunderstanding. the intended meaning > here is exactly what the text says: "each element in the array > (regardless if it is a name/value pair or not, an array element as a > string counts too) can be selectively disclosed".* > > *1.2. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-1.2>Conventions > and Terminology > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-conventions-and-terminology>*: > I suggest moving the “base64url” definition to the Terms and > Definitions section and use a parallel structure to that at > https://www.rfc-editor.org/rfc/rfc7519.html#section-2. > Specifically, say “The “base64url” term denotes the URL-safe > base64 encoding without padding defined in Section 2 of > [RFC7515].” Then introduce the rest of the definitions with > the phrase “These terms are defined by this specification:” as > is done in RFC 7519. The current presentation is fairly jarring. > > *-> Current text already points to Section 2 of RFC7515. The editors > consider the current definition sufficient and clear enough.* > > > *5.2.4.2. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-5.2.4.2>Array > Elements > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-array-elements>*: > I suggest adding an example also enabling disclosing a second > array element, so that the syntax will be clear to readers. > In other words, show what “unless a matching Disclosure for > the second element is received” would look like. Or add a > forward reference showing a place that it’s done. > > *-> There is an example where all array elements are selectively > disclosed here: > https://drafts.oauth.net/oauth-selective-disclosure-jwt/draft-ietf-oauth-selective-disclosure-jwt.html#section-5.2.6-4, > which should be sufficient, since we cannot put examples for > everything everywhere.* > > *5.3. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-5.3>Key > Binding JWT > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-key-binding-jwt>*: > Change “MUST NOT be none.” to “It MUST NOT be "none".”. > > *-> Changed to “It MUST NOT be `none`.”. it is exactly the same > wording as in DPoP RFC.* > > *5.3.2. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-5.3.2>Validating > the Key Binding JWT > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-validating-the-key-binding->*: > In “if the SD-JWT contains a cnf value with a jwk member, the > Verifier could parse the provided JWK and use it to verify the > Key Binding JWT.”, change “could” to “MUST”. Make this > normative to increase interoperability! > > *-> the sentence you point at is an example, so we cannot add a > normative statement here. We changed "should" to "would" to reflect > the intent behind the suggestion. * > > *6.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1>Issuance > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>*: > There are many places from here on where the label “SHA-256 > Hash” is used, for instance “SHA-256 Hash: > jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4”. Change all of > these to “Base64url-Encoded SHA-256 Hash” for correctness. > > *-> Editors consider it to be sufficiently clear from > the specification text that it is a base64url-endoded hash. This would > also require changes to the tooling and might unintentionally make the > examples harder to read.* > > *6.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-6.1>Issuance > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-issuance>*: > Change “The following Key Binding JWT payload was created and > signed for this presentation by the Holder:” to “The following > Key Binding JWT Claims Set was created and signed for this > presentation by the Holder:”, again, to use the standard JWT > claims terminology. > > *-> payload is a commonly used term in JWT world, and here a term > payload is more appropriate since it is not only the claims set we > want to point to. * > > *8.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-8.1>Verification > of the SD-JWT > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-verification-of-the-sd-jwt>*: > Delete “nbf” from “claims such as nbf, iat, and exp” and > everywhere else in the spec, other than in *10.7. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-10.7>Selectively-Disclosable > Validity Claims > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-selectively-disclosable-val>*, > where both “iat” and “nbf” should be listed, as described in > my comment there. “iat” (Issued At) is a standard validity > claim in JWT tokens (for instance, ID Tokens), whereas “nbf” > (Not Before) is rarely used, since it is only useful when > future-dating tokens, which is rare. > > *-> "nbf" is used merely as an example here. the fact that it might be > used rarely does not mean it cannot be used as an example, since it is > a registered claim in JWT RFC.* > > *10.7. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-10.7>Selectively-Disclosable > Validity Claims > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-selectively-disclosable-val>*: > Add “iat (Issued At) to the validity claims list before “nbf”, > and change “nbf (Not Before)” to “nbf (Not Before) (if > present)”. “iat” (Issued At) is a standard validity claim in > JWT tokens (for instance, ID Tokens), whereas “nbf” (Not > Before) is rarely used, since it is only useful when > future-dating tokens, which is rare. Change all uses of “nbf” > to “iat” elsewhere in the spec. > > *-> same as above. "nbf" is used merely as an example here. the fact > that it might be used rarely does not mean it cannot be used as an > example, since it is a registered claim in JWT RFC.* > > *12. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-12>Acknowledgements > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-acknowledgements>*: > Consider sorting the acknowledgements alphabetically by last > name, which is the usual convention. > > *-> thank you for the suggestion. We considered reordering, but > ultimately decided to keep the order as-is as there does not seem to > be a strict rule that the order has to be by last name.* > > ** > > *14.2. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#section-14.2>Informative > References > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-informative-references>*: > Update the reference “[I-D.ietf-oauth-sd-jwt-vc]” to > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-04. > > *-> the reference is generated automatically. when the latest -11 of > sd-jwt will be published, it will be updated to -04 automatically.* > > *A.1. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#appendix-A.1>Simple > Structured SD-JWT > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-simple-structured-sd-jwt>*: > Change “allowing to separately disclose individual members of > the claim” to “allowing separate disclosure of individual > members of the claim”. > > *-> Editor's preference to keep the phrase as-is since it has the same > meaning.* > > *A.5. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#appendix-A.5>Elliptic > Curve Key Used in the Examples > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-elliptic-curve-key-used-in->*: > Change “The public key used to validate a Key Binding JWT can > be found in the examples as the content of the cnf claim.” to > “The public key used to validate a Key Binding JWT can be > found in the examples as the value of the jwk member of the > cnf claim.” > > *-> Editor's preference to keep the phrase as-is since it is > already clear from the text from where to get the public keys.* > > *Appendix B. > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#appendix-B>Disclosure > Format Considerations > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-10.html#name-disclosure-format-considera>*: > At the end of the paragraph introduced by “1. > Canonicalization”, consider adding the sentence > “Canonicalization schemes have a long history of creating > interoperability problems in practice.” > > *-> the suggested text is true, however it is more subjective than the > editors deem necessary in this context. it is already clear that > canonicalization approach has not been chosen because it has drawbacks.* > > Everywhere: Consider changing the name “…” to something more > indicative of its function, such as “_sd_element” or > “_sd_item”. Or alternatively, at least provide rationale for > why that non-obvious name was chosen. > > *-> we have extensively bikeshedded this claim name, and this one was > chosen because it is concise and natural since '...' is what is used > when something is omitted in a list. there seems to have been some > misunderstanding how disclosure in the arrays work, so hopefully with > the clarifications above, this claim also feels more appropriate than > before.* > > I hope that you find this review helpful in improving the > specification. I look forward to its publication as an RFC > and its widespread use! > > -- Mike > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > > > /CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). > Any review, use, distribution or disclosure by others is strictly > prohibited. If you have received this communication in error, > please notify the sender immediately by e-mail and delete the > message and any file attachments from your computer. Thank > you./_______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-leave@ietf.org > > > _______________________________________________ > OAuth mailing list --oauth@ietf.org > To unsubscribe send an email tooauth-leave@ietf.org
- [OAUTH-WG] Review of draft-ietf-oauth-selective-d… Michael Jones
- [OAUTH-WG] Re: Review of draft-ietf-oauth-selecti… Brian Campbell
- [OAUTH-WG] Re: Review of draft-ietf-oauth-selecti… Kristina Yasuda
- [OAUTH-WG] Re: Review of draft-ietf-oauth-selecti… Denis
- [OAUTH-WG] Re: Review of draft-ietf-oauth-selecti… Giuseppe De Marco
- [OAUTH-WG] Re: Review of draft-ietf-oauth-selecti… Michael Jones
- [OAUTH-WG] Re: Review of draft-ietf-oauth-selecti… Brian Campbell