Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg
Justin Richer <jricher@mit.edu> Wed, 18 February 2015 17:38 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BAC1A8878 for <oauth@ietfa.amsl.com>; Wed, 18 Feb 2015 09:38:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.61
X-Spam-Level:
X-Spam-Status: No, score=-3.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_62=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fy74PXIK2CBc for <oauth@ietfa.amsl.com>; Wed, 18 Feb 2015 09:37:59 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70A141A1BA2 for <oauth@ietf.org>; Wed, 18 Feb 2015 09:37:59 -0800 (PST)
X-AuditID: 1209190c-f79696d000005933-7b-54e4cdf6fa22
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id B3.A4.22835.6FDC4E45; Wed, 18 Feb 2015 12:37:58 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t1IHbv6x016785; Wed, 18 Feb 2015 12:37:57 -0500
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t1IHbtKm002675 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 18 Feb 2015 12:37:56 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_8C5B83EC-809E-408E-9D05-616208FEB0EB"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <CAHbuEH4Pa6N5YMP=5f0W24nPsQ8aGPqL8sHOaspE5A1K8Gui4Q@mail.gmail.com>
Date: Wed, 18 Feb 2015 12:37:55 -0500
Message-Id: <DC682515-BCFD-42B8-9765-BD8EF32DDBD2@mit.edu>
References: <CAHbuEH587HcqaqTMrmLPXQimRAaS2j1Uv+BC-0UHeyBwC8+3Uw@mail.gmail.com> <54DC2CB1.8090400@mit.edu> <D3644538-EF35-476B-8158-270C8FC21647@oracle.com> <4E1F6AAD24975D4BA5B1680429673943A222C933@TK5EX14MBXC290.redmond.corp.microsoft.com> <CAHbuEH5NUcQ5Q30yj80OSBe4epaarpkFroyM_Yfp5-thkMJBgA@mail.gmail.com> <1766F429-C82D-471D-BCE9-F8E5F234CE3C@ve7jtb.com> <CAHbuEH4Pa6N5YMP=5f0W24nPsQ8aGPqL8sHOaspE5A1K8Gui4Q@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.2070.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprJKsWRmVeSWpSXmKPExsUixG6novvt7JMQgz+/BSwaduZbnHz7is1i 9d2/bA7MHjtn3WX3WLLkJ5PH7dsbWQKYo7hsUlJzMstSi/TtErgyjqz4xVSw3K5iVcNl9gbG S2ZdjJwcEgImEh37OlkhbDGJC/fWs4HYQgKLmSRO/LXpYuQCsjcySqxcDFIE4jxkkpg65RIz SBWzQILEn39PGEFsXgEDibmnvjCB2MIC5hL/H9wBs9kEVCWmr2kBszkFAiWO3X0MtoEFKD55 822oOe4STXOXsEHMsZLY07CABWLZOmaJO03vwIpEBCwk1jR/AyriADpVXqJnU/oERoFZSM6Y heQMiLi2xLKFr5khbE2J/d3LWTDFNSQ6v01kXcDItopRNiW3Sjc3MTOnODVZtzg5MS8vtUjX UC83s0QvNaV0EyMoBjgleXYwvjmodIhRgINRiYe3g+lJiBBrYllxZe4hRkkOJiVR3tXHgUJ8 SfkplRmJxRnxRaU5qcWHGCU4mJVEeHfsA8rxpiRWVqUW5cOkpDlYlMR5N/3gCxESSE8sSc1O TS1ILYLJynBwKEnwPj8D1ChYlJqeWpGWmVOCkGbi4AQZzgM0nPksyPDigsTc4sx0iPwpRkUp cV5VkIQASCKjNA+uF5aiXjGKA70izBsOUsUDTG9w3a+ABjMBDZ7/5xHI4JJEhJRUA+NEG32x nw891n8TDolfzm/josSv4rNhs9PXshVGC3VF3z2v9uhZM/PuBvvualbT2T6bcvLvLPub5Xd2 3s3XjWvUmIOqnixjT9t/NC/jW9mKg1+9Y8IkBJ+pvJpW4F922VVWbFXHP1dJxc25gs7vPcIk VOyzkvjltmR8SOm71KsiruSj0P94khJLcUaioRZzUXEiAGS8Vt8sAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/KmsjgBiEIE3Zc7TDkoS8y8MTw-Y>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 17:38:02 -0000
I’ll incorporate this feedback into another draft, to be posted by the end of the week. Thanks everyone! — Justin > On Feb 18, 2015, at 10:30 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > > > On Wed, Feb 18, 2015 at 10:07 AM, John Bradley <ve7jtb@ve7jtb.com <mailto:ve7jtb@ve7jtb.com>> wrote: > snip >> On Feb 18, 2015, at 6:46 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com <mailto:kathleen.moriarty.ietf@gmail.com>> wrote: >> >> > The client_id *could* be short lived, but they usually aren't. I don't see any particular logging or tracking concerns using a dynamic OAuth client above using any other piece of software, ever. As such, I don't think it requires special calling out here. >> >> Help me understand why there should not be text that shows this is not an issue or please propose some text. This is bound to come up in IESG reviews if not addressed up front. >> > > The client_id is used to communicate to the Authorization server to get a code or refresh token. Those tokens uniquely identify the user from a privacy perspective. > It is the access tokens that are sent to the RS and those can and should be rotated, but the client)id is not sent to the RS in OAuth as part of the spec. > > If you did rotate the client_id then the AS would track it across rotations, so it wouldn’t really achieve anything. > > One thing we don’t do is allow the client to specify the client_id, that could allow correlation of the client across multiple AS and that might be a privacy issue, but we don’t allow it. > > Thanks, John. It may be helpful to add in this explanation unless there is some reason not to? > > John B. > > > > > -- > > Best regards, > Kathleen > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Justin Richer
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Phil Hunt
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Mike Jones
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Justin Richer
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Phil Hunt
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg John Bradley
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Justin Richer
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Hannes Tschofenig
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Hannes Tschofenig
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Sam Hartman
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Mike Jones
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Bill Burke
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Mike Jones
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg John Bradley
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg John Bradley
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Justin Richer
- Re: [OAUTH-WG] AD review of Draft-ietf-dyn-reg Kathleen Moriarty