Re: [OAUTH-WG] PAR and client metadata

Torsten Lodderstedt <torsten@lodderstedt.net> Fri, 17 April 2020 07:22 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFC83A0F4C for <oauth@ietfa.amsl.com>; Fri, 17 Apr 2020 00:22:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lodderstedt.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNX1RFKBB5Rj for <oauth@ietfa.amsl.com>; Fri, 17 Apr 2020 00:22:43 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0204E3A0F61 for <oauth@ietf.org>; Fri, 17 Apr 2020 00:22:37 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id k11so1833719wrp.5 for <oauth@ietf.org>; Fri, 17 Apr 2020 00:22:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lodderstedt.net; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=ym7w5RptcParAIhMSqmmmTkaWLNhaXhJftERJG0qeZ4=; b=JucI7nMY1UyXhBPtUPulveLD/Iym0xchtcKf+0BporZk2ZkbH/SNmZY30wfyUGoVHu wAUDtLx35l7bV+Eixhkge92cEhk/2MEVsJnR/xDC2IQayFLqP3b7xlsQy6CNptsuI1wp /msc98AXUt2mzpvPUP+c6SxsRztZQrW+xSvQuiuqoZFYq3lhxcyPsNamhNELcu4oaZcc ds03Fx8WYMWf00m0uEpZBJKS3MTovbUYnDeKmG6XFEFkjrgXjNpMRU+wgTkjs28IET0y Ut8/BEj95zY1ZuXTUsQYjz0nx2h30huer4g1SoiegF+ZnGJ1wJvzb7sj8wsZFEzUEdHp NFAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=ym7w5RptcParAIhMSqmmmTkaWLNhaXhJftERJG0qeZ4=; b=Wn8vDzgL3TRUPW9YQkLbhpelk8tsfnM8WuoMF4Gwbkxq/bxQ0uDQiGy9FswEd/YxAy SqvGcFW5fcd8jeMkjE3KFZiyk5Y5lIT5FA15arsoXOUSwCw4AHGhm+Qdw6ekvQdVdnbm A4vrmbi64WSf04y6LYSQvY4G57WAxLa6DT72TpjUPrXyPuq+kRydkt74flcYdn/TLWpY +5oEYQ+d73xUd6ikop2LsGqXbwRAd3bg4kJojkdCIQea+F965cnAN9owVt8t6To63dF3 2VYjpM6zuixVHZGoSH7AgnvBnggDLWqmyUFX320csYr2zdnRRjG5c1VNPjFfeMH5OiZC Y0gw==
X-Gm-Message-State: AGi0PuaKfBH7/Nap6CvcvukD3JJxPztn5fTgq6QktUwsJ/UVxliwFsIR mVpmY7oTQTApuhYVnPEKg/s0Gg==
X-Google-Smtp-Source: APiQypL/TY9n/1lmZlhdAsC7nqWPvIYuC9l+V0TTcPR2wI1RvhZHQQagwy3qxLbdCEkPPvSQdZClMQ==
X-Received: by 2002:a5d:420d:: with SMTP id n13mr2621084wrq.204.1587108154520; Fri, 17 Apr 2020 00:22:34 -0700 (PDT)
Received: from [192.168.71.111] (p5B0D9376.dip0.t-ipconnect.de. [91.13.147.118]) by smtp.gmail.com with ESMTPSA id a1sm21585968wrn.80.2020.04.17.00.22.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Apr 2020 00:22:33 -0700 (PDT)
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Message-Id: <E4844A97-1DBA-4521-BEAA-C1129FA69136@lodderstedt.net>
Content-Type: multipart/signed; boundary="Apple-Mail=_705DBA0F-2ECB-44B1-9EAA-C309612F0FC5"; protocol="application/pkcs7-signature"; micalg=sha-256
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Fri, 17 Apr 2020 09:22:32 +0200
In-Reply-To: <91a9b333-9b43-5f85-6bb2-2bb008aec4e7@aol.com>
Cc: Filip Skokan <panva.ip@gmail.com>, oauth <oauth@ietf.org>, George Fletcher <gffletch=40aol.com@dmarc.ietf.org>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
References: <CA+k3eCTHtpBD-=hZPuCwjcjc_55f-J6=RKe_OGuRW38Wnhm2Cg@mail.gmail.com> <CALAqi_9cXOiEN-i1xoQSrtBP=A8QdUYi4upjL2s4kAE0fG1p3w@mail.gmail.com> <CA+k3eCTCOa8RNqZmriDQerwVsV20K8ecSPUAObKFhT36Y6OujQ@mail.gmail.com> <91a9b333-9b43-5f85-6bb2-2bb008aec4e7@aol.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Lmqre7hbxKdWWexopbJGwcoDKuU>
Subject: Re: [OAUTH-WG] PAR and client metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Apr 2020 07:22:49 -0000

Is this really a PAR requirement? I’m asking since the client in the end is required to use an authorization request in the fron channel but with a PAR request_uri. So one could see this as a constrained on the authorisation request itself. Another question is whether this request_uri must be PAR based or whether it could be any other request_uri.

> On 16. Apr 2020, at 23:05, George Fletcher <gffletch=40aol.com@dmarc.ietf.org> wrote:
> 
> Maybe if we make it an array of authorization "flows" supported? A bit like the AS can describe whether it supports "pairwise", "public" or both?
> 
> Not sure what to name it though:) Possible values could be "redirect" and "par" (redirect not being quite right:) which allows for expansion in the future. That way the AS could easily signal whether it supports both or just one. It does mean the discovery doc is redundant in specifying that the AS supports PAR but that's probably ok.
> 
> On 4/16/20 4:50 PM, Brian Campbell wrote:
>> But do you think that an AS-wide policy
>> signal (i.e. all_yall_clients_gotta_do_par_every_darn_time : true) is
>> needed or sufficiently useful?
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth