IETF Logo Mail Archive

Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)

Francesca Palombini <francesca.palombini@ericsson.com> Tue, 30 November 2021 18:43 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D012B3A149D; Tue, 30 Nov 2021 10:43:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lLYiEP_RWSMU; Tue, 30 Nov 2021 10:43:00 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20056.outbound.protection.outlook.com [40.107.2.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A72B23A149C; Tue, 30 Nov 2021 10:42:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jQx0hCBXsbkS9B5pcDnibEaNXw8rvuYNQh5r+Evnj7uI6d2BbNg/UpSHWddYd7KtFtPJDfbOlM+eNppSZLtoAZ3A2QTGbTJhdY2PZHtfhFDekl+IlFSK3A4KnYQ1OhL3SbApR0pH4MeH4ADtJoCCYd9urV4CWM3G71rsWAh0HNl+2puGkqBpyPtSmKcDIjzHzvFoIBqOsvxECZxJ9ThwnjJqib+7+Q9RE0o9LJ7UV1qeFxL/eDaNxtcExAhK4l7ev9dlh5vOJJ6Jd/NhlV0+H043FIZDK3QQ2LO1K+vmwKULQ9wOzeowwFHezZXxC5mQkgao2GU9BFFm4ql1R4VuzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ejtT7U8T2b93bAHH5pVV9YAQvFw9KywNDfy950OPblc=; b=jB3gPjLVsWx/WL2Zi5okBlOwTd5H4B8DtNPwfZ7AaerrHGKybrIzmLOKsAD3RE45IpSNstCazsueuj7gvOLXTdhEV6hHrpwkgzrsvvvZSfobDKTay/9DOgczA3C2iVqVV0wWFLqpaEh6YvFOOnNqA/CHQ3sasyDccWdgzZozLtjeXoS6o9AuWVqEUNhyMfR/L+eo/U0n71iE3qq9PFmWcaDiYTZhbyLZZ3Uj4RzJtSVPoC/uSKEallpKX6drvQMo0k4evs64wlcNrbKX1LbXA8YVYV+iCX2VD6znAckf3g/q0uy2LokSlvzkpeM9gmVFknnkLK8wpAjOAHfi1R6S9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ejtT7U8T2b93bAHH5pVV9YAQvFw9KywNDfy950OPblc=; b=cn/v3TzXOrzziYYHOhQvpFkohdTAZudS3IRCFML3B157gG71G6919DwTpPPdbaNm/yerWLe8fyY+tfhxrXNgEcZNTNoUwXl+Z7spLEVPiOol7+5fYRbHey57WG0IrhA93m8AHB77zSji2jC6Z9zdSyMAL8Lr7RUilMOVq+syQmc=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0702MB3692.eurprd07.prod.outlook.com (2603:10a6:7:81::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.17; Tue, 30 Nov 2021 18:42:56 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::cdd0:1e2:cd0b:790f]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::cdd0:1e2:cd0b:790f%7]) with mapi id 15.20.4755.011; Tue, 30 Nov 2021 18:42:56 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Brian Campbell <bcampbell@pingidentity.com>, Warren Parad <wparad@rhosys.ch>
CC: The IESG <iesg@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>, "draft-ietf-oauth-iss-auth-resp@ietf.org" <draft-ietf-oauth-iss-auth-resp@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>
Thread-Topic: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
Thread-Index: AQHX5Wca5efn0JJBwkm58DRedf5tXawcZj2AgAACJsU=
Date: Tue, 30 Nov 2021 18:42:56 +0000
Message-ID: <HE1PR07MB42177636B01D3A4492D837AA98679@HE1PR07MB4217.eurprd07.prod.outlook.com>
References: <163822088838.18976.10538179060671617456@ietfa.amsl.com> <CA+k3eCTNzy89q6-w_1b2dzk+FKk0DuMONtE3cFRYYnNn1BdTcQ@mail.gmail.com>
In-Reply-To: <CA+k3eCTNzy89q6-w_1b2dzk+FKk0DuMONtE3cFRYYnNn1BdTcQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4236c35a-ad0d-4994-fa5e-08d9b43139cd
x-ms-traffictypediagnostic: HE1PR0702MB3692:
x-microsoft-antispam-prvs: <HE1PR0702MB3692086DD1C82777747963E598679@HE1PR0702MB3692.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hx4EicXt0f1dUCJqhKNkdkB9tIJ+3BwflU/hhL60S55e10MnXt/X/mhlK/ojGire9mUZ+xkwaQJI7s7PYn85bhtpWpFSMSFfUP+/cVyLHT3AaiJNGQx7z+0FFALbDe0nglkO1ENdIsADNwA89zA8hJoh7Y7b/tqOp//BRCHmJrtIdlX0ErdtHmB97yV73FARvnBe0DjrcLvWI9KeKqz03I/lyX4yRRNtGLLiE8WgflNoF4Fyp8lfQeFKPuuZlraECMnEo6YbBmnH9oYVlqHTMwSKiWvjKbsCkMmW+UBSPVghVR9A7sptRHY5eOy79OEsLPhFQNWBHUfeNA65rMxh97uz6yCthxTOdfuDMMBo8tXfOijkyjlLVuor/b0FGI2DfDn8hwTV2bIgTgOdV9D1j4ZbupXH0NRuTCKjjIOqH9y7YcH4xS5JtV9MXgL+gS9jYuKCGvo06Q5EBoizXZpvrxOzNUYumQqs5p+C7HI3gSdC63+CYin2kskamY2n81FVMJ2Ym08zqIVhKOEmz2aEgWGYHEW1RucifhuUDsveWb1JvzqkbSuM/59K1XH5jbRc/7ldjE868LhLmb8OOgh6qfdC+kohrXjG5S87M4+jiyX/my7wi6+w6K5agIaUbWwgilNCg8JThZ2sedbO4e248sZa7aQ3CMAqkHBtpJgDA7KlizB8oUcfmh5sqoFWqvlC8lvW3mVBbs9YUUtHRY70+fDjk4jfJn1iCxJqRpFQhjotKbXCAdhEfH2QdVr56LCJZCRRyoZ62N4C8pS1+Tb3/HvapGQa/asSG8v+i50+ARM/c7uIU+hr+Zs+Mir+zxgI7spDvVB5kGPOe5cQ55SrHQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(53546011)(83380400001)(66946007)(6506007)(91956017)(71200400001)(66446008)(44832011)(4326008)(76116006)(66556008)(9686003)(186003)(122000001)(66476007)(2906002)(8936002)(316002)(38100700002)(52536014)(966005)(110136005)(166002)(33656002)(5660300002)(7696005)(64756008)(82960400001)(86362001)(8676002)(54906003)(55016003)(38070700005)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: ShfnQjAdCC/sOadHTiaysdfhWa2gOX58L5eAFIwUr8EZ7j6/07u9lSVUA10gfDzq5cvkx+t3zlYZctO0GFOGFo6f58tU8CIyHDgwZWvErN9cN6TNHS7wW6b953tmBL0TQQXaTGszzw76KL8Pt1rvcg1PkBulq9k942ui6DAHO3Wr1p/D4NDQ+UOa2V0CXMDaDxo+VuvV8qHNDVYuD6QsjdIRzvL0rL5Ba2T5wn78VgSkyUa2hxtrs/loHeaioaTh+P1zkGqDeV6dteL5Gomcc3MEgmBSq5pQeNs+nLm73heCT1QQY9APgHQVJVpNT0pBzHjW4G/uFxpXZecSmWBe0RHg4ZQN7QhaKl4VhQW7yzL0hAJnCBQCVVbl/+0Dq0E7Gr7RSU1FETGuM0cvnk5aVwfsOvs1v3lcQKamYMrwI4HrltMfzZTEyqvRgu5AzNcgAgdeAPQwJvZC2JUp88iYRGz4jLGt9KcmLe79VNSRFU8KeP83YRgAP4Kziw4CYlB+GdL+bu5Q7EYstGXcMEPymBcQR+2MMPzy0JgeFSxI/pUjuDqxnRdHfNK8N+lWuq6W6g5lQCUyW4X7mqOeTR5b0/laixKdFkas0sylLssvL2oowsE4vJepY8KwuO/hf+HIt1zdO1QwKhPt/Wao9kqCTHtOJsnHeHDjsbtCRItfONvP0p4UQLg6mDJQreABQIT0Aq/eq+l2lNPkPsPRYJRaDTPh4UtqFrFzN/4W8rUNOqUpG5NJ5j/Qrbz65ixEuWxApE0HMw8rOP5bii0pVOXF6qZYGOGirfnnFs/IZBmxAnbRY1OTAWYCiS9gKgEtlX8EFuaBJIKaSJt+NXY5tOyy9Q4zBZJQz1uwU4IpT/uUq1WGXNaimXbpC3k8sSXUrzFaBacoYoYMq5Juy7/vbH2A/4TzL2tOQ4bZtlZSAamNhUBlLug+OJMkemX51LZhezhMx/VAfyr3f70hvsdQiGUl3ouIO+FckZJXBct/VaxpsNiQd6isaicO5ScSWUz7NjB+6TZ8+Bkk6lnVed22RLeymgiaLP6bCLSLsT9+K61H7H9wMQNoOyzqjQhaUkX55B2AMQJbs6pW4VXlUjJP5FS/ZtqYG+txt/xg1+4do6uy+wcPvwMTRNciG3LtbPQBN5ROz0SiMNnIZaR2nLqMdcp8L1jw8/6kt1nixrgiu4jxMj2EZmoXl+M6IEyss9W4q+fJnx+0Agzlb6R8G9frV0cD53zXBtT1Phxl5eUR/MlrCR92kvCs8rbq6AGe/bOuhIXLUShOjIRw2LerjpzfDWTKX6xB6roSu0Tr3ehJjSTUwR2xB7JmqEkQAuYUDK7HvCaqcmFNCirNBk0Kk4yYO6ltHVrMX/XvWPsfxlQS2OswD5nhilnbNhksmeV7DVcJUNEpK20aU9KlYuzST9crmuAdvLwwud3toThgNnDOU3CGg+dV6/AvfyBpXMGm1cMjnM6nD74Zf9gtSv4zlwI4Xqzm7gMtM6tgbNAtPijnwUEdrNfBAJbmZiBvEfF6oNoLPwG0qk61sx6Js8/EkSdZNYvCmRfrWfodj4rteAyQnZQMrqQOmoSC7EabM12cojdlk96m7mInAMEPLhuDizE1ZnGsIuwVHQoNowM0PaDuQ1uiF+pPAIrNcnl9EkinSDfamiI4OMOMmBMFyNQa6O9T1eNOmBLmChwY1n3ZTYcPKu14kQh0PvcfWcDIc2d6THiPmC6erWYcoVWPG2yn8/d5CRiuIbJpnsG6TIAz7Kh7qOpBSA3MGBw0eOi/x1UXdsl4hYZi2Qk7igJ3
x-ms-exchange-antispam-messagedata-1: iec/dDgSq1ANFp9NpnH3QzGpt8WZ1rHQPWM=
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB42177636B01D3A4492D837AA98679HE1PR07MB4217eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4236c35a-ad0d-4994-fa5e-08d9b43139cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2021 18:42:56.4004 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mFZT+HphpbypeXkUasCyT1re2sPNIAwmGy2L2IvB0oTHYZ36nZD5lM32XBZMgJIwF16M9RUPsmkHK76tQhN4JA7VDRjNjcaAkD9UykpzTzcI5DIDM3RHwRnX7pnVnqkJ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3692
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/LnQf0Ewk56XWJxJAighwfgzUntw>
Subject: Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2021 18:43:06 -0000

Hi Warren, Brian,

Thanks for your feedback, and for confirming that the semantics of the existing “iss” match those of the draft. In that case, I agree with you that the best resolution is to merge the two (so – update the existing registration so that it also points to this document, and indicates it can also appear in the authorization response).

I’ll remove my DISCUSS when the IANA update is done.

Thanks,
Francesca

From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tuesday, 30 November 2021 at 19:32
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: The IESG <iesg@ietf.org>, oauth@ietf.org <oauth@ietf.org>, draft-ietf-oauth-iss-auth-resp@ietf.org <draft-ietf-oauth-iss-auth-resp@ietf.org>, oauth-chairs@ietf.org <oauth-chairs@ietf.org>
Subject: Re: [OAUTH-WG] Francesca Palombini's Discuss on draft-ietf-oauth-iss-auth-resp-03: (with DISCUSS)
I strongly believe the use of 'iss' as the parameter name here is correct and appropriate. This draft isn't using it for something different - the parameter carries an identifier for the sender of the message, which is consistent in the context of use with the existing registry entry.

Codifying the parameter name is central to the value of this draft and there are existing implementations/deployments using it. Changing the name now would be a breaking change with significant ramifications on interoperability.

The organization of the registry is arguably less than ideal, yes. But that shouldn't force an unnecessary and costly change onto this simple draft that's addressing a real need. This draft should update the existing entry for 'iss' rather than replace it.

On Mon, Nov 29, 2021 at 2:21 PM Francesca Palombini via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
Francesca Palombini has entered the following ballot position for
draft-ietf-oauth-iss-auth-resp-03: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thank you for the work on this document.

Many thanks to Julian Reschke for the ART ART review:
https://mailarchive.ietf.org/arch/msg/art/XfLbtK1eLb7s0Z6e_AqGgkoWny0/.

I have one DISCUSS point that has to do with IANA considerations, and is
hopefully easy to resolve.

Francesca

1. -----

FP: I am sure the Designated Expert will bring this up, but "iss" is already
defined as a OAuth Parameter, for authorization requests. I don't think it's a
good idea to use the same parameter name, although in a different message of
the exchange, for something different, as the registration defined in Section
5.2 seems to imply. I strongly recommend to change the name in this document.
Or, if we can agree that the meaning is similar enough to the original "iss",
merge the two IANA registrations (this would not be my preferred choice).





_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.

v2.23.0 | Report a Bug | By Email