Re: [OAUTH-WG] Transaction Authorization
Aaron Parecki <aaron@parecki.com> Sat, 20 July 2019 00:03 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90AC4120041 for <oauth@ietfa.amsl.com>; Fri, 19 Jul 2019 17:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Iunw_5mG1-9 for <oauth@ietfa.amsl.com>; Fri, 19 Jul 2019 17:03:20 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43A3B120033 for <oauth@ietf.org>; Fri, 19 Jul 2019 17:03:20 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id e20so31616762iob.9 for <oauth@ietf.org>; Fri, 19 Jul 2019 17:03:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G4UvqKHWA6R7nJUCDolGMqFns+FYH0Z5wdUbHcBuL6s=; b=q9srlFMXetAkNbYPfnC6v4ZYYnVNccFqkOXyMsTla+jnTHYO77rPGwx52B4mr0wavl eYh9eTLU6zpZ8ZL00HLlnQKzrLTunEtSqsKO04VVDJnsz+xHCjkbzJZHo3FLcnQ7brLT yRw+sWFtScw54RM/Q7ozo1LUNv1F6h3GCjcUaasNvYyoTQC4oSkXP9C1Q0xthoCK4XNs LIpVbEYtVXZu81Ty2ZZ41PiThsyL3KEex+na4uroZ5zYciZJIbS/Bn+oCmjSQXQ1D5gE 1A4jOothP9qJe33cjJo1IUB0mwOE2bHA4rjja7jf+NjIFj75kXmUC1bDJ6CcjTJx3zBq iW4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G4UvqKHWA6R7nJUCDolGMqFns+FYH0Z5wdUbHcBuL6s=; b=PMlit2EEt1tgvYT+jkuoWcYbZw1yqt7rdRmXHE0Z+DnMFlxcAD7akv3TlBw5fngeQr Z8mMZEdMzhhG5HihijlZh+0bR1kG5S8RgchEudhznHnZRB1B+ovypDR0h3+eLPhNwKjU 4un/rRfvSvJ7zXmpyToTTxteFGU1fw19S7lS12Bo4xqM+3OLCjEBX6Zxq+J2SWUgM3T8 ct0BgMS72QOiKpLaV9c7iKX8rupcclI5Vxb2nPtAOUszvdFJva+ZmcZaFt1tAiEqOt+3 oGfOyGm0NZb/XgJOHTUbPZtklNl0QPEyKnP8RxtP4e14650ZgPNaOVbmqz/OxtvrEk80 +AVA==
X-Gm-Message-State: APjAAAWPsQEIcQ/t0bqm7+Fx4f55xdCVAxPRxs4yS3+AiS/FHrcTkPJ3 vUPPAK+Vi5e/a7T/cB/qY3QD95DO
X-Google-Smtp-Source: APXvYqzDVAowGuF0gsDpdXaKTMAGmvfNvIt6MOYcMMlGLUF52BdIRiWDp9+S/G8tS7AyPc6uLowgcQ==
X-Received: by 2002:a6b:ba88:: with SMTP id k130mr49747905iof.212.1563580998868; Fri, 19 Jul 2019 17:03:18 -0700 (PDT)
Received: from mail-io1-f44.google.com (mail-io1-f44.google.com. [209.85.166.44]) by smtp.gmail.com with ESMTPSA id r5sm29504787iom.42.2019.07.19.17.03.17 for <oauth@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2019 17:03:17 -0700 (PDT)
Received: by mail-io1-f44.google.com with SMTP id k20so61939067ios.10 for <oauth@ietf.org>; Fri, 19 Jul 2019 17:03:17 -0700 (PDT)
X-Received: by 2002:a5e:db0a:: with SMTP id q10mr35579587iop.168.1563580997656; Fri, 19 Jul 2019 17:03:17 -0700 (PDT)
MIME-Version: 1.0
References: <BD2D90C8-B629-4955-A22C-6E80E6390EEE@mit.edu>
In-Reply-To: <BD2D90C8-B629-4955-A22C-6E80E6390EEE@mit.edu>
From: Aaron Parecki <aaron@parecki.com>
Date: Fri, 19 Jul 2019 19:02:49 -0500
X-Gmail-Original-Message-ID: <CAGBSGjr+kfiavvzhPDF2SaBLDAjusoOGjvgTA85FadM+s_2u=A@mail.gmail.com>
Message-ID: <CAGBSGjr+kfiavvzhPDF2SaBLDAjusoOGjvgTA85FadM+s_2u=A@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f16999058e119169"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/NxQZEswEIiYS56bvrp_ejHHeycQ>
Subject: Re: [OAUTH-WG] Transaction Authorization
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2019 00:03:22 -0000
Hi all, I'm looking forward to the discussion on this on Tuesday!
I wanted to add my thoughts on a potential addition to this draft,
specifically around returning some minimal user information in the
transaction response.
The summary of the suggestion is to return a new "user" key along with the
access token that contains the user ID and userinfo endpoint, such as:
{
"access_token": {
"value": "UM1P9PMHKUR64TB8N6BW7OZB8CDFONP219RP1LT0",
"type": "bearer"
},
"user": {
"id": "5035678642",
"userinfo": "https://authorization-server.com/user/5035678642"
}
}
A more detailed analysis of the specific proposal and motivation behind
this is available on my blog:
https://aaronparecki.com/2019/07/18/17/adding-identity-to-xyz
Thanks!
----
Aaron Parecki
aaronparecki.com
@aaronpk <http://twitter.com/aaronpk>
On Tue, Jul 9, 2019 at 2:48 PM Justin Richer <jricher@mit.edu> wrote:
> I have requested time to present Transactional Authorization (the XYZ
> project) at the Montreal meeting in a couple weeks. Ahead of that, I’ve
> uploaded a new version of the spec:
>
> https://tools.ietf.org/html/draft-richer-transactional-authz-02
>
> Additionally, I’ve updated the writeup and examples on https://oauth.xyz/
>
> I plan to be in Montreal for the whole week, and I’ve requested from the
> chairs that I present during the Tuesday session due to limited
> availability of some key WG members on Friday.
>
> — Justin
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
- [OAUTH-WG] Transaction Authorization Justin Richer
- Re: [OAUTH-WG] Transaction Authorization Aaron Parecki
- Re: [OAUTH-WG] Transaction Authorization Neil Madden
- Re: [OAUTH-WG] Transaction Authorization Dick Hardt
- Re: [OAUTH-WG] Transaction Authorization Dick Hardt
- Re: [OAUTH-WG] Transaction Authorization Neil Madden
- Re: [OAUTH-WG] Transaction Authorization Nat Sakimura
- Re: [OAUTH-WG] Transaction Authorization Dick Hardt
- Re: [OAUTH-WG] Transaction Authorization Neil Madden
- Re: [OAUTH-WG] Transaction Authorization Justin Richer
- Re: [OAUTH-WG] Transaction Authorization Justin Richer
- Re: [OAUTH-WG] Transaction Authorization Justin Richer