Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-03.txt
Sergey Beryozkin <sberyozkin@gmail.com> Fri, 19 December 2014 23:13 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F3B1A90AE for <oauth@ietfa.amsl.com>; Fri, 19 Dec 2014 15:13:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dk_Bo2Z2Mqb7 for <oauth@ietfa.amsl.com>; Fri, 19 Dec 2014 15:13:06 -0800 (PST)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FCEC1A90AC for <oauth@ietf.org>; Fri, 19 Dec 2014 15:13:06 -0800 (PST)
Received: by mail-wg0-f50.google.com with SMTP id a1so2527369wgh.37 for <oauth@ietf.org>; Fri, 19 Dec 2014 15:13:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=Pwj1c3SMSMD8G1fuQLgvSCVhRCDR6sWvYMF7bRjXw7g=; b=m5yncr47agWNosv9MbwHzIEgvmzC3BXQC1mjLSSV3NoC6YZ670k4qmJo6ydlhrtWwz yGT4EBrZ5tf8Fw63c0D71wJJSzNfPEQx8S6dxADjW8Dahl9Wq4oG4XMpcI6brd1qDMy4 VB4C43UCV4fX88vYYhpyupajB/bNTJqvp4u8NBei9VLsgDkEiHEGE6Mj7H9dYK9xQoLC MgJIFMNscqeB+MsG6A6c0kG6pZ5rmZUDdm7n+73Ii0vwcXqmox1GULgDtgr/+9bKwOgO 98qQJDC8m6G+JyGYQay1Jo4yKk/PczKXxmZAQt2cQz4dRKxfWR+mydhYaZPcFVeWvw4s 7x9A==
X-Received: by 10.180.228.37 with SMTP id sf5mr10110783wic.35.1419030785240; Fri, 19 Dec 2014 15:13:05 -0800 (PST)
Received: from [192.168.2.7] ([109.255.230.137]) by mx.google.com with ESMTPSA id n4sm1792985wia.7.2014.12.19.15.13.04 for <oauth@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Dec 2014 15:13:04 -0800 (PST)
Message-ID: <5494B0FE.4010900@gmail.com>
Date: Fri, 19 Dec 2014 23:13:02 +0000
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <20141207033213.26273.31418.idtracker@ietfa.amsl.com> <1416B7A5-2CCE-4E6F-B9CB-56C606076DD3@mit.edu> <32999E7E-459F-44C1-916C-67318C3968F8@mit.edu> <54871C72.60006@gmail.com>
In-Reply-To: <54871C72.60006@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Q1XWjYdza1RWe5-7oOd8o5lZNoc
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Dec 2014 23:13:09 -0000
Hi Justin returning a client public/confidential status may be useful in case RS chooses to allow for a more restricted access to public clients in cases where both public & private clients are accepted Thanks, Sergey On 09/12/14 15:59, Sergey Beryozkin wrote: > Hi Justin > > IMHO the section 2.1 [1] requires more work. > > First, "resource_id". Having such a parameter does not add anything to > the interoperability side of the spec. It is a "server specific > string..." which may be anything and as such a 3rd party AS is unlikely > to do any work around this parameter unless both RS and AS are from the > same provider. > IMHO it either has to be dropped, the text "The endpoint MAY allow other > parameters to provide further context to the query" covers whatever else > that server may want to add or attach some more specific meaning to it. > Besides that, the MUST authentication requirement covers properly a > possible RS identification requirement. > I'd rather have a "resource_id" representing an RS base address or > better, a current request URI, which in combination with an optional > client_ip can help AS to make a more specific introspection action. > > I also suggested to promote a parameter like "client_ip". Just referring > to a possibility of RS reporting a client IP adress does not help > improving the interoperability either with respect to RS and AS offered > by different providers working with a client IP property > > Thanks, Sergey > > > > [1] > http://tools.ietf.org/html/draft-ietf-oauth-introspection-03#section-2.1 > > > > On 07/12/14 03:38, Justin Richer wrote: >> … and I just noticed hanging text at the top of section 2.2 due to the >> JWT claims edit. My working copy has removed the extraneous text >> “Several of these”. >> >> Also, as always, latest XML is up on GitHub: >> >> https://github.com/jricher/oauth-spec >> >> — Justin >> On Dec 6, 2014, at 10:34 PM, Justin Richer <jricher@mit.edu> wrote: >> >>> Small update to introspection, now the returned values reference the >>> JWT claims specifically (as requested). Also updated the HTTP and >>> HTML references. >>> >>> No normative changes. >>> >>> — Justin >>> >>> On Dec 6, 2014, at 10:32 PM, internet-drafts@ietf.org wrote: >>> >>>> >>>> A New Internet-Draft is available from the on-line Internet-Drafts >>>> directories. >>>> This draft is a work item of the Web Authorization Protocol Working >>>> Group of the IETF. >>>> >>>> Title : OAuth 2.0 Token Introspection >>>> Author : Justin Richer >>>> Filename : draft-ietf-oauth-introspection-03.txt >>>> Pages : 12 >>>> Date : 2014-12-06 >>>> >>>> Abstract: >>>> This specification defines a method for a protected resource to query >>>> an OAuth 2.0 authorization server to determine the active state of an >>>> OAuth 2.0 token and to determine meta-information about this token. >>>> OAuth 2.0 deployments can use this method to convey information about >>>> the authorization context of the token from the authorization server >>>> to the protected resource. >>>> >>>> >>>> >>>> The IETF datatracker status page for this draft is: >>>> https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/ >>>> >>>> There's also a htmlized version available at: >>>> http://tools.ietf.org/html/draft-ietf-oauth-introspection-03 >>>> >>>> A diff from the previous version is available at: >>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-03 >>>> >>>> >>>> Please note that it may take a couple of minutes from the time of >>>> submission >>>> until the htmlized version and diff are available at tools.ietf.org. >>>> >>>> Internet-Drafts are also available by anonymous FTP at: >>>> ftp://ftp.ietf.org/internet-drafts/ >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
- [OAUTH-WG] I-D Action: draft-ietf-oauth-introspec… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-intro… Justin Richer