Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata
Aaron Parecki <aaron@parecki.com> Sun, 29 January 2023 01:35 UTC
Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2704AC14CF1C for <oauth@ietfa.amsl.com>; Sat, 28 Jan 2023 17:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlanGSxdeHQy for <oauth@ietfa.amsl.com>; Sat, 28 Jan 2023 17:35:29 -0800 (PST)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02CB3C14CF1B for <oauth@ietf.org>; Sat, 28 Jan 2023 17:35:28 -0800 (PST)
Received: by mail-vs1-xe2c.google.com with SMTP id e9so1265617vsj.3 for <oauth@ietf.org>; Sat, 28 Jan 2023 17:35:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki.com; s=google; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=k4lwmU2H2OhoZnFQfSjrL3P4NbWgcwwbs5y5L866T/I=; b=eWoSkKYFhZ1iBzrLXJFVEvwzwUd9d5/wNxyeKSYCDB75Z+y29gPR5/QEUSwgpJIrBi 3KLzXUINfl1jWAkufayYnnIr4b/PGpiEE8VSz28fzm7vTJ9qYoaStPTzq9538Bxxokkr RBclvDr85TwSgg2MP8HrFN88umDiIHOuTxI7tPKrYcR0KAh8R+MaiFbFFKI9rAGTdeFL uN2e6dN+e+rQaGDFOlv4GCV+57f8cl5vvch6RGONM/OzImx/FmKYlNrJ1EhJt4O8+EqF JOqM/Et79SiXP2mGarMTu0eyiQDE+mClzjsxwJd00h2ABMB/Z7HKJSPdL4yTG3kOH7aK Pm5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=k4lwmU2H2OhoZnFQfSjrL3P4NbWgcwwbs5y5L866T/I=; b=lnHBOZEcShnVHO1BPS2el+AYBqkYHIdp+hU0gTNxiBwoaPQCxIa4gX04ujwV+BF0zL 1LrOzzrVwQji2aHtx004swmw0rVhqiL78gHCMedtQjPBz0nwTfxiUmKlV9VPyCaqJwT1 PzvVzDOdGdCaz093jt49b6ouRmPI8WtExSounzY/LP8V1BGn+HtpOiRd5M/63xP3eT+A QlQSuNr1QGPrIgmBiFVdCpexw+82XANdq4XlPOCHZg7U1V0R2ZFNeq3LXqe7ZXakYoOt ASK4wuJCQvvVKS2U1wwsTycmUcbtt9paTGCL1wgZJ2xCrVWoosBEHWkeUcy1l4tGPG77 DMEg==
X-Gm-Message-State: AO0yUKX49D6Rw86Y+bqLEFRjC5Huc/vXs7F6pThG6OUZYttO4teZoaMN ssH1RDjdmccsQ4QoZtyRLJkm/gStATFfQCQq
X-Google-Smtp-Source: AK7set8d8+R4+bhsOrtWRt5zf/UDZ9rgNM8AtgjRX6l3g2kpsjNW2muGHiSs4fOsyUDolxUw6BBPzg==
X-Received: by 2002:a67:e10e:0:b0:3f3:b2a8:bee4 with SMTP id d14-20020a67e10e000000b003f3b2a8bee4mr461440vsl.3.1674956127023; Sat, 28 Jan 2023 17:35:27 -0800 (PST)
Received: from mail-vs1-f46.google.com (mail-vs1-f46.google.com. [209.85.217.46]) by smtp.gmail.com with ESMTPSA id f14-20020ab074ce000000b00609202b3b7csm702855uaq.14.2023.01.28.17.35.25 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 28 Jan 2023 17:35:26 -0800 (PST)
Received: by mail-vs1-f46.google.com with SMTP id i188so9076933vsi.8 for <oauth@ietf.org>; Sat, 28 Jan 2023 17:35:25 -0800 (PST)
X-Received: by 2002:a67:d88c:0:b0:3ec:1029:9eab with SMTP id f12-20020a67d88c000000b003ec10299eabmr1207437vsj.68.1674956125511; Sat, 28 Jan 2023 17:35:25 -0800 (PST)
MIME-Version: 1.0
References: <CAP_qYykQfeY+a1syUDBjX+j_Oy7WgTYt5T2uDm-zaQ=MrO-CSw@mail.gmail.com> <3F59956E-4174-44BE-90AC-342233846287@alkaline-solutions.com>
In-Reply-To: <3F59956E-4174-44BE-90AC-342233846287@alkaline-solutions.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Sat, 28 Jan 2023 17:35:14 -0800
X-Gmail-Original-Message-ID: <CAGBSGjppyoH0d2iz1koH9SwOtA5dYQ03XRNLiBN5Rg1eeyrMFA@mail.gmail.com>
Message-ID: <CAGBSGjppyoH0d2iz1koH9SwOtA5dYQ03XRNLiBN5Rg1eeyrMFA@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e02a9505f35d1c8d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UOu7jwpsIQaQadpmnYN6iE62Igg>
Subject: Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2023 01:35:33 -0000
There is significant overlap between this draft and the concepts brought to the OAuth WG at the last IETF meeting by Ben Schwartz, which he also presented to the HTTPAPI WG. After that meeting, I volunteered to work with Ben on adapting his concepts to a model that would fit better within the OAuth framework. I published an early draft, which I am planning on presenting at the next IETF meeting. https://datatracker.ietf.org/doc/draft-parecki-oauth-authorization-server-discovery/ During the HTTPAPI and OAuth sessions at IETF 115, there were many concerns expressed by various people in the groups about establishing and enabling this kind of relationship, which would also apply to this Resource Metadata draft. I believe there should be further discussions about the concepts described here as well as how best to enable other working groups to take advantage of this kind of relationship between an RS and AS before adopting this particular draft. Aaron On Sat, Jan 28, 2023 at 5:21 PM David Waite <david= 40alkaline-solutions.com@dmarc.ietf.org> wrote: > I support adoption by the working group. > > -DW > > On Jan 24, 2023, at 2:38 AM, Giuseppe De Marco <demarcog83@gmail.com> > wrote: > > Hello everybody, > > I would like to bring to your attention this expired draft: > https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ > > I propose the take up this individual draft for its adoption as an > official internet draft. > The reason I ask this is that there are implementations of this draft born > with the need to have metadata for entities of type RS. > > The implementation of which I am aware concerns the Italian "Attribute > Authorities" [0]. OpenID Federation draft also defines the metadata of the > oauth_resource type [1], taking up the elements defined in the draft in > question. Recently, an interesting reflection seems to have arisen also in > OpenID4VCI/OpenID4VP [2]. > > Thank you for your attention, I hope to read your valuable feedback soon, > best > > [0] https://italia.github.io/spid-cie-oidc-docs/en/metadata_aa.html > [1] > https://openid.net/specs/openid-connect-federation-1_0.html#section-4.7 > [2] > https://bitbucket.org/openid/connect/issues/1781/do-new-entity-types-required-for-oid4vp > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] OAuth 2.0 Protected Resource Metadata Giuseppe De Marco
- Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Mike Jones
- Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Dick Hardt
- Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… David Waite
- Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Aaron Parecki
- Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Rifaat Shekh-Yusef