IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata

Aaron Parecki <aaron@parecki.com> Sun, 29 January 2023 01:35 UTC

Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2704AC14CF1C for <oauth@ietfa.amsl.com>; Sat, 28 Jan 2023 17:35:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlanGSxdeHQy for <oauth@ietfa.amsl.com>; Sat, 28 Jan 2023 17:35:29 -0800 (PST)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02CB3C14CF1B for <oauth@ietf.org>; Sat, 28 Jan 2023 17:35:28 -0800 (PST)
Received: by mail-vs1-xe2c.google.com with SMTP id e9so1265617vsj.3 for <oauth@ietf.org>; Sat, 28 Jan 2023 17:35:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki.com; s=google; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=k4lwmU2H2OhoZnFQfSjrL3P4NbWgcwwbs5y5L866T/I=; b=eWoSkKYFhZ1iBzrLXJFVEvwzwUd9d5/wNxyeKSYCDB75Z+y29gPR5/QEUSwgpJIrBi 3KLzXUINfl1jWAkufayYnnIr4b/PGpiEE8VSz28fzm7vTJ9qYoaStPTzq9538Bxxokkr RBclvDr85TwSgg2MP8HrFN88umDiIHOuTxI7tPKrYcR0KAh8R+MaiFbFFKI9rAGTdeFL uN2e6dN+e+rQaGDFOlv4GCV+57f8cl5vvch6RGONM/OzImx/FmKYlNrJ1EhJt4O8+EqF JOqM/Et79SiXP2mGarMTu0eyiQDE+mClzjsxwJd00h2ABMB/Z7HKJSPdL4yTG3kOH7aK Pm5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=k4lwmU2H2OhoZnFQfSjrL3P4NbWgcwwbs5y5L866T/I=; b=lnHBOZEcShnVHO1BPS2el+AYBqkYHIdp+hU0gTNxiBwoaPQCxIa4gX04ujwV+BF0zL 1LrOzzrVwQji2aHtx004swmw0rVhqiL78gHCMedtQjPBz0nwTfxiUmKlV9VPyCaqJwT1 PzvVzDOdGdCaz093jt49b6ouRmPI8WtExSounzY/LP8V1BGn+HtpOiRd5M/63xP3eT+A QlQSuNr1QGPrIgmBiFVdCpexw+82XANdq4XlPOCHZg7U1V0R2ZFNeq3LXqe7ZXakYoOt ASK4wuJCQvvVKS2U1wwsTycmUcbtt9paTGCL1wgZJ2xCrVWoosBEHWkeUcy1l4tGPG77 DMEg==
X-Gm-Message-State: AO0yUKX49D6Rw86Y+bqLEFRjC5Huc/vXs7F6pThG6OUZYttO4teZoaMN ssH1RDjdmccsQ4QoZtyRLJkm/gStATFfQCQq
X-Google-Smtp-Source: AK7set8d8+R4+bhsOrtWRt5zf/UDZ9rgNM8AtgjRX6l3g2kpsjNW2muGHiSs4fOsyUDolxUw6BBPzg==
X-Received: by 2002:a67:e10e:0:b0:3f3:b2a8:bee4 with SMTP id d14-20020a67e10e000000b003f3b2a8bee4mr461440vsl.3.1674956127023; Sat, 28 Jan 2023 17:35:27 -0800 (PST)
Received: from mail-vs1-f46.google.com (mail-vs1-f46.google.com. [209.85.217.46]) by smtp.gmail.com with ESMTPSA id f14-20020ab074ce000000b00609202b3b7csm702855uaq.14.2023.01.28.17.35.25 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 28 Jan 2023 17:35:26 -0800 (PST)
Received: by mail-vs1-f46.google.com with SMTP id i188so9076933vsi.8 for <oauth@ietf.org>; Sat, 28 Jan 2023 17:35:25 -0800 (PST)
X-Received: by 2002:a67:d88c:0:b0:3ec:1029:9eab with SMTP id f12-20020a67d88c000000b003ec10299eabmr1207437vsj.68.1674956125511; Sat, 28 Jan 2023 17:35:25 -0800 (PST)
MIME-Version: 1.0
References: <CAP_qYykQfeY+a1syUDBjX+j_Oy7WgTYt5T2uDm-zaQ=MrO-CSw@mail.gmail.com> <3F59956E-4174-44BE-90AC-342233846287@alkaline-solutions.com>
In-Reply-To: <3F59956E-4174-44BE-90AC-342233846287@alkaline-solutions.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Sat, 28 Jan 2023 17:35:14 -0800
X-Gmail-Original-Message-ID: <CAGBSGjppyoH0d2iz1koH9SwOtA5dYQ03XRNLiBN5Rg1eeyrMFA@mail.gmail.com>
Message-ID: <CAGBSGjppyoH0d2iz1koH9SwOtA5dYQ03XRNLiBN5Rg1eeyrMFA@mail.gmail.com>
To: OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e02a9505f35d1c8d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/UOu7jwpsIQaQadpmnYN6iE62Igg>
Subject: Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2023 01:35:33 -0000

There is significant overlap between this draft and the concepts brought to
the OAuth WG at the last IETF meeting by Ben Schwartz, which he also
presented to the HTTPAPI WG. After that meeting, I volunteered to work with
Ben on adapting his concepts to a model that would fit better within the
OAuth framework. I published an early draft, which I am planning on
presenting at the next IETF meeting.
https://datatracker.ietf.org/doc/draft-parecki-oauth-authorization-server-discovery/

During the HTTPAPI and OAuth sessions at IETF 115, there were many concerns
expressed by various people in the groups about establishing and enabling
this kind of relationship, which would also apply to this Resource Metadata
draft. I believe there should be further discussions about the concepts
described here as well as how best to enable other working groups to take
advantage of this kind of relationship between an RS and AS before adopting
this particular draft.

Aaron



On Sat, Jan 28, 2023 at 5:21 PM David Waite <david=
40alkaline-solutions.com@dmarc.ietf.org> wrote:

> I support adoption by the working group.
>
> -DW
>
> On Jan 24, 2023, at 2:38 AM, Giuseppe De Marco <demarcog83@gmail.com>
> wrote:
>
> Hello everybody,
>
> I would like to bring to your attention this expired draft:
> https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/
>
> I propose the take up this individual draft for its adoption as an
> official internet draft.
> The reason I ask this is that there are implementations of this draft born
> with the need to have metadata for entities of type RS.
>
> The implementation of which I am aware concerns the Italian "Attribute
> Authorities" [0]. OpenID Federation draft also defines the metadata of the
> oauth_resource type [1], taking up the elements defined in the draft in
> question. Recently, an interesting reflection seems to have arisen also in
> OpenID4VCI/OpenID4VP [2].
>
> Thank you for your attention, I hope to read your valuable feedback soon,
> best
>
> [0] https://italia.github.io/spid-cie-oidc-docs/en/metadata_aa.html
> [1]
> https://openid.net/specs/openid-connect-federation-1_0.html#section-4.7
> [2]
> https://bitbucket.org/openid/connect/issues/1781/do-new-entity-types-required-for-oid4vp
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email