Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-13

"Manger, James" <James.H.Manger@team.telstra.com> Wed, 15 April 2020 07:37 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46BAD3A10B3 for <oauth@ietfa.amsl.com>; Wed, 15 Apr 2020 00:37:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=team.telstra.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dpimd-QT3BI2 for <oauth@ietfa.amsl.com>; Wed, 15 Apr 2020 00:37:22 -0700 (PDT)
Received: from ipxdno.tcif.telstra.com.au (ipxdno.tcif.telstra.com.au [203.35.82.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF29C3A10B2 for <oauth@ietf.org>; Wed, 15 Apr 2020 00:37:20 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.72,386,1580734800"; d="scan'208,217";a="202260090"
X-Amp-Result: SKIPPED(no attachment in message)
Received: from unknown (HELO ipcbni.tcif.telstra.com.au) ([10.97.216.204]) by ipodni.tcif.telstra.com.au with ESMTP; 15 Apr 2020 17:37:18 +1000
Received: from wsapp5585.srv.dir.telstra.com ([10.75.3.67]) by ipcbni.tcif.telstra.com.au with ESMTP; 15 Apr 2020 17:37:18 +1000
Received: from wsapp5585.srv.dir.telstra.com (10.75.3.67) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 15 Apr 2020 17:37:18 +1000
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (10.172.101.125) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 15 Apr 2020 17:37:18 +1000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gZoMbAcFsm4Xx18TrD0TW2246EO1mkxzc/0UXEy5Ot1MGEke6OxfQWLSd0Pq01XJtoJpzzUwXoi0kwSiG27FXeb8YwgDpYbgrPhk9JcXwtuQkMsUXajKGKa74Q7oRmbS/+Hyz7goKKSXPokHXhmqGgGbMI5FWSkeV4ul6Yc876JG4D98hNCW7ik3a/Q3RXrgB517LxNeA1BYe/KZVMOHNgNkplDEXLNbUnNQVGz28fwoGsuFd/33QMg5uTKSKHYgklwSVzO3cWaAlXHcdC8f7ICulgMYTHS6fo9m/jCTyhG5Izmt7hEtlGCryw/ezwwSyP3ass/QCOm9T6jr3JTESQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jhxoNF7o1/6Cp1bAlf/6FGgNSLIgtLV6GoOXezGQ9yk=; b=BPprrT9/QklXQV/Eox1SjIF5lmiAkHAdQ0ikN7lgMYNWCDYvTFmqloJ19VEqGCyZTATct8H7ywAEQAnkLJXxNc9bq2Cyht83wv/caWJVbn3EhEjhycKwh7yrxn8LebFgiWN8LNB1w5NkqAGCilZu0qFRrpqhkDptOI45TwTv7Fpcn982usXktHazt5QdwKYv8lQLdin70ls/DLj1CMUEt8JP3ItKkdk16aKAP7Mw8J6eNApudi1IG3XtDpCvOkfjVnzadIgA6ZNPGgwDfDSN2h3cP5Euw5B/+1fmsWkkifODn7Qgyy20FxcJOVFnRR0sjcgei2PKIlj6QO8Bdj/Lsw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=team.telstra.com; dmarc=pass action=none header.from=team.telstra.com; dkim=pass header.d=team.telstra.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.telstra.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jhxoNF7o1/6Cp1bAlf/6FGgNSLIgtLV6GoOXezGQ9yk=; b=vGVns0geSXykdsGgzx1Nf67q6ydTdeuE4I+uPxNJf9E8SykbxO2VUFHxsepTepdCBlHNJg05g4vLxLRUbLQokJgVP3a8L8VylXrHR3QS+5xx8bzgXP0VOCExHkpOLVIZ4Fy/x20CoTb00LcMk2o2onpxjj/xh0gG7ZjVeTu3ey4=
Received: from MEXPR01MB1702.ausprd01.prod.outlook.com (10.175.216.7) by MEXPR01MB1144.ausprd01.prod.outlook.com (10.175.216.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.16; Wed, 15 Apr 2020 07:37:17 +0000
Received: from MEXPR01MB1702.ausprd01.prod.outlook.com ([fe80::4d7:1b54:6ee:bb6a]) by MEXPR01MB1702.ausprd01.prod.outlook.com ([fe80::4d7:1b54:6ee:bb6a%3]) with mapi id 15.20.2900.028; Wed, 15 Apr 2020 07:37:17 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Vittorio Bertocci <vittorio.bertocci=40auth0.com@dmarc.ietf.org>, "George Fletcher" <gffletch=40aol.com@dmarc.ietf.org>, Denis <denis.ietf@free.fr>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-13
Thread-Index: AQHWDQVcWdAAu8TAS0ml2tCmjL0K/KhyX6QAgASBzACAAFExAIAAH2uAgAACN4CAADHOAIAAB1+AgABJ5QCAAF3KgIAAgT8AgAALawCAAAVegIAAArwAgAArP4CAAN9EIA==
Date: Wed, 15 Apr 2020 07:37:17 +0000
Message-ID: <MEXPR01MB17027C2A7631B5623E1A1B6CE5DB0@MEXPR01MB1702.ausprd01.prod.outlook.com>
References: <158628195716.9275.10690808358259357603@ietfa.amsl.com> <CAGL6epJ6W6AKptXw72cw2eaO+582_iYhKSK5h6BGBWeDJW9zNg@mail.gmail.com> <CAGL6epJc4CGDy9DwL3-BJh6MrELY3C-RUmcH716WN4k3Un11FA@mail.gmail.com> <361d7891-01be-8e22-7765-613e727b2bc1@free.fr> <CAD9ie-u4xaoRmNG3Sgj+cNWG4M8BzaM1YFF4Oy4Q2A6gdFWDhw@mail.gmail.com> <CAGBSGjpV=QNHPJfXXLcxHwYwHZrKXEQVjf3eJg+b8z=qpRAJcA@mail.gmail.com> <CAO_FVe67Ta_c1stGAH2b6mC_9FcfcZ_Vs6OdD4S4--vOac_y-g@mail.gmail.com> <CAO_FVe7hZH+83=OzU3b-c_b1XkCKbbKe+EVQ5vs++HO31orWkg@mail.gmail.com> <CAD9ie-ucnSnE=yW6PM6BFke7aS+Hs6z5DrE3zg0YLiikeK=9Ww@mail.gmail.com> <CAO_FVe7Ki=9+GGGRQUb3+shEiNkn4Dvpa9S6ukCZvkPOOKBHhQ@mail.gmail.com> <60478f63-257c-a05a-1587-505b9190205e@free.fr> <871581ba-ab3e-da6f-90f2-083803defbea@aol.com> <32164a9c-c75c-14a4-d982-c55ee8ab0d1d@free.fr> <40ff7dfa-ddea-7798-0618-34454b5c7a4c@aol.com> <MWHPR19MB1501AB7EB499AECDC1D8001CAEDA0@MWHPR19MB1501.namprd19.prod.outlook.com>
In-Reply-To: <MWHPR19MB1501AB7EB499AECDC1D8001CAEDA0@MWHPR19MB1501.namprd19.prod.outlook.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.100.23
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=James.H.Manger@team.telstra.com;
x-originating-ip: [144.132.40.82]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4e89fc14-3308-4c45-c00e-08d7e10fd2ec
x-ms-traffictypediagnostic: MEXPR01MB1144:
x-microsoft-antispam-prvs: <MEXPR01MB1144C941B1F98062F5D2C44CE5DB0@MEXPR01MB1144.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MEXPR01MB1702.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10019020)(4636009)(346002)(376002)(396003)(136003)(366004)(39860400002)(86362001)(55016002)(2906002)(6506007)(110136005)(9686003)(5660300002)(7696005)(71200400001)(478600001)(8676002)(66476007)(66946007)(76116006)(316002)(26005)(8936002)(52536014)(66446008)(64756008)(66556008)(4744005)(81156014)(186003)(33656002); DIR:OUT; SFP:1102;
received-spf: None (protection.outlook.com: team.telstra.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RTPmaqeTkTcSsHmHwGr+KtUuXTcIXlqARSEAF1WP5xNVLHFkHKRN6hHLfuQabsxefdmr+Q89SuSX73mcR8n5EWszCadtAqpWTN/1eTieQkEKUYngSNSIvxuYdEEDGIYHRMq8NTfz7kBBCvpkK6tWXg3ArK7qnxiDsMBoVJB/xm2M5pUfMbJBP1K04Pnx0sO8BMfZ/BkO6mkL9maLucKQILTb22K8x/2SiJ2ujiSXRgG9ZSYmOhzD4Dw6i2mcfPhXIH+8XX8+izSbuPUoaJAbx48TlTUVaXLsx1/GQsqXqgLMshwJXdcqU9g2eh4Ko48tx1nWtt6D5MqffilYsXUgH6gwbJTEQq/FoeoaPyxFMw345ouPZdZDK1VfxSxBJRE+B5OADqDXo4xCDBHUHKCWqNmDT9S9X3mkeWe5I5YLacKggqyucm3wK1B5aThZXOn1
x-ms-exchange-antispam-messagedata: zDgatB+4hBxxFsWdhkb5o4ArvDO580ANXUkOvFgXVgW7H6YwWLD4Uigwkl/ImOTs/iaPnRa2ILIQRgDfRm6/o7uQ75AOaCG9OY0I+eYtl+zdBaJY09+AbMtqtEyOcbisthjKWwECu97jSWxzIGNnbQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MEXPR01MB17027C2A7631B5623E1A1B6CE5DB0MEXPR01MB1702ausp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e89fc14-3308-4c45-c00e-08d7e10fd2ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2020 07:37:17.5094 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rQ2FbDSk2WBwkGPilU6LCejxJl3xMdRx0vVbaCt8nAl0ZzxKkhXcjICcs2skKaIhIQeO+tc+kXeITQwCyg/ZtomcYAoM4iqp3esB97gj9Pw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEXPR01MB1144
X-OriginatorOrg: team.telstra.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/V9UOK27zIwZr7vI_WBjrF3VnWTg>
Subject: Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-13
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 07:37:24 -0000

> the AS could issue the 'sub' value as "urn:anonymous:<large random number>" and create a new value with every token that is issued

But it those cases it would be better to omit "sub", instead of sending a per-token value (we have "jti" as a per-token id). That at least avoids other parties misinterpreting these unusual "sub"s as long-term ids (and, for example, creating persistent user entries for each one).

--
James Manger