IETF Logo Mail Archive

[OAUTH-WG] draft-ietf-oauth-token-exchange/audience & draft-ietf-oauth-resource-indicators

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 30 November 2018 20:32 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79BB1130FDC for <oauth@ietfa.amsl.com>; Fri, 30 Nov 2018 12:32:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.36
X-Spam-Level:
X-Spam-Status: No, score=-3.36 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7P2ZQv8Pdjk for <oauth@ietfa.amsl.com>; Fri, 30 Nov 2018 12:32:05 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80075.outbound.protection.outlook.com [40.107.8.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA85A130EAF for <oauth@ietf.org>; Fri, 30 Nov 2018 12:32:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ROABytHpdNRZdIx37pmT1ld11CoCyZPq35DoHlaZSLU=; b=VD986ZT1pWmcYMwyVRRafZ2mPuhufahK6qtrEtkdZF88iY1EOOdkzjJ6R5Zic21yh3jmhuDq+yMVdf+Y1dO8C0Pw9gem4RRf1bLraFExXk3t2X5EXW1kr7J/y2F8g+Or8CwbhDs/9GACl/q7+eFwXKRtPcrJ91HBG7s4KRZroLU=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1615.eurprd08.prod.outlook.com (10.167.211.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1382.21; Fri, 30 Nov 2018 20:31:59 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::2056:1db1:e01:4670]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::2056:1db1:e01:4670%3]) with mapi id 15.20.1361.019; Fri, 30 Nov 2018 20:31:59 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: oauth <oauth@ietf.org>
Thread-Topic: draft-ietf-oauth-token-exchange/audience & draft-ietf-oauth-resource-indicators
Thread-Index: AdSI6ubIseoXCzkuQPaMEIlbtbJkzQ==
Date: Fri, 30 Nov 2018 20:31:59 +0000
Message-ID: <VI1PR0801MB21127007AEA576DC3D1172B8FAD30@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.115.19]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1615; 6:u8F8SLaeyzaOEDIF276hUBDPfzHLAw4JAsQ7tybCPOCjwjb8u8FkKqUGp9K7wLQ0kdyKb9Bfdi61ceWTO5raACptt1rocFDANS0OMKt4UX8v5srFkz5Egb524R0LrgscgmM10yT9v+Z1RbnqMGWzuqLhErrvbCZqz1AqT305gvzHSWAy7IfipblGdK2NjptYFr/JxG0loZl35gcl7uMmtfduO1ZzIGEZFzKiAaB5RKBbjnL2Kk67rIrGxuP7fUGRkconoZ9H8d8xobp1aYPe6qtuc2P7aX/9KlMXGB1ztg4TOOqmIZki4NLAmBP/z2v3gm0YeuHufwr5tbMZivhCwQJ4OidhYa3pyt2HZTNVNT6442qB7x+eC2RBAxjFEDzTlV1CkTAercLDPOvwig54rUywpcRlLQCVXSahQWGl4Ev2AIgLONLWXFcODrq9WnzCORKxghvLviU3mX4tWPpqWQ==; 5:MxU9rrBmg0Jbxt/vOzCtbwlobsz+QWqewBn140KRBq+MUPRR/K9dmM1XP8Y4nJCSASq1NYMoNxQ3V4Lwa7dlv29+GTjEijb6nPweVM1jQoxailSxrSaMgIPXG2iepEWJxCaQpmesbVppvKaiTTxgNt7QFCOSEV/iP5sfRPyx194=; 7:aoXG+naxL+u1E8rzsVkosP3lFq/L+snumboBC81z9tEZDYV2pmPeYeIIh22Vw/skmFnrAJjrjBdk/x1+FLGrTIMTaZiiuW6bgoFlTaDdTZnryrizFUAI/zqYxdeka2OtOo30MHiRd2yJ9/WGsOcTWA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 96bd6a57-1dbe-44ba-51fc-08d65702e0f5
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1615;
x-ms-traffictypediagnostic: VI1PR0801MB1615:
x-microsoft-antispam-prvs: <VI1PR0801MB1615415DA043870D60D69504FAD30@VI1PR0801MB1615.eurprd08.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231453)(999002)(944501468)(52105112)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:VI1PR0801MB1615; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1615;
x-forefront-prvs: 087223B4DA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(39860400002)(136003)(396003)(366004)(189003)(199004)(53754006)(40434004)(3846002)(7696005)(6116002)(53936002)(2906002)(99286004)(5660300001)(7736002)(74316002)(305945005)(9686003)(102836004)(6506007)(105586002)(186003)(26005)(33656002)(478600001)(66066001)(72206003)(14454004)(6916009)(6436002)(81166006)(55016002)(106356001)(81156014)(316002)(8676002)(25786009)(476003)(68736007)(97736004)(14444005)(5024004)(86362001)(8936002)(256004)(71190400001)(71200400001)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1615; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: dTgobLy5VwVqIbOrRJjwPIzi9K1yRP9olBebgchcFQ9j9TbhjagagDu/aq3Kgg4upHh3bUNKJkjn6auTTCo72u0TC1NaULsmQvuejmQu+EvPmXQxDGXG6QM/kvgBjbx+Qv9oiaM3Cu9kD1WeeMbkiwz9Te62P/zlcXGtt8W9AjrlxtHE6koe+6ksZdLovIFpMhUOjEjmVp8QEdXgFExh9encyWBwQy61mDGH7MdJqwbL53KfWpPUN4YryCag7en65WzIdr8AlrgGD/xA2cnBbUwGC3V5co6buj3Brt1+mYxPSY2+wHPEiN9yh34D1JLNqXqxn/mjuBD1telBFmsVllF7+MYxlR+f3ld5v25TGOw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 96bd6a57-1dbe-44ba-51fc-08d65702e0f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2018 20:31:59.3777 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1615
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/nsxGlEEZBTRPN28iUWs22WIYHaw>
Subject: [OAUTH-WG] draft-ietf-oauth-token-exchange/audience & draft-ietf-oauth-resource-indicators
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 20:32:07 -0000

Hi all,

Token exchange registers the 'resource' parameter, at least to a large extend, and draft-ietf-oauth-resource-indicators indicates this in the IANA consideration section.

What isn't mentioned in draft-ietf-oauth-resource-indicators is that token exchange also defines the audience parameter. The audience parameter is defined as

"
Audience:
      The logical name of the target service where the client
      intends to use the requested security token.  This serves a
      purpose similar to the "resource" parameter, but with the client
      providing a logical name rather than a location.
"

I am mentioning this also because draft-ietf-ace-oauth-params defines a parameter 'req_aud', which was supposed to be similar to resource but at the last IETF meeting the argument was that it is a logical name. As such, it would correspond to the audience parameter registered in the token exchange.

Is my observation correct?

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email