IETF Logo Mail Archive

Re: [OAUTH-WG] Updated OAuth PoP documents

Justin Richer <jricher@mit.edu> Tue, 11 November 2014 17:22 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C10F1A00E1 for <oauth@ietfa.amsl.com>; Tue, 11 Nov 2014 09:22:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.795
X-Spam-Level:
X-Spam-Status: No, score=-4.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AGMPhjBufax9 for <oauth@ietfa.amsl.com>; Tue, 11 Nov 2014 09:22:43 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 675A01A00CD for <oauth@ietf.org>; Tue, 11 Nov 2014 09:22:35 -0800 (PST)
X-AuditID: 12074425-f79e46d000002583-82-546245da23ae
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id F7.2D.09603.AD542645; Tue, 11 Nov 2014 12:22:34 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id sABHMXrq002882; Tue, 11 Nov 2014 12:22:33 -0500
Received: from dhcp-88b1.meeting.ietf.org (dhcp-88b1.meeting.ietf.org [31.133.136.177]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sABHMMN8021530 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 11 Nov 2014 12:22:31 -0500
Content-Type: multipart/signed; boundary="Apple-Mail=_057F08FD-26AA-4A36-ADBF-D73884FECBDF"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <54624374.5070708@gmail.com>
Date: Tue, 11 Nov 2014 07:22:21 -1000
Message-Id: <3252524B-591B-4437-8B92-3E93A1BFE12F@mit.edu>
References: <53AC1528.9080709@gmx.net> <545CEA62.6050508@gmail.com> <0D4220A2-9F67-4663-B9FC-EBC1419E2915@ve7jtb.com> <54609B3D.1070803@gmail.com> <54609BEE.8000108@gmail.com> <EF6E1DB9-BF6C-455E-AEC3-7BFF34EEA7CE@ve7jtb.com> <5461E94F.5030009@gmail.com> <EF05BA82-8B33-4056-A565-5A30E8527990@mit.edu> <54624374.5070708@gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrPKsWRmVeSWpSXmKPExsUixG6nrnvLNSnE4NlHNouTb1+xWfxbam+x +u5fNgdmj52z7rJ7LFnyk8nj9u2NLAHMUVw2Kak5mWWpRfp2CVwZbw/uYi44ElLR82EzSwPj E9cuRk4OCQETiR/9M9ggbDGJC/fWA9lcHEICs5kkug91QTkbGSX2z5nDDlIlJHCGSWL/rDqQ BLPAJEaJZ5/2gyV4BQwkluzaxAxiCwsYS6zcv50RxGYTUJWYvqaFCcTmFNCUWDptMZjNAhTf ef8qWC8z0Bm7FnUD2RxAc6wkzlwWgVh8ikni5qRnYDNFBLQlLr6+xQ5xqrzEhw/H2ScwCsxC dscsJHfMApurLbFs4Wso20DiaecrVghbXmL72zlQcUuJxTNvsEDYthK3+hYwQdh2Eo+mLWJd wMixilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdCLzezRC81pXQTIzhuXFR3ME44pHSIUYCDUYmH V8M/MUSINbGsuDL3EKMkB5OSKK8oMOqE+JLyUyozEosz4otKc1KLDzGqAO16tGH1BUYplrz8 vFQlEV5JCaA63pTEyqrUonyYMmkOFiVx3k0/+EKEBNITS1KzU1MLUotgsjIcHEoSvNIgCwSL UtNTK9Iyc0oQ0kwcnIcYJTh4gIazg9TwFhck5hZnpkPkTzEqSonzKoIkBEASGaV5cL2wdPeK URzoLWFeCZAqHmCqhOt+BTSYCWjwu5IEkMEliQgpqQZGvZPdtSK1xz4c+HEo42T+CvGJlS8+ r6/PLelk2bUjZ8mEi0o2v1xt5a9OMWhb33yJT6nuv1R0e/nuHUnyC1qWWXMlV3Te+3WpWPGR DOPt5+ciTpuf9voj47XpyLV9XWvCpLWcpOIuORQ4HDnA89jqYWHWhGnX2+XPaz9cfNu26WPt jv+ye5p3KLEUZyQaajEXFScCANI2bfhSAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/ZyLTgmDzCq-MWPf8BRzWhuGP4eg
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Updated OAuth PoP documents
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Nov 2014 17:22:56 -0000

What you’re talking about is changing the body of your API to be a JWS directly, and that’s fine if your API wants to do things that way. Just define it as part of what your API expects — there are several out there that can do this. But that’s not what this work is about. This work is very explicitly about detaching the signing mechanism from the request itself, so that you don’t *have* to cram everything into a JOSE object directly. This lets you keep a plain JSON/XML/LISP-S-Expressions API and still be able to layer in signing of the request tied to an access token.

 — Justin


On Nov 11, 2014, at 7:12 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:

> Hi Justin
> 
> I'm sorry, I've missed it
> 
> What is your opinion of having a body optionally wrapped into JWS and JWS being sent as a body, as an alternative (while keeping 'b' as an option too).
> It can allow for streaming, as opposed to calculating the body hash in memory...JWS can be calculated dynamically. The key would be the same key that calculates the query/etc hash...
> 
> Sergey
> On 11/11/14 17:05, Justin Richer wrote:
>> It already does offer a body hash, optional like the rest of the parameters
>> 
>> https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-00#section-3
>> 
>> (see the “b” parameter)
>> 
>>  — Justin
>> 
>> On Nov 11, 2014, at 12:47 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
>> 
>>> On 10/11/14 16:56, John Bradley wrote:
>>>> For sending  JWE symmetric key to the client the Key Encryption Key is client public key provisioned out of band or pushed to the AS in the request.  (The same applies to key agreement)
>>> Thanks...
>>> 
>>> I suggested earlier to consider using 'bearer' token type in the token response containing a 'key'; probably a bad idea, not sure now (i.e, is it still a 'bearer', with a client now holding a PoP key :-)),
>>> 
>>> may be it should be 'pop' as documents like
>>> http://tools.ietf.org/html/draft-richer-oauth-signed-http-request-0
>>> offer.
>>> 
>>> Speaking of "draft-richer-oauth-signed-http-request" - a colleague of mine raised a related question and I wonder, should this document offer an *optional* request body hashing as well.
>>> 
>>> Thanks, Sergey
>>> 
>>>> 
>>>> John B.
>>>> On Nov 10, 2014, at 1:05 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
>>>> 
>>>>> By the way, where is the key encryption key is obtained from in a case where the POP JWK key is encrypted ? Is it a client public key or some key obtained out of band ?
>>>>> 
>>>>> Cheers, Sergey
>>>>> On 10/11/14 11:02, Sergey Beryozkin wrote:
>>>>>> Hi John,
>>>>>> Sorry for a delay,
>>>>>> On 07/11/14 21:27, John Bradley wrote:
>>>>>>> Inline.
>>>>>>> On Nov 7, 2014, at 12:50 PM, Sergey Beryozkin <sberyozkin@gmail.com>
>>>>>>> wrote:
>>>>>>> 
>>>>>>>> Hi
>>>>>>>> On 26/06/14 13:42, Hannes Tschofenig wrote:
>>>>>>>>> Hi all,
>>>>>>>>> 
>>>>>>>>> I read through three of the OAuth proof-of-possession documents and
>>>>>>>>> made
>>>>>>>>> a few minor changes here and there (mostly editorial & updated
>>>>>>>>> references).
>>>>>>>>> 
>>>>>>>>> Here are the three docs:
>>>>>>>>> http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-02
>>>>>>>>> http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-01
>>>>>>>>> http://tools.ietf.org/html/draft-jones-oauth-proof-of-possession-01
>>>>>>>>> 
>>>>>>>>> While there are a few open issues I believe that these three documents
>>>>>>>>> are in fairly good shape.
>>>>>>>>> 
>>>>>>>>> Is someone willing to do a review?
>>>>>>>>> 
>>>>>>>> Few comments to
>>>>>>>> https://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution-01:
>>>>>>>> 
>>>>>>>> - it is unclear what the new token_type if any is introduced, for
>>>>>>>> example, the section 6 says no new token type is introduced, while
>>>>>>>> the symmetric example uses a "pop" value and the assymetric key
>>>>>>>> response example says:
>>>>>>>> "The new token type "public_key" is placed into the 'token_type'
>>>>>>>> parameter"
>>>>>>>> 
>>>>>>>> Is the new type is actually introduced and it is "pop" and the
>>>>>>>> clients making the requests to RS should use a "POP"/"pop" scheme ?
>>>>>>>> 
>>>>>>>> http://tools.ietf.org/html/draft-jones-oauth-proof-of-possession-01
>>>>>>>> 
>>>>>>>> uses "pop" but I'm not 100% sure...
>>>>>>> 
>>>>>>> The specs for the client accessing the RS need to define the token type.
>>>>>>> 
>>>>>>> There is likely to be more than one of those, signed message and TLS
>>>>>>> channel binding.
>>>>>>> 
>>>>>> I wonder, should it only be this PoP key distribution spec that would
>>>>>> use "pop", which is really about getting a regular token 'enhanced' with
>>>>>> a key. If I have AS returning a bearer token with a response containing
>>>>>> "token_type":"bearer", then when this AS receives a client token request
>>>>>> with a "token_type":"pop" it just means the bearer token to be returned
>>>>>> would have a key parameter bound to it.
>>>>>> 
>>>>>> Note IMHO it does not matter for the client whether the actual token
>>>>>> representation is JWT or an index, it is still a "token_type":"bearer"
>>>>>> as far as the client getting a token response is concerned.
>>>>>> So it won't lead to the proliferation of the new token types.
>>>>>> 
>>>>>> Something else that I wanted to suggest - can make no much sense but
>>>>>> here it goes:
>>>>>> 
>>>>>> Refresh tokens and indeed id_token OIDC tokens are just access token
>>>>>> response parameters but for them to be included in the response all what
>>>>>> is needed is for the client to include an extra scope in the redirection
>>>>>> request... Just a thought...
>>>>>> 
>>>>>> 
>>>>>>> I am guessing that the channel binding one wouldn't support symmetric
>>>>>>> proof keys.
>>>>>>> 
>>>>>>> Those specs may wind up profiling this spec to limit particular key
>>>>>>> types etc.
>>>>>>> 
>>>>>>> The token_type  in the request is saying give me a token to use over
>>>>>>> this request method to the RS.
>>>>>>> 
>>>>>>> The AS might use the same logic to produce a AT for signed request and
>>>>>>> TLS.
>>>>>>> 
>>>>>>> The other parameters are:
>>>>>>> "aud" so that the AS can deal with multiple RS perhaps all with
>>>>>>> different encryption keys and some using introspection.
>>>>>>> "alg" indicating the alg of the proof key "HS256", "RS256", and
>>>>>>> "ECDSA"  being the current likely options.
>>>>>>> (looking at that now I wonder if we also need to say anything about
>>>>>>> key length/curve,  I hope all of that can be sorted out in
>>>>>>> registration so some sensible defaults would work for length/curve)
>>>>>>> 
>>>>>>> Those being important to any client RS protocol.
>>>>>>> 
>>>>>> thanks for this extra info,
>>>>>>> 
>>>>>>>> 
>>>>>>>> - The assymetric key example suggests that just a JWS-signed access
>>>>>>>> token is returned. This implies a client can easily introspect it -
>>>>>>>> which is not a big problem in this case - but it leads the client
>>>>>>>> toward writing a code that is bound to an access token structure -
>>>>>>>> therefore such a client code won't inter-operate with the AS sending
>>>>>>>> a bearer token; IMHO the access token structure should absolutely be
>>>>>>>> opaque to the clients, i.e, if it is JWT then it must be JWE protected
>>>>>>> 
>>>>>>> The intention is not to limit it to just JWS signed JWT, that should
>>>>>>> be expanded if not clear.
>>>>>>> 
>>>>>>> SAML has the same problem with people sniffing tokens, so I agree that
>>>>>>> the client should be precluded in the spec from doing that.
>>>>>>> Forcing encryption of all the AT may be overkill and have negative
>>>>>>> performance implications if not required for other reasons.
>>>>>>> Nothing stops the AS and RS from using JWE encrypted JWT.  Given that
>>>>>>> in the symmetric key case between the AS and RS case a A128CBC-HS256
>>>>>>> has AEAD Authenticated encryption so you don't need to sign the JWT
>>>>>>> separately as an optimization.  (I personally prefer A128CBC-HS256
>>>>>>> over HS256 given that the performance hit is small, but that is just me.)
>>>>>> I'm afraid I'm not following that :-), but given that we do implement
>>>>>> "A128CBC-HS256 over HS256" now, I will afford asking, are you referring
>>>>>> here to the case of the PoP key being distributed in a plain form over
>>>>>> TLS vs being JWE-encrypted with "A128CBC-HS256 over HS256" ?
>>>>>>> 
>>>>>>> Requiring encryption is probably overkill.
>>>>>> I understand, as long as the client treats a JWS sequence as an opaque
>>>>>> blob, it is fine...
>>>>>> 
>>>>>> Thanks
>>>>>> Sergey
>>>>>>> 
>>>>>>> John B.
>>>>>>> 
>>>>>>> 
>>>>>>>> 
>>>>>>>> Thanks, Sergey
>>>>>>>> 
>>>>>>>>> Ciao
>>>>>>>>> Hannes
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> _______________________________________________
>>>>>>>>> OAuth mailing list
>>>>>>>>> OAuth@ietf.org
>>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> OAuth mailing list
>>>>>>>> OAuth@ietf.org
>>>>>>>> https://www.ietf.org/mailman/listinfo/oauth
>>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>> 
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>

v2.14.0 | Report a Bug | By Email