[OAUTH-WG] draft-ietf-oauth-rar use of “WWW-Authenticate” Response Header

"Oliva Fernandez, Jorge" <Jorge.OlivaFernandez@santander.co.uk> Thu, 25 May 2023 11:15 UTC

From: "Oliva Fernandez, Jorge" <Jorge.OlivaFernandez@santander.co.uk>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: draft-ietf-oauth-rar use of “WWW-Authenticate” Response Header
Thread-Index: AQHZjvo9ScjbHmgd+EuuluxD1c4KpA==
Date: Thu, 25 May 2023 11:15:40 +0000
Message-ID: <41869F2A-F0B1-4409-8739-5BB3A820CBF6@santander.co.uk>
Accept-Language: en-GB, en-US
Content-Language: en-GB
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Fi6dinBvIpQ9tJvX9A7sIWQxVCwUdf70oVzDnYZX+CJnOuJSvvE3GGlE8qYkq/EvNCoUhNBvBSS5tmPhWo+0ppT6cMfwmL79FuAaPq51z5Slg1yC2qyW5biLIxmaT2krlW0n4JLgIOjPG2r6JBx5ISfwV30nyIif2KSmaXB3MWpq7tJqE6NyBSW92UTIm81DjEQrvqK199ks78MdQ4XoW77sYCq8nUKUo7L4s6fGu/DJeXkyPA9ew9TNqlOk7iEXAwHcWwxcW44jgQ3PrpdSd2isFmXLPlP+Mx5gRHocVmBgcM2ye7CtvEtqq3fflQMKmAqv/vtpQOGv0hKXtqau/cXC7GNID6nTOCKpvSggWhXHJNudqdrQLS7G9WQ7xg+C00oofXZn1Aee4Gme79EuPLUTqG1gFgbyvwq3krdi6zsq+lmH3/STQyN/O8/jdcdq7BI4fQd/uYnT22LQ2ut1GUDSvqSGX5DjWfz0Yo5Sp1jubOP9ES9YLftUh/Ygf+FNH4xudqi+0PjpfbCh/jSjtF1HkPwj1FSroZllZ+Yn9PXEjn+k3ziT93sOoILxMBbtfXJXoU5GnRyfljnQlnqs+Lnmb8NX8rv4ox2ltY/XGrE9ze4g5Z/X8VkHvIqh2LUaeYuUWWPAtI/qu4DAQxcSAVNEWtf22UMntNRpqIQ9JqXfaKoF6s0SmTWz2JJPtcshjvwsH0Q+AJnylkaNaSrsZtuxTER5ubLlPwprQOsr141+TFxBCO7HqfbtrRORfbkuwU80UUDP/tIweNDpeliNfz+hnXEH6oD8QOW8t/tfeYKU/cwOUAvKo8KHBNsirMoXZKc7WgCNwKiAWtNT6C8nDjDbWGXPXgpcORUgxTsjx7z6DRbX386BrLWWcNKib+JNGal769FsZWVrMHGTyQsPHgg4738OwbI2/ebU4orhVwObfIMB4DQOjmpCuqQLD9xrsgXib1ubvT70WBFY5TvdxtaZsXV5t+wfUNq01mt4tn8skUoMU0eeAtqwAJM3IMPIL1In8vHXRUFURhk5cteK9CiAxnPul1FnvmpZ9oFnbv/jHtC6Bm0KHkj3pR1O3Spqrp2OuHEr2QIooklf8yzabvEtM1EXRQVHXMriwx+OemvK4wZxjCRifLGJ2xLiG5JWZUXxX30fKGne+6CWlAEzdFh4I71cGCSKVAz9ANiP2gr5afMD5BpUzBhbUWLRPGNBpyDY+Dilm8bNe9HkhtAQiNJcYjDMWWuST11xYifdlO9x70/Lm/gJA0nf9uQ45GdvDv+LZR4IokdnmidMSE0a7lnFUaBo7BvU/VBhi1EE0CClGfV8Gan9AF7/dbqRSmvZSa9st4txcMwyci+idD3O0lPtbwLd6qqgYAs+iu0nqHx9Tv09TOXHkOBbV2301Wi6OqChA/VkueF2oQ9J5Jy7xLo3glGIDqkJe5wzC3l16qnEv1zDivnMX4zPA7U6JAw9vj2+TF3GPXWNuhqGkzIpQ7ilwzuia2UNb6DAz/pr7RxklALQEgu40n2uSkkaj7t1G8WXMvp+56JxlA9nZMTsY3VjnW8OU8AUthZ5ja3LtP7HkRLIVMnyPpvxwgSfDaZGx5rFf8OrbAvnwJsuJqrkPCeSzj36va59Q8PoItMG9pM=
Content-Type: multipart/alternative; boundary="_000_41869F2AF0B1440987395BB3A820CBF6santandercouk_"
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: sApTk87HL0xTVcjUC6ooMzO0LeztSdBw3L+2BsACzuExVReWOeNa/QrZNEXjKzGQpkwgBleERZ0YnErC7XahbJ2MV+Z8QDXZzKW7bnD+aaAoe4u6IeD84ji7CSnOO9gR1dY0gMrRPE9h4wLHRVGKpi/6khyTNjWRdLCMOLY3Il69UGyi0tFyRc+ISCfWVRHDOmj4xWM8jT39IGdWe2f2UtAu2pzIX4Pv3hXEliEsfzDEUuBGd9XsI058dezLlYBaqWl9QJpoHZUNae3asXBGHON9T9nB0yM+wrnfMiritDM67cgIDOmqTNL9sBYLp5bIoNaaNsCa4lY2eHtemQDR+0Tiaocf2MeH5X3FS6chWQImiIJ7WdxqQ4AiSuRY2It7lTItE25Rj3B6FPC1czOEVmihTzQZ68AwMFc/JvP8WB/ubTf/QPtK4QqUTYOQ5KLAiHxs/w37BTrLFv3lESCQ/eXq3bz/qL0BK5XQgjYHCylGs0Mmp8354fdBKxFmHP+gvDtJQtuDwWiyVnCuGdBV/NyTzfp8m20PsCr5RXC5NyWCwCTftHyPZXuijcWoDH9QNQasPOiESiy2kXO68peat6snGRpJz8JKcMO5+D7S6wSvps9wFKOB2+QQ4ux9T7dLWfK6H8tO4a6lvtKbWru6aevJxk7uvzVV1o6W32Q0/5uIABH32u4HUEwyApiejtftRfpPtj8CiWhW49XsQJhyt56Y/TW95mHq4oTPaTp1WOIY8NfIPm3E8E15CqC1qIlD
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB8PR04MB6681.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ac3bb6e-6e79-4d77-2e7c-08db5d115fb4
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2023 11:15:40.3915 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 35595a02-4d6d-44ac-99e1-f9ab4cd872db
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yEoEcY9x1BajpYHXwJ+VLXWM9EJQC4gMThFCT4KH3O5iOnNOv+16YIfvBngoJz+WcK/KJivZzRxK+Ve5j9J54nTrxqUkRFhfBU9ZUEsCcgsVZOf1ESfe+MOz7k/nGsCn
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8039
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/beBdu32qaCK-SMiK2FnO2--45zs>
Subject: [OAUTH-WG] draft-ietf-oauth-rar use of “WWW-Authenticate” Response Header
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2023 11:15:58 -0000

Hi,

I have been reviewing the last RAR draft (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-23) and I was expecting to find some references about how to use the “WWW-Authenticate” Response Header Field defined in RFC6750 (https://datatracker.ietf.org/doc/html/rfc6750#section-3) in this document.

I think that RAR is a great idea for complex authorization where a “scope” is not enough to describe what you want to authorize, in OAuth 2.0 there exist a way for a protected resource to indicate what “scopes” are need it to consider the request “authorized”, should not be an standard way to do the same for rich authorization request?

Best regards.
Emails aren't always secure, and they may be intercepted or changed after they've been sent. Santander doesn't accept liability if this happens. If you think someone may have interfered with this email, please get in touch with the sender another way. This message doesn't create or change any contract. Santander doesn't accept responsibility for damage caused by any viruses contained in this email or its attachments. Emails may be monitored. If you've received this email by mistake, please let the sender know at once that it's gone to the wrong person and then destroy it without copying, using, or telling anyone about its contents.

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. https://www.santander.co.uk. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website https://www.fca.org.uk/register. Santander and the flame logo are registered trademarks.

Ref:[PDB#1-4B]

[OAUTH-WG] draft-ietf-oauth-rar use of “WWW-Authe… Oliva Fernandez, Jorge
Re: [OAUTH-WG] draft-ietf-oauth-rar use of “WWW-A… Brian Campbell
Re: [OAUTH-WG] draft-ietf-oauth-rar use of “WWW-A… Oliva Fernandez, Jorge
Re: [OAUTH-WG] draft-ietf-oauth-rar use of “WWW-A… Brian Campbell