[OAUTH-WG] RPC Security workshop
Atul Tulshibagwale <atul@sgnl.ai> Thu, 22 September 2022 17:17 UTC
Return-Path: <atul@sgnl.ai>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A6CC14F741 for <oauth@ietfa.amsl.com>; Thu, 22 Sep 2022 10:17:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.905
X-Spam-Level:
X-Spam-Status: No, score=-6.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sgnl-ai.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vs1_6Y1riFKI for <oauth@ietfa.amsl.com>; Thu, 22 Sep 2022 10:17:22 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DB88C152580 for <oauth@ietf.org>; Thu, 22 Sep 2022 10:16:42 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id y2so6621828qkl.11 for <oauth@ietf.org>; Thu, 22 Sep 2022 10:16:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sgnl-ai.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=qdICbuEpr0pQaHeP6xg5galVxgm628lso/QGHlSrmeg=; b=30WJGbXyjcmIynrrCZwwzn8opYu24/Zj+Hwggtr9MDTLgkO8vJtN3XXPL9yNHrnlgA cQKBGjlsHCkHogOI05JIHoGl0gcLK86+yY5n86pLBxGaQXxCU9pWMfk13AOCrXCEjl1p k1hRbsfBOVnIFyLNXtYV8A0u82laFdTYtK1racZrxrgr3DhduHE+XwhcXhM1tRF/1CcP 8hVXjITKEgq7DZOibKhffILZdnDrMs3IDWQUrqr90EUjc//BLQtWgHS8kTvRTzLmPa2g kZrP8n3lyvDbtngypNWB7sGof+/HDZyf/UQnLhacN8VVNOhDmMOzY3r6aI67yJKjkCQu 9k/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=qdICbuEpr0pQaHeP6xg5galVxgm628lso/QGHlSrmeg=; b=15Ml4eW+qRr6cKGMWsY8CSnMTgPmhwdXiUM9fStFc2DM4LAMs5I2NpZw13YXQ+mYDv BeauDduetpld7xhXNWDUCLx8TUKIaFIx3PgPa4c0jQ8WrVR+0TeWqS5Oxh9n75yHugnX AvjXRwcqlDyi3xGXAuwMyNr1OJPss6rJhAKE0x3rBodh6QcCsUEALnzLOyA4UKzVwRiK Z9EblExPGyQwq336kqUFlCQAoA9RLjYKlOpXsNc64z1BpydTLJGVJi0a5N5r/AIDBJgK t4qkSWSaFCkx8oOwUSjBCQjml2nH/+OHNHkGDfOxLDf2Se57p4/HWaaXI1vVYytN+1bj Kp4w==
X-Gm-Message-State: ACrzQf3NImMhHBdcnMU02ez8GitKnIJnoJeW/x/0KUPXP59lBAbjxNh2 +buEvWhO0TNPBNp2/zDixZtT9YcnS24pMPgw7VpdLF45U8GLXw==
X-Google-Smtp-Source: AMsMyM414d4M4WIvgQS518nMLxKqtFAPStek1vLYiyKicQ9EIp8FcIdCZnGbHIrOXlqye1wYTzygCQQZDpvqENByuqg=
X-Received: by 2002:a37:de15:0:b0:6cb:cdc7:529a with SMTP id h21-20020a37de15000000b006cbcdc7529amr2871382qkj.208.1663867001073; Thu, 22 Sep 2022 10:16:41 -0700 (PDT)
MIME-Version: 1.0
From: Atul Tulshibagwale <atul@sgnl.ai>
Date: Thu, 22 Sep 2022 10:16:25 -0700
Message-ID: <CANtBS9fqh7o5zDma8oeGQEfMVAsNqxwF44h9nSDihFMRdCUkdA@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/mixed; boundary="0000000000008dd76e05e947395e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/hkFG4GHGv2A15kiqiAh4ahiB8sk>
Subject: [OAUTH-WG] RPC Security workshop
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2022 17:17:27 -0000
Hi all, Subsequent to the presentations Rifaat <https://datatracker.ietf.org/doc/slides-114-oauth-multi-subject-jwt/>, Kelley <https://datatracker.ietf.org/doc/slides-114-oauth-token-and-identity-chaining/> and I <https://datatracker.ietf.org/doc/slides-114-oauth-do-we-need-a-rpc-security-standard/>gave at IETF 114, we conducted a workshop yesterday that included participants from major cloud platform vendors and other organizations interested in this problem. The notes from the workshop are here. https://hackmd.io/ynqmd1MfR_mAdQHgooUbcA We hope to be able to discuss this further in a side meeting at IETF 115. I would love to get more participation from interested folks. The "problem architecture" presentation that we used to generate interest is attached. Thanks, Atul
- [OAUTH-WG] RPC Security workshop Atul Tulshibagwale