Re: [OAUTH-WG] draft-ietf-oauth-token-exchange/audience & draft-ietf-oauth-resource-indicators
Brian Campbell <bcampbell@pingidentity.com> Fri, 30 November 2018 21:04 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0581D131007 for <oauth@ietfa.amsl.com>; Fri, 30 Nov 2018 13:04:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XjnhwfPXg8sa for <oauth@ietfa.amsl.com>; Fri, 30 Nov 2018 13:04:55 -0800 (PST)
Received: from mail-it1-x134.google.com (mail-it1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 771A9131008 for <oauth@ietf.org>; Fri, 30 Nov 2018 13:04:55 -0800 (PST)
Received: by mail-it1-x134.google.com with SMTP id c9so510428itj.1 for <oauth@ietf.org>; Fri, 30 Nov 2018 13:04:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=79CTrdySRf0vbhzklsVUntdmWk6O8CzpkWloX6mArQM=; b=bUwpen/7HuUNYj9z+pBv1cCGW0CT5LniT8Tyl3yVgFw7dsdrLhQWiMHaa7zySR23CS +IacBQVkLPfYRRo/S5aRp3dE2UbT00SK08xIBvG8exFEK9aliBbjwFg3GxJnz3oXbxbX 7vRjRxLiYe6u091y2xGUs5xv1bAgMpguK9Gyw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=79CTrdySRf0vbhzklsVUntdmWk6O8CzpkWloX6mArQM=; b=VpnH4oQ0WHz/1WLIRaQxPgezkR6pkKU77nafgzdgBGEBqvctNlZuI2v+PeEAT4UvRa jeswdXFTze+oTzQ+/mxtwq0sKp2sQLxnM5jwbF8yoPBbH2K/TFesZjaCMGrMx1Ce2YWl CdQVOuz1VZUo65FUCzg23rHuEsd0P05hxHKRtDHP11G26T3GuPlDvaRGde+WVWCNUOA3 lnu87SezyqBrnZ/w88JgM3x4SfQs2849FzFj9nnQe/CMbDVwEUuILASiFV8Mv84BqClR 7tahiNwjuYB6A9c1JKjj/NEiFi1uAzA/WOYnjVcPgfX8MsnlhVNn7vQmX1j1WeyMfSwm xTxw==
X-Gm-Message-State: AA+aEWZbBSaSxoC9zo3lkmSgD0/PKJZd59XCOLIqUoELtRQ3uiFIkmWm euQA3FFrcYZs8YM3htgqbujz58hEWzQbi8f6oSwAc/PGo2KW4V6gqvFT97CX1k8G5w3rzM72ja+ 2f9Dn8aOcNU2f7Q==
X-Google-Smtp-Source: AFSGD/VNEvD0Tdi3ulF8IrWyY5NVpn5C7/NeGKRSe/WCEuwJ9FTJk+9FRSTKPpukhHl8lSwKdy1tTyVkl4haH6CmhgU=
X-Received: by 2002:a02:5f9d:: with SMTP id x29mr6947215jad.28.1543611894615; Fri, 30 Nov 2018 13:04:54 -0800 (PST)
MIME-Version: 1.0
References: <VI1PR0801MB21127007AEA576DC3D1172B8FAD30@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB21127007AEA576DC3D1172B8FAD30@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 30 Nov 2018 14:04:28 -0700
Message-ID: <CA+k3eCRU-QOtOO8WEFJ4VFj-vR5BPq6=6ChZfKk2thpyiNetUw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a6b3da057be8266e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/imi0FGp9Wpmc7SmtfAI2aYkFfG4>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-token-exchange/audience & draft-ietf-oauth-resource-indicators
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 21:04:58 -0000
Seems correct, yes. On Fri, Nov 30, 2018 at 1:32 PM Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > Hi all, > > Token exchange registers the 'resource' parameter, at least to a large > extend, and draft-ietf-oauth-resource-indicators indicates this in the IANA > consideration section. > > What isn't mentioned in draft-ietf-oauth-resource-indicators is that token > exchange also defines the audience parameter. The audience parameter is > defined as > > " > Audience: > The logical name of the target service where the client > intends to use the requested security token. This serves a > purpose similar to the "resource" parameter, but with the client > providing a logical name rather than a location. > " > > I am mentioning this also because draft-ietf-ace-oauth-params defines a > parameter 'req_aud', which was supposed to be similar to resource but at > the last IETF meeting the argument was that it is a logical name. As such, > it would correspond to the audience parameter registered in the token > exchange. > > Is my observation correct? > > Ciao > Hannes > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] draft-ietf-oauth-token-exchange/audien… Hannes Tschofenig
- Re: [OAUTH-WG] draft-ietf-oauth-token-exchange/au… Brian Campbell