Re: [OAUTH-WG] [EXTERNAL] RAR & multiple resources?

Mike Jones <Michael.Jones@microsoft.com> Tue, 14 January 2020 01:48 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0799120091 for <oauth@ietfa.amsl.com>; Mon, 13 Jan 2020 17:48:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6soQdn5UXzTI for <oauth@ietfa.amsl.com>; Mon, 13 Jan 2020 17:48:22 -0800 (PST)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650099.outbound.protection.outlook.com [40.107.65.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9EE120026 for <oauth@ietf.org>; Mon, 13 Jan 2020 17:48:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=U9EZdsTZO4mE8G+QKyO22MYyrWRSs+2Ror0BWJVZay5yYhVfXhMwSY8soV8AOEWcM+z26ls3rP2z8OMpipDlH4lHEjNka/hJGnBhLo4tEshyUbOzDc9ofrUAv2UZcPcrZ+vCyQri5UI+NOgAScqJWwQYf2PLoNu1ytG08NXG1f/bsIyKhEg0+CT8f9AZz4S4SW/PB4+yE3AxqWrxalWC+6afOaMjnsQv/y5LJVrk+T2gF1RYtm0nQYotUuC1cvFKDpqK2aaffaRw9MypNuYCwqWziJRpAi691EawXHyUEEx+CzqvP5kkBYgtRR40rjZMRkuQMBGQ0zOiaHDGvWK46g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=06j0GcTt5CMD4jsamdPatUHiH07VBMPmuljdCD239GU=; b=klIkm9+tYVpjKkxnFg4a9FBSSMMJ4oJxnIEI7I/OodFz/2eeISKVmbPqANfJYM5LKdzWvgvOD0pfJHQdCrc45+p1360ogwLl7OdAFKzF4A0nPwXTn8qe7TnKFToplTvE/iZJIhEjp2p1iQlLj5iaCYmyRqPyiQJM5jOgjvhy/3KSF6mCw2vsCgPQRko1QukIwzqZSl2FwH4K4xhfSmyNc3SoIWtVGZj80wI0oHAjfbO4UYoEVQCxfEJNcuZXAYih3Nv6J9KVqXS24/qVZXU91sKTubXI1PPQ8dpBYEC95/Or0qdt9eKbYtxrCeVgllq5cKXl5cQVrgwondSuWA9v9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=06j0GcTt5CMD4jsamdPatUHiH07VBMPmuljdCD239GU=; b=Se6ztqng9WBMmhPXBQPJY8p20lhBpPNSFIuoIY5CYFICn7eofy+gPkhTKa0f1pQvBw797u2RIboibrX3xIKlZ43e5vjrCRBb5f/x9xzKcZMeQprhKp/IVk/NfMMSnXy8+7M1f0KJ/vLVViRbPdbKGE6DFYREeaPUuceDf40FJ5U=
Received: from CH2PR00MB0843.namprd00.prod.outlook.com (10.186.139.150) by CH2PR00MB0762.namprd00.prod.outlook.com (10.186.136.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2678.0; Tue, 14 Jan 2020 01:48:20 +0000
Received: from CH2PR00MB0843.namprd00.prod.outlook.com ([fe80::417a:ede3:355:587]) by CH2PR00MB0843.namprd00.prod.outlook.com ([fe80::417a:ede3:355:587%4]) with mapi id 15.20.2678.000; Tue, 14 Jan 2020 01:48:19 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>, Torsten Lodderstedt <torsten@lodderstedt.net>, Brian Campbell <bcampbell@pingidentity.com>, Justin Richer <jricher@mit.edu>
CC: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [EXTERNAL] [OAUTH-WG] RAR & multiple resources?
Thread-Index: AQHVynppk5DfJJ6bUEywx9EBFjubAKfpZAZA
Date: Tue, 14 Jan 2020 01:48:19 +0000
Message-ID: <CH2PR00MB08433246E309260C650727C1F5340@CH2PR00MB0843.namprd00.prod.outlook.com>
References: <CAD9ie-uEuvWv4Z1y-+JcebWcX69UMTN2ZNOQKWiQVOa=j8wtVg@mail.gmail.com>
In-Reply-To: <CAD9ie-uEuvWv4Z1y-+JcebWcX69UMTN2ZNOQKWiQVOa=j8wtVg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=68f549cb-81f6-4730-9093-000056f84f5e; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-01-14T01:46:51Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.92.57]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c4edb55f-3b65-4fab-636a-08d79893d4f6
x-ms-traffictypediagnostic: CH2PR00MB0762:
x-microsoft-antispam-prvs: <CH2PR00MB07624B7664D1E53F4CB1169FF5340@CH2PR00MB0762.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 028256169F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(199004)(189003)(55016002)(64756008)(81166006)(5660300002)(8990500004)(6506007)(9686003)(53546011)(52536014)(4744005)(26005)(81156014)(66556008)(66476007)(8936002)(8676002)(66946007)(66446008)(76116006)(33656002)(2906002)(110136005)(4326008)(10290500003)(86362001)(316002)(478600001)(186003)(71200400001)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:CH2PR00MB0762; H:CH2PR00MB0843.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H2MCmLGDptusPyhbDM9bSeScmqSJwh0n7RrdIfGI0crySL1Zplt1pNcIzDbUTnvjkah0JGkNn9DBhr3bvu06KwsF0wnaTx6hO9aRyxs2Sz1sc6OarzDtYhWfNf+FMlRlbUR/guO86bRlYivJJ1i6wEXgdRc/lN1T0plWXzPOjEoLmPbKYwT65YPHrn1tylmNsUcp8NTy3NPSKIuQiRPBnuN8s6MpFkm8fgorFxJm+CKXsp6eZZ2kmP6XpwhEM4GYfzuu5gCaPmPpMghrNdrjf8lRmOR/QDz16NNTX78R+nNxXfUp4OuCuk4G5uzEllzbQRtUTHXzBOphOaUJZbAEDUQqNOM4qPE5OFYg4gwZTy2AT/kc8cm7GEsnMQN9RcI66hRsQ0/oBVv8O/uDRcczdFIDkdxwPZkMG8/kk+H0/k5hPzO5CO0aflV1t8Z+4nal
x-ms-exchange-antispam-messagedata: Msu8Vr6pMATbWFnJqMsDh+qINH9TYKnfkisNjQiAFzsrC0IxX6ewye0QC+9nGg6L9ryB0SQWLpM0+3PrIKcPWPsPfCn8vcIHV1PfY19pdU3Fdyf+7f/fP4ahcW34DC9CYBHhd9KuVQfW6+uDg9Mtew==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CH2PR00MB08433246E309260C650727C1F5340CH2PR00MB0843namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c4edb55f-3b65-4fab-636a-08d79893d4f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2020 01:48:19.6088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1q6uLzU5WNMZTd3QxSrkidMjqYx4EBZvwVWzchuROlt35PnOyf9GJMPNbK6hcYxECnOFI2GZjwreEyebwtjmwg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0762
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/jFbRb8aAOr4onsYWbhDWtIhY5Yk>
Subject: Re: [OAUTH-WG] [EXTERNAL] RAR & multiple resources?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2020 01:48:25 -0000

Please don’t use RAR as a pandora’s box to introduce unrelated new semantics, including issuing multiple access tokens.

                                                       -- Mike

From: OAuth <oauth-bounces@ietf.org> On Behalf Of Dick Hardt
Sent: Monday, January 13, 2020 5:32 PM
To: Torsten Lodderstedt <torsten@lodderstedt.net>; Brian Campbell <bcampbell@pingidentity.com>; Justin Richer <jricher@mit.edu>
Cc: oauth@ietf.org
Subject: [EXTERNAL] [OAUTH-WG] RAR & multiple resources?

Torsten / Justin / Brian

In my reading of the ID, it appears that there is a request for just one access token, and the authorization_details array lists one or more resources that the one access token will provide access to. Correct?

I have heard anecdotally that there is interest in granting access to multiple resources, and having multiple access tokens, which would enable different components of a client to have different access tokens.

Do you consider multiple access tokens out of scope of RAR?

/Dick