IETF Logo Mail Archive

Re: [OAUTH-WG] An access token claim to identify data processing purposes

Roberto Polli <robipolli@gmail.com> Mon, 04 April 2022 16:17 UTC

Return-Path: <robipolli@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B9983A0BA9 for <oauth@ietfa.amsl.com>; Mon, 4 Apr 2022 09:17:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 35_Vvnmoqo07 for <oauth@ietfa.amsl.com>; Mon, 4 Apr 2022 09:17:52 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77A353A0B77 for <oauth@ietf.org>; Mon, 4 Apr 2022 09:17:52 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id k25so11863263iok.8 for <oauth@ietf.org>; Mon, 04 Apr 2022 09:17:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FMCjJ4MBywPkXyMsXFY2RMSDYrO+LwHnq1CIqCdNV5M=; b=oa+Z2uue3o93lrKbfU4Wm3Z6k8d7yejfSyiwInHRucdm141hjXGMw49ggL9hURqp/M 1oIffoGDYuBERMFQVrIkf3Qv0R91upXL0IOlaoRqUGvULhMyRQgW4V6Emmm+aKlQmbW3 joRyORNaXph588ZtaROX5tr872zSdRm+1WrZIB9B7VkB37klxc4QbJqcJ76dhE0Z/oOX tug9QtVJJ1puL/LVeyuWk13U388IKj6bxV7hQGbwGO6Y1OZ96mgGAKOrseuLwilIwvRn 8f+zXXdOePKWpS3sXEyayMmzXLIf4EdRqssEtONss7rUVZsoyn6XUWPJlbrMa5Bfgb7U HDVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FMCjJ4MBywPkXyMsXFY2RMSDYrO+LwHnq1CIqCdNV5M=; b=2dHLjmQrjjUB0x1OLrM8UnIOt7Qd2/VRP1tjJXgkBbYF0f9MI1rMUC9gKDIq80530W EG+jFf85ud/5fZlTthaD4W4kfBbGh/FSvALBKhinPmdBu9OvBtZRHCm3B3qiMVelmo44 kQsWB4coyZtMF1Xn11F+emKXP70yZwB0E1PIKJAfI827lRJucNGbr+NkIq+wcYMsrZa0 1gmU1Gw1370+Fh7RQ1Ygk+QgCYQ+TFs5939jXcbpqYs9oZLZJ40QLJ9Z64brqFEeVy7F YVhr3KCyneIi+zk26/Y23dQYiLKaOF2JNvnoxjgbtNFqu+WeHbitcf1yroIxUSNMCySj bRLw==
X-Gm-Message-State: AOAM5330JURCeMq7gQ+UwZZiIJmuoXS3/tqlya1VQrqDyU/isrxQ9ng9 n2pDwyK4J1cLoSa6Fg8V8Iko0YYoOWEOd+j8+L0EsY3z
X-Google-Smtp-Source: ABdhPJz9+l/tNw5kYHw4NIXGlPlzZMyQ9OIk/a8sMaTI58QUcuwQDW5HuzBq06rbA79MgM0tha7qEIVmzaffy11tArY=
X-Received: by 2002:a05:6638:2611:b0:323:be52:bb0e with SMTP id m17-20020a056638261100b00323be52bb0emr211038jat.232.1649089071353; Mon, 04 Apr 2022 09:17:51 -0700 (PDT)
MIME-Version: 1.0
References: <CAP9qbHWPfswiPFhi4ijiYO8BcFJagWHROgBtqVZzB7zghdCzsg@mail.gmail.com> <CAHsNOKd3xe4EmhJvdGGE5V4fpq=sY0gWUvYJaGiMnVsrv7q-Dg@mail.gmail.com> <CAP9qbHVnENZwCZyygFdf0wqwE0fD_9yghV62vC4wpArSTYW9-A@mail.gmail.com> <CAHsNOKfO7_c3Ls_cZURsG62gDGjm3bzgQA0KmVT7FPu6QqMrmQ@mail.gmail.com>
In-Reply-To: <CAHsNOKfO7_c3Ls_cZURsG62gDGjm3bzgQA0KmVT7FPu6QqMrmQ@mail.gmail.com>
From: Roberto Polli <robipolli@gmail.com>
Date: Mon, 04 Apr 2022 18:17:40 +0200
Message-ID: <CAP9qbHWOVCf0_m4uVTD7j7AD_h5zvoB3sDbYTYREE62yRh+QpQ@mail.gmail.com>
To: Steinar Noem <steinar@udelt.no>
Cc: Giuseppe De Marco <giuseppe.demarco@teamdigitale.governo.it>, oauth <oauth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/kIPTfCSyM_Cl6zKF8F-gdV2-Y8g>
Subject: Re: [OAUTH-WG] An access token claim to identify data processing purposes
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 16:17:58 -0000

Hi N,

Il giorno lun 4 apr 2022 alle ore 18:08 Steinar Noem
<steinar@udelt.no> ha scritto:
> Ah, for machine-to-machine the eKYC/IA spec is not relevant - as it requires an interactive session (an authenticated user).
Ok. Could that information be vouched by a third party though?

> But the Rich Authorization Spec (authorization_details) describes how to express more information related to a grant, so that would be fitting I would think.
> We use the structure for accountability purposes, legal basis and legitimate interest - and reflect certain claims in the access token (JWT).
If this is related to public sector API, it would be really
interesting to discuss that topic and see some examples!

Have a nice day,
R.

>
> man. 4. apr. 2022 kl. 18:02 skrev Roberto Polli <robipolli@gmail.com>:
>>
>> Thanks Noem,
>>
>> Il giorno lun 4 apr 2022 alle ore 16:32 Steinar Noem <steinar@udelt.no> ha scritto:
>> >>  I'm looking for a standard way to express data processing purposes in access token/requests.
>> >>E.g an access token request/response should provide an identifier linked to the reason that motivates
>> > Maybe you’ll find the work on RAR and identity assurance in OIDF interesting?
>> > RAR could be used for indicating a “legitimate interest”, and IA could cater for accountability.
>>
>> You mean the authorization_details and verified_claims ?
>> Interesting! Is was wondering whether there was something more concise,
>> but I will investigate if that's viable for a machine-to-machine interaction like the one
>> I'm working on.
>>
>> Thanks again,
>> R:
>>
>
>
> --
> Vennlig hilsen
>
> Steinar Noem
> Partner Udelt AS
> Systemutvikler
>
> | steinar@udelt.no | hei@udelt.no  | +47 955 21 620 | www.udelt.no |

v2.23.0 | Report a Bug | By Email