IETF Logo Mail Archive

[OAUTH-WG] AS Discovery in Distributed Draft

Justin P Richer <jricher@mit.edu> Tue, 06 November 2018 05:19 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55DE8129619 for <oauth@ietfa.amsl.com>; Mon, 5 Nov 2018 21:19:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Djbkg9woDHbD for <oauth@ietfa.amsl.com>; Mon, 5 Nov 2018 21:19:27 -0800 (PST)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 712AF12D4F0 for <oauth@ietf.org>; Mon, 5 Nov 2018 21:19:27 -0800 (PST)
X-AuditID: 1209190c-a6dff70000005694-ce-5be1245d570e
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 63.D1.22164.D5421EB5; Tue, 6 Nov 2018 00:19:26 -0500 (EST)
Received: from outgoing-exchange-3.mit.edu (OUTGOING-EXCHANGE-3.MIT.EDU [18.9.28.13]) by mailhub-auth-4.mit.edu (8.14.7/8.9.2) with ESMTP id wA65JLd7024747 for <oauth@ietf.org>; Tue, 6 Nov 2018 00:19:22 -0500
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id wA65JUxq016558 for <oauth@ietf.org>; Tue, 6 Nov 2018 00:19:30 -0500
Received: from OC11EXHUB11.exchange.mit.edu (18.9.3.25) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Tue, 6 Nov 2018 00:18:12 -0500
Received: from OC11EXPO25.exchange.mit.edu ([169.254.1.63]) by OC11EXHUB11.exchange.mit.edu ([18.9.3.25]) with mapi id 14.03.0352.000; Tue, 6 Nov 2018 00:19:19 -0500
From: Justin P Richer <jricher@mit.edu>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: AS Discovery in Distributed Draft
Thread-Index: AQHUdZBEwtYfru+j+0SsQMl40PsGQg==
Date: Tue, 06 Nov 2018 05:19:18 +0000
Message-ID: <CFFB07DA-F980-4B47-95D9-051BF660D736@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [18.9.1.94]
Content-Type: multipart/alternative; boundary="_000_CFFB07DAF9804B4795D9051BF660D736mitedu_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrBKsWRmVeSWpSXmKPExsUixG6nrhun8jDaYNdsLouTb1+xOTB6LFny kymAMYrLJiU1J7MstUjfLoErY9XrS2wFE+Qrnv56wtbAOFmui5GTQ0LAROLOrN8sXYxcHEIC a5gkOk/fgHKuMEpcntrGBOHcZpT4M2k6I4SznVFi0re1zBDOSkaJ/nfX2UCGsQmoS2ybdocJ xBYRUJXYd/QKO4gtLKAl8XLpQhaIuL7ErL+9rBC2nkTfrfNgNSwCKhJ/V30Bi/MKWEn8Orsd bA6jgJjE91NrwGxmAXGJW0/mM0EcLiCxZM95ZghbVOLl43+sELasRMvnm6wQ9XESvye0skDM FJQ4OfMJywRGkVlIRs1CUjYLSdksRg6guKbE+l36ECWKElO6H7JD2BoSrXPmQtn2ElfPvGRH VrOAkWMVo2xKbpVubmJmTnFqsm5xcmJeXmqRrqFebmaJXmpK6SZGUMRxSvLsYDzzxusQowAH oxIPb0LRg2gh1sSy4srcQ4ySHExKorwdLA+jhfiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwKrEB lfOmJFZWpRblw6SkOViUxHkntCyOFhJITyxJzU5NLUgtgsnKcHAoSfDqKgMNFSxKTU+tSMvM KUFIM3FwggznARqeDVLDW1yQmFucmQ6RP8VoyfFoRscMZo53YPLKmc4ZzEIsefl5qVLivOwg DQIgDRmleXAzwQmUk1nwFaM40IvCvPNAqniAyRdu6iughUxAC+/JgnxTXJKIkJJqYNwz79ge 2a1+zQwTPtuJXb4rIrVL+QR7Ht/OuZE7P/bb/17BvtQhqKQ33s/WOoKT+ahXqH36Mfk+uawt LVczHu5u5Jwf66Wr+36lzR/2murTft+uiFkucZrAvGoz3412Nc0FB2Pjrte4CgYb6/HufOpT r/pra1VI5ISjLBVr5790dFKc8V1LU4mlOCPRUIu5qDgRAEsXwOh7AwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/lQEouIOvMg_VAp78bvKEQVOs3i0>
Subject: [OAUTH-WG] AS Discovery in Distributed Draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 05:19:29 -0000

In the meeting tonight I brought up a response to the question of whether to have full URL or plain issuer for the auth server in the RS response’s header. My suggestion was that we have two different parameters to the header to represent the AS: one of them being the full URL (as_uri) and one of them being the issuer to be constructed somehow (as_issuer). I ran into a similar problem on a system that I built last year where all of our servers had discovery documents but not all of them were easily constructed from an issuer style URL (using OIDC patterns anyway). So we solved it by having two different variables. If the full URL was set, we used that; if it wasn’t, we tried the issuer; if neither was set we didn’t do any discovery.

I’m sensitive to Torsten’s concerns about complexity, but I think this is a simple and deterministic solution that sidesteps much of the issue. No pun intended.

— Justin

v2.23.0 | Report a Bug | By Email