IETF Logo Mail Archive

Re: [OAUTH-WG] We appear to still be litigating OAuth, oops

Warren Parad <wparad@rhosys.ch> Wed, 24 February 2021 11:04 UTC

Return-Path: <wparad@rhosys.ch>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4DF93A13D2 for <oauth@ietfa.amsl.com>; Wed, 24 Feb 2021 03:04:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rhosys.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9gQoJZq5SjR for <oauth@ietfa.amsl.com>; Wed, 24 Feb 2021 03:04:52 -0800 (PST)
Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 278113A13D1 for <oauth@ietf.org>; Wed, 24 Feb 2021 03:04:52 -0800 (PST)
Received: by mail-il1-x129.google.com with SMTP id c10so1342533ilo.8 for <oauth@ietf.org>; Wed, 24 Feb 2021 03:04:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhosys.ch; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iWqCBlH9sbYetg2YNZAjSd8zkk1yn20xy2RI7oTCwbg=; b=dm3drBWgz9Vt3hElnMhm7UrE0GIloo/j8CkhuuqZRM35EOGFGZ/s49/QRv4jb8ea8O A+AnRcCJk1i8Rl73jHib57BPZ09JWi5DvBmU59FY/n5rmeIfUBpwPsN65D7/qJWn+DFO woAsJVK9+pxywSUriMoNaklXkncAZfaxMA7oQi0qvR0L1vA6K80zd2ShRNOC7McsDBJU HnXx4N4cex3bXGNoF+2/Z9s/a8SL79gr8m2a2WEofzFcJS5plEJl/h/CTl9fprp8lcNh nirAylgBYVrnjqFeSs/LDPaSn8PicDa2r1wmaZlPRs4xVDjEBDGtvmRhfb8gI0Ammwsr dScw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iWqCBlH9sbYetg2YNZAjSd8zkk1yn20xy2RI7oTCwbg=; b=hTJUwOXfE5v8CQsTukmgPzxD7h+3jNvwOWYlItXa28e4jpidEVI5WQuCILv8krIX8+ Ivbto5V+qqkQQCfp1cslyXE9fPbyUC9lnkpYaWzzS+yil1a4A4EMOw8nUN+dibqJRwB2 k1x05bbOpz58rBWQyPZAceAd2MQNCJppafL6TLn8dPGHXf8gW+JFTcUYVH3QD9tFmXoR KALncnZPeHpzJC59lpVEBhXR4Lsk2MY7tkEWlQ3LiomAgP2c1VSCrrEpLMf1+VPGULvG 703QRTp/XAdQJlOYQ3k4QDD0NJ2Ve4yObgdTVp8Vv4aFj6/8PgDjw32QDtMTahvUWkxN 6Z0w==
X-Gm-Message-State: AOAM530FvMr2fn8vboW4QgWNmd7fws8Eb6fzb2zEn1fnqv67t0c/w0xg LT2EjpioxMelplXCUNSN3nkDcPJQIXmSJSaWaFF6
X-Google-Smtp-Source: ABdhPJwWd0euqp01Ne8FmpMFvbmfckXX69MQPPJ3kFhjsLHA16xhHKVQPMyYcm5L5k2RFAa7FPO9DbmF0gs6naT3m5U=
X-Received: by 2002:a05:6e02:1a29:: with SMTP id g9mr22767810ile.54.1614164691037; Wed, 24 Feb 2021 03:04:51 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+LwgbK3HYDjSHnTN3f6hWSQCQrEjHLNn6z0JpfY7hdxaQpg@mail.gmail.com> <A8128346-B557-472F-B94F-8F624F955FCE@manicode.com> <eb2eaaa7-7f7e-4170-ab87-1cc1fdd3359b@www.fastmail.com> <CAJot-L0PS_3LxEkC-jd1aqXDdYF+z8BajSs4Rhx3LgRPn6wkdQ@mail.gmail.com> <DAB127D7-809F-4EC2-A043-9B15E2DB8E07@tzi.org>
In-Reply-To: <DAB127D7-809F-4EC2-A043-9B15E2DB8E07@tzi.org>
From: Warren Parad <wparad@rhosys.ch>
Date: Wed, 24 Feb 2021 12:04:40 +0100
Message-ID: <CAJot-L1e8GegjXjADRQ87tGqnSREoO4bEKLX+kPkZFsQpevGQA@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Bron Gondwana <brong@fastmailteam.com>, Phillip Hallam-Baker <phill@hallambaker.com>, "oauth@ietf.org" <oauth@ietf.org>, ietf@ietf.org
Content-Type: multipart/alternative; boundary="00000000000004ce5305bc130194"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/pZ1hh5DS_nNaRO7futSML-MDRUI>
Subject: Re: [OAUTH-WG] We appear to still be litigating OAuth, oops
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 11:04:54 -0000

I would prefer Bron to answer that question, as they are the one who
started this email thread.

However let's look at GNAP, I've honestly been struggling to understand at
least one fully documented case that GNAP supports. It seems in every
document the only thing that is clear is GNAP wants to allow "everything",
doesn't actually talk about an example.

By NxM, I assume we mean that the end user or client is free to select
whichever AS they want, in a way which the RS can verify the AS credential
and the user identity, without the RS having to (and really without the
ability to limit) which AS are allowed.

Would you agree with that statement?

Warren Parad

Founder, CTO
Secure your user data with IAM authorization as a service. Implement
Authress <https://authress.io/>.


On Wed, Feb 24, 2021 at 11:36 AM Carsten Bormann <cabo@tzi.org> wrote:

> On 2021-02-24, at 11:22, Warren Parad <wparad=40rhosys.ch@dmarc.ietf.org>
> wrote:
> >
> > Should we solve the NxM problem, and if so, how do you propose we do
> that?
>
> Let GNAP do that.
>
> Grüße, Carsten
>
>

v2.23.0 | Report a Bug | By Email