[OAUTH-WG] Feedback on OAuth 2.0 Protected Resource Metadata

Ralph Bragg <ralph.bragg@raidiam.com> Sat, 14 September 2024 03:34 UTC

Return-Path: <ralph.bragg@raidiam.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE623C14F70D for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2024 20:34:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=raidiam.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sd5kLdDFH0yN for <oauth@ietfa.amsl.com>; Fri, 13 Sep 2024 20:34:27 -0700 (PDT)
Received: from CWXP265CU008.outbound.protection.outlook.com (mail-ukwestazon11020082.outbound.protection.outlook.com [52.101.195.82]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59659C169433 for <oauth@ietf.org>; Fri, 13 Sep 2024 20:34:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mea+IqoisJsKZNnAGv568Hu3aI8+dAkBvk6JhIXNiNB491dn3bohO1qYZxGMWhUkQGwT+vNTlO23e0Jz64/eALjRtHuhK4pokM8pN5T4gujf3+Y3quxO1lE+ozzNfgIWd6P9TkAnBVqnHzi05UsnZMakWM6htbFOXlbBXTbxl3UEddICpmIPVvinDyK8Ga3UoRkqbN9gI+nNtbpli+U2cSD9Rr9IPrmgdTC1G2McD2wsV1Z0FdJDPsw5p4LljdWJhq4xNTg6tbka3dz1NvcKEEGjF6lb1CIlZJ8mcuzVMa5p1IRgNm3nWnjONrYeq/NIUNkuI0XIVaNH+6VjatfcDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qTCaTAmx0x5XNI/C0mg/btLXLnUlnDGCq+3BhOCvfpg=; b=Z80OgmfFbjtfKC7I4x/4GSVymiF8AwdbE8Xd96ygZS1hk6I7E2EcCl4v1nrtEiz+NfeOK3Q4XUNuLjla7iwJZfuqzHjSwH7z6dlIQb8O3W37HIj6fE1oBd1QdWvGgwHToNJEQlgvgteYQVUYni9WyXPuJKYVRY/zJ60ZZWvJ70gOpINXcq5nuIh2i/GH6hjztZuIHTpo1HwxQK3lPU67kwRnrrvATZDzWczTabAda7Lnytut89U+Axg3wlCWs3ptQ9TYXcXeY+PiAm5O5Scl1M1n4SuwBMu8j3fNC2LXSSEophxqINefijgupVnJXF6Jid9H/qz3dFFbnDZMXm9T9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=raidiam.com; dmarc=pass action=none header.from=raidiam.com; dkim=pass header.d=raidiam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raidiam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qTCaTAmx0x5XNI/C0mg/btLXLnUlnDGCq+3BhOCvfpg=; b=h8KvxqKIottzuppCvIhogAd5YrS4DVRaZQfwHmb0LJLOaUzD+DprBlNuyQv8ki+2REjKJPLKnVZ1kL4aQNi1BBSLZiNEpI2gqcucEFYcntBxc1NQebRXnBdjIaEI+lh8IltJCz64qYoPAYguL5DjSmJoJN2xBDbW3QKvl/PV488=
Received: from LNXP265MB0620.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:11::14) by LO4P265MB7370.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:33e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.21; Sat, 14 Sep 2024 03:34:24 +0000
Received: from LNXP265MB0620.GBRP265.PROD.OUTLOOK.COM ([fe80::f61d:bbd:db2c:196f]) by LNXP265MB0620.GBRP265.PROD.OUTLOOK.COM ([fe80::f61d:bbd:db2c:196f%3]) with mapi id 15.20.7962.018; Sat, 14 Sep 2024 03:34:24 +0000
From: Ralph Bragg <ralph.bragg@raidiam.com>
To: Michael Jones <mike@self-issued.consulting>, "michael_b_jones@hotmail.com" <michael_b_jones@hotmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Feedback on OAuth 2.0 Protected Resource Metadata
Thread-Index: AQHbBlXFqjFEHD4njUKx9v8y7cJU0A==
Date: Sat, 14 Sep 2024 03:34:24 +0000
Message-ID: <LNXP265MB0620203F4D97C1AA81D49239F6662@LNXP265MB0620.GBRP265.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_e89daa53-33ce-4898-b4b5-ead099c5b005_Enabled=True;MSIP_Label_e89daa53-33ce-4898-b4b5-ead099c5b005_SiteId=ecb51cf4-27f1-440b-bed5-50fc2ffbea8d;MSIP_Label_e89daa53-33ce-4898-b4b5-ead099c5b005_SetDate=2024-09-14T03:25:38.9888332Z;MSIP_Label_e89daa53-33ce-4898-b4b5-ead099c5b005_ContentBits=0;MSIP_Label_e89daa53-33ce-4898-b4b5-ead099c5b005_Method=Standard
x-lsi-version: 1.0
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=raidiam.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LNXP265MB0620:EE_|LO4P265MB7370:EE_
x-ms-office365-filtering-correlation-id: 129dff01-d249-4a6f-dbbd-08dcd46e20c7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|69100299015|376014|38070700018;
x-microsoft-antispam-message-info: nae+/QIm/Vx5ZXkdvhiMf4F+QeViWEzhfCerUx9Cmh6gpcu09q8MemoRmVMP44WtNLJpT6d8cNB7QW+Clgpx47KKUz3qS9n17fL2fAmhPXOVMX1L3oNaHLbo2+WefKkdGPsZdYE9xDodPTywDZMXmRvIMVJD42NteTM2jEHd0j0nW+u66d6eEH4SuoyENpXMU7uammTyxZ3RYfNOCCX569cZW0Ih+wzrfqU5GTjkiGKOkFnqSgs1lql0V3W6aH2Ig50cs3eUASrOKamPWVcz0+/uSjpoE4l7faYgZaqk0mbQtm6kiSUDzs79nNbz47nXoUug25IPGEOWv23zMQvuRv3QaXZfYMayuXg7MqXh4xMt4GXCdzZ4lvVxLeUMJIUgKxFAEw2l1l/0SSTdaluKYaFIuJ8hFLkFmg+R+uVA3kfTR2DNICNeUvPtO0zpztFlb8TlSbff249PpaHUMAtiYHj6yaX23OWkNSxVb4rpzYIptMn7kXGImkPSE8f5MLlLRjAbJz2MajVrh30Lu2u3yJ8BUnoYJgSd+5T2g4vwSL4CRJkHAQCReMqcLVBjn8Kxjf99Efb2eEYTkNahdg0QUH6SYB/XhWBCS+3ptA+ZQUzsSY3nPdrPembNMxQtn0HQhx9wRoVHoX0GvoMCA3skn3x3XqE++hNOs8WxhZUdl3XIfPax6sQpt1we5jGezSVp7qWtOg9ioy63cajBwxYHT2XgHUSMZmO7Scu05mvzIIEUWTXNNmJ4CewaNKfoQhnD7pQ46deqreajoBz7U2PNZjRKAIt8+M151+wBzAn6ujIWjmayRv+n8CAyRp4SxsyAJrv9UOJ5tFFvg46DEuBFBpD+U5OJ6XOy27XuWwnz9LdiKMyNbEqzxV3digJ6dplvHIQDga1iuUWw6a6gF2Ych5ZAIqRlARsJIT9zQBkXHt+nUd1Y1GHGCKFe1ph+6jtPi/JcvSPBK2JHnQ3GQub/ulN40j8DVaQyzTUnGByKb/vQSWZ+BOTj287DKw6bh4QreQPP0uUoR58n/AwBqyCVe347ONrWwhyq21NSkP0jRnQPOJt7PyoAYsypbxM8AnafKeDUZcyjItTin4Wa/tZ0NyKWFtXvH++D14nK5n4i31ZOr7fjq7Rh1+sJfRkrS3ki7Rs1avQF7U5sYK//12hbcdICqzNUvOFFzJ2zqC+YDRqLmP3d9HgoYcoeAsSM1mqWlsKhoBdKPHd0gSdkqQtPp6xrPBRcwYocMGIUmNCD1d6JViOytWG+HL86y/w4hjXn4jOqFDZUr6xivIGZyb04CrOUBVr8to/izPejARruDwdKQbLClQj/Gpc6u0LqcakRKtYflIdPdnRwfoZpQ9m522f3/suOO3eOJtIoOtRww3Y=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LNXP265MB0620.GBRP265.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(69100299015)(376014)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RKbfB3BI/ikA047G98TQ1juTuK5Yx1eBJzG0jH0bUdM6D1T0uYWYZa92M/hDINNJf/iHNYBfGsxtYQYzV5KQ9Ntm6+2W7Cz0BQAjBKFDwWP7q7gSLK9VIxFYjIQbE5fMK2wXphTAZidDaKKsspmKr9/6IscyNJps4bhKzMN7TF2T5mkne7evB1r+SgzopZ/R+42iE4gton985EdNRUU/DuEpeSuV0ZfCmsvzJv4bCY4ZNoQTbrrrqSc6ViqEjiVL8ECEFzsvzcvOsSN9MfTiMdpT87lveAZRdQNTBEjMsDJ9ZK8gkOvTrZOXhkILqAP9pYGzKcLu02QrTWmeiV7E4J6mgDG8XnZe28HY6SiqErEUp/VWeUIULoWYPI6djTtxdsLkYBhJAn1KP3kUmQN7Am/LwGFy2SIngj/76Icrc+Kb/ZQ/eMTz6n0OU7YLARFRnDF6fnwsh77A0fwnhq0fqXSgg92TumhvCY3uB/w3HpwDn2J1tiINqrMrMmAfjUguwgJ42WzCcafSKUz9K5p2jODVPpd2tE09J7UOJ7V21B2Rw5jvu7OznDDWgJdPZ5VAo0jgZ8EcgThsjwx0px6d0OOd5Ed9XrSaX9gBIljCcTe2vqembYZnCK+CMcSr0u70cc1NVTUKhnBLqE6vgMDO4m0RoB3sIsTcyZbBlR8XzAI0Oj6ANdKEAkxI6Tlsi4V6HioWseXOXl10zk7PjGdjr8cl22AD+dFspBxr8qhIT+btJ/DKtgrKhnUTf6iWYfamofjzkln9WUUJqMbKBHHQdm0R2ieaRPYKRmmpOMltLdkdpZ0koL/60FfxhC+n1V/03pdct4HejzLRAdGm8zgMKNxMi+HX1YPLYD1uFmFw0Lb9Td6keWTxWH09p0ExaSuLSA0I38INVkSDgv1tclc47yvOSEh46xMPYFQVjDmRF6u1kJa+//DFJNIduRJ8TFW6Id1BnR4xgLv5TBBV/HTKO17+F7lV1TJOaAZzwO36EordWbHgETDGUX4gEeMhMxghsww89UImu1gMzm5vwFUv7cINWfIUNzly71vWFt6oFWq8yksmXesM6OP2hl70z7yy6jjccHQ0LgIvrL+8Bj3cTSl/26wmYb1Bx8D9u3FPhlAc/znHrTLQiRosGE32p1dapGgRsp/U95xsyJq4AIuLjkTu8u+6taJIFLZg0bIAcspoSk+6lVcH9P+bb3unYdcYth+UlSv3YDzKZjLcw4hdOl/DUCdCl/yP78pBEfi86O8BH4/+uABCN7kU9Nh+uoDE2eTTwjVQK3NU6oVLuefM8dm2mS4a5JwJaAEem5iGPh1ou7ub6bc6MKTzkqxsTIuuSGvBUed4O/BLkhe11RW6lpglIKHkMy+QTsIJWtXuR9xRJqeEciK1AsOCR/j9EgxGxY11zvNPeeCnrUo5ZJeicXzgl8Bz6u2HJGmZgTSTYIhb1F8jACgTiBQC1Ru/BKfSq4MyCD3ugI8+hlzdVOSP6vI8BF9HkzBQEno4O3rNwtsr1VxvfeD5BFjp/1ny9wiO7oaa0uRgDPcdvNNaPPaFF4vDxVVxH5F5UVjvLsuefaZAzxrnitY+Ed8yjIN1cJtgOn3IdYXEI/Yl+VO4o5771i8X+XjrX5qOXHYEk0WTvm4=
Content-Type: multipart/alternative; boundary="_000_LNXP265MB0620203F4D97C1AA81D49239F6662LNXP265MB0620GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: raidiam.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LNXP265MB0620.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 129dff01-d249-4a6f-dbbd-08dcd46e20c7
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2024 03:34:24.1021 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ecb51cf4-27f1-440b-bed5-50fc2ffbea8d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8MyO/+cr4EezyCjCpT4WzjbDBkNO05A3b10XPP+plVuZpMi31RUZ+sPJ9grjfSX/wzPinBscaOuruW+Do6up3Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO4P265MB7370
Message-ID-Hash: JDSOZWK2KNQX4MGCMEV2D2Z34OYPL7N7
X-Message-ID-Hash: JDSOZWK2KNQX4MGCMEV2D2Z34OYPL7N7
X-MailFrom: ralph.bragg@raidiam.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Feedback on OAuth 2.0 Protected Resource Metadata
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/txKa1w5f8b9s3_J1i0CAkYLNfR4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Hi,

Can I please request that additional metadata types for describing resource access requirements be included from the RAR specification (https://datatracker.ietf.org/doc/html/rfc9396#name-relationship-to-the-scope-p) in the

https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-09.html specification.


RAR is an alternative to scopes and the use of only one way to convey authorization to access the resource is recommended in the RAR spec.

Combined use of authorization_details and scope is supported by this specification in part to allow existing OAuth-based applications to incrementally migrate towards using authorization_detailsexclusively. It is RECOMMENDED that a given API use only one form of requirement specification.".


Oauth resource servers that have moved to supporting rar should be able to advertise using the oauth resource metadata specification the rar types that are required to access the resource in a similar way to scopes.


Thank you for your consideration for this change as I understand this draft is in last call.


Kind Regards,

Ralph



Ralph Bragg

Chief Technology Officer

M.



+447890130559

T.



0203 148 6609

ralph.bragg@raidiam.com<mailto:ralph.bragg@raidiam.com>

[https://storage.letsignit.com/icons/designer/socials/Linkedin--circle--black.png]<https://cloud.letsignit.com/collect/bc/652d0421e161c54081b81962?p=TMTQYP7uhVuEibYQ91RsC3IoNUOt5RBT8PxKu46ijB200WFOdFgfuybDSNA7VsIsDfVuTvGEfkoMzngn2LEx6sZgJoSeY6SRq4DADGvENbcrCp3R8bPY3ukqcgnAE1QBOE1aeRl-_3D7UXCGJdZ1M7e1qUDa1Q4HzoARy0RaSJE=>

[https://storage.letsignit.com/5fd527570105a500075428f0/generated/effects_08e3e03b4f71b6a89cf4bd9f429daac0a7f6dd1ccb38a410fc760991.png]

The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.