IETF Logo Mail Archive

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Mike Jones <Michael.Jones@microsoft.com> Fri, 20 July 2018 15:13 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E647E131053 for <oauth@ietfa.amsl.com>; Fri, 20 Jul 2018 08:13:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MszAmqYwcCDQ for <oauth@ietfa.amsl.com>; Fri, 20 Jul 2018 08:13:49 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640105.outbound.protection.outlook.com [40.107.64.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58ED4130DCC for <oauth@ietf.org>; Fri, 20 Jul 2018 08:13:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vph+zRJScmeyqecHSqorW4swtwdv9sUZflXQrIkwCVo=; b=lnCxbBPogd7ZefW4Fzp7Qikgmw0thQ52FQ1gOLAeXbUjOFa3QZNW/Wi0yn6JO3JNO3GzV1aMkTnud2yozRpOdCVf3UmM/o0wuA1KVZRzaDsc/Hte6imTfdqfJ9Ormvuni3gmsBLatZl9kozIZjWUeGPCvoDa0iec6CusyttW33c=
Received: from MW2PR00MB0300.namprd00.prod.outlook.com (52.132.148.31) by MW2PR00MB0297.namprd00.prod.outlook.com (52.132.148.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1016.0; Fri, 20 Jul 2018 15:13:47 +0000
Received: from MW2PR00MB0300.namprd00.prod.outlook.com ([fe80::75b7:1894:dd72:4ede]) by MW2PR00MB0300.namprd00.prod.outlook.com ([fe80::75b7:1894:dd72:4ede%9]) with mapi id 15.20.1019.000; Fri, 20 Jul 2018 15:13:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, Filip Skokan <panva.ip@gmail.com>
CC: oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"
Thread-Index: AQHUH5tpAEJtgz4Ml0eD0vJ2JOwxQKSXJEAAgAB/7ICAABQvgIAAAxYAgABuUoCAAA7yUA==
Date: Fri, 20 Jul 2018 15:13:47 +0000
Message-ID: <MW2PR00MB0300E556CAC7F285C11DB784F5510@MW2PR00MB0300.namprd00.prod.outlook.com>
References: <CAGL6ep+p-JsvuT5imuNN=NXg2rGX98omibO7KeGxAu3yGpaiWg@mail.gmail.com> <CA+k3eCRy_1_pgB=KWJMOgUAEgwX_jrSkpBrffk__khV_Jv1nDA@mail.gmail.com> <TY2PR01MB22971D8FB9BCA1513C3794E9F9510@TY2PR01MB2297.jpnprd01.prod.outlook.com> <426DBA0B-CC9B-4D9D-9ED8-5AD779159638@lodderstedt.net> <CALAqi_-hciPUdQbq7kmu-mJMECjVzj_Xp_vDsdYi_yCDCG8=wg@mail.gmail.com> <CA+k3eCQx3puZsgyBGf=GAeAcYmrJMTgkU90WUu3W-VNU6-KurQ@mail.gmail.com>
In-Reply-To: <CA+k3eCQx3puZsgyBGf=GAeAcYmrJMTgkU90WUu3W-VNU6-KurQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:67c:1232:144:b451:cffc:cd3a:d087]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0297; 6:ohkhPZmU0LAVqZwGyTN26XtLZPsfw1CvZjLB+GyBK+xFmHetaTUR/BC43HwQJ01k4qwtMdVcw6DILs4r6wkn+QMpRb/dIx/IwfQpLriqVeQZ91/csK/Cf7qoaurEDUTepogWEYCs+hJuHKSADUXdPabZdwVuBHAwM6EsIhjaDwwaFFg+ezAOWURhC/Z4cmWFfiiV87emA0ZcFjZ/ERTvp5pE/sET1GI76lOHc/IOgB3JihHrieXEMW9ypmutCpdXuWz9IsvebypB2Ruf0IlZLH8gz+EhUphQtc8xL6IgkfviMFdaGAbqhtgNFyvrVlSQLZzEzRMXI/j69+DJoHPDALvcOjmI78PAuJuRBxZcQ3GNtcgH/+9opZS0hZDdgSVTQ8rccYv1vSe7sgHuFHRMJO9b6vptq/YXFWs7cApexdzIy30+dqY9o2QhULoXseEcR+xZmCVRFcrAvSv/u0Yy6Q==; 5:tzZyY4tSihbTPuFM5Sx94Hti0QMdXImeFJyAqlfnqHrwJ0gUFT6hWvra0txRqxeysXc7ne7JdRtF93b2ZErAyysivBAbMnUuPKsWibobB0OafZbF4GHOZoPG1U+ALAHSLz2IGLqp9/AXM7OrYUyE0zpUeqpKa7RsZtjYg96kZQ4=; 7:50UFFC1hfWGGYeJ6HwLu+xlv7KOn6ypX1xV8TNSb/aubPw4l00JP1sDsLOYwRuZp63x45Qe9e2u1r8BeRA196ndo7nfXKGjCSd9ZmlSMK9aP3MbpP78ks8LFJJ2Ns+3vYc+webgnGAbjHorzBMFe6YpnWGZctHoCbVWN+UFl/kGl6nHqPFJ0ANi4ODkZQ5zmf+nnzQ/X33oxj3p5cdCe2W3iAJG5nTjNg+5WEVyodhXYFv1kUDazvd4YPvUltIzO
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: a8e95315-3e1d-4a1e-71bd-08d5ee536454
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600067)(711020)(4618075)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7193020); SRVR:MW2PR00MB0297;
x-ms-traffictypediagnostic: MW2PR00MB0297:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB0297801F2DC590EBB73A09ABF5510@MW2PR00MB0297.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(223705240517415)(85827821059158)(100405760836317)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3002001)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(2018427008)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0297; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0297;
x-forefront-prvs: 073966E86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(136003)(346002)(396003)(366004)(376002)(189003)(199004)(53754006)(256004)(53936002)(9686003)(6436002)(236005)(476003)(86362001)(8936002)(2906002)(55016002)(790700001)(5250100002)(105586002)(106356001)(6306002)(81166006)(68736007)(25786009)(54896002)(8676002)(6116002)(486006)(10090500001)(446003)(99286004)(11346002)(606006)(19609705001)(86612001)(97736004)(81156014)(14444005)(7736002)(6506007)(110136005)(10290500003)(4326008)(39060400002)(478600001)(2900100001)(7696005)(8990500004)(186003)(316002)(53546011)(46003)(33656002)(74316002)(229853002)(966005)(93886005)(72206003)(5660300001)(14454004)(5024004)(102836004)(76176011)(22452003)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0297; H:MW2PR00MB0300.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 9yJeAZcIsFHr4mO873lp3WeEljNUpnsiRBce3VGhWYdUoF0dQoKuQ7uA5uom/UBIA3HY9jQDtKP7KrCiu6NJOyiP4jQZssPk94eKMrG7lxP6iqmM6kY24oPdO4kvC5SuET/7QGHLuPBzeRo4nDLqf0sqge7V2ZekkAMX9KpXxMqdgblLKjf//uDQEd+jtXJbq4Y5+yyNK59p/rEJlaHucjJVEdhPByOi5iWGDRMEOEBScUJlmDSLDeQd8WBideNglQERTFvnW2t2BxUsA9dOUFswdjR9E7uLoL28EMijIBAo/giM3tGZNqtQk8kFesdyjBm5GHba8+mGnZA3CaASFK6wpYYCn0VVSrGp6fKxNKI=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MW2PR00MB0300E556CAC7F285C11DB784F5510MW2PR00MB0300namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a8e95315-3e1d-4a1e-71bd-08d5ee536454
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2018 15:13:47.4294 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0297
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/pIBoCFxRB8zJwgD9fLsJrOhHKWk>
Subject: Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 15:13:53 -0000

While I agree that a single requested resource is the common case, enough people have spoken up with a need for multiple requested resources over the years that I think everyone will be better served by leaving the ability to specify multiple requested resources in the specification.

                                                       -- Mike

From: OAuth <oauth-bounces@ietf.org> On Behalf Of Brian Campbell
Sent: Friday, July 20, 2018 10:18 AM
To: Filip Skokan <panva.ip@gmail.com>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

The current draft does allow multiple "resource" parameters. However, there seemed to be consensus in the WG meeting yesterday that only a single "resource" parameter was preferable and that a client could obtain an access token per resource (likely using a refresh token). I'm personally sympathetic to that point. But maybe it's too restrictive. I would like to see some more text about the complexity implications of multiple "resource" parameters and perhaps some discouragement of doing so. I believe logical names are more potentially useful in an STS framework like token exchange but should be out of scope for this work.







On Fri, Jul 20, 2018 at 3:43 AM, Filip Skokan <panva.ip@gmail.com<mailto:panva.ip@gmail.com>> wrote:
Hi Torsten,

> Multiple "resource" parameters may be used to indicate that the issued token is intended to be used at multiple resource servers.

That's already in. Furthermore what about logical names for target services? Like was added in -03 of token exchange?

Best,
Filip Skokan


On Fri, Jul 20, 2018 at 9:33 AM Torsten Lodderstedt <torsten@lodderstedt.net<mailto:torsten@lodderstedt.net>> wrote:
I support adoption of this document.

I would like to point out (again) a single resource is not sufficient for most use cases I implemented in the last couple if years. I‘m advocating for enhancing the draft to support multiple resources and a clear definition of the relationship between resource(s) and scope.

Am 20.07.2018 um 08:20 schrieb n-sakimura <n-sakimura@nri.co.jp<mailto:n-sakimura@nri.co.jp>>:
+1

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Campbell
Sent: Friday, July 20, 2018 7:42 AM
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>>
Cc: oauth <oauth@ietf.org<mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

I support adoption of this document.

On Thu, Jul 19, 2018 at 4:01 PM, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>> wrote:
Hi all,

This is the call for adoption of the 'Resource Indicators for OAuth 2.0' document
following the positive call for adoption at the Montreal IETF meeting.

Here is the document:
https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02

Please let us know by August 2nd whether you accept / object to the
adoption of this document as a starting point for work in the OAuth
working group.

Regards,
Rifaat

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited..  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth


CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited..  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.

v2.23.0 | Report a Bug | By Email