Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt

Brian Campbell <bcampbell@pingidentity.com> Tue, 01 October 2019 21:40 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3F711200F4 for <oauth@ietfa.amsl.com>; Tue, 1 Oct 2019 14:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8lge9HBkzlZ for <oauth@ietfa.amsl.com>; Tue, 1 Oct 2019 14:40:46 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71C36120089 for <oauth@ietf.org>; Tue, 1 Oct 2019 14:40:46 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id h144so51910319iof.7 for <oauth@ietf.org>; Tue, 01 Oct 2019 14:40:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=s2aXIuHdyhjtgrTnXbbA6VL5BweB9wTzk6n0lU4jMQg=; b=AAzNLCcQAcM2W7o+rZn4ZcqwwCMF0R7mWkQIBWG/cIJLGKdGo+Nd2pBrRCuqbABJl/ zs1KleakZ17e724dUkutqwQ6B9wU28+ZPDjB5OO1MBXWujMEUS1eOO4X8J11VAUnbPjL mbKbhux5DfJBf0OY5tOgYi/ioEajmky5dv1B4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=s2aXIuHdyhjtgrTnXbbA6VL5BweB9wTzk6n0lU4jMQg=; b=WenJYbpVrnk+WkKAjnrskGfTsnLlMJnE688z+si0QvOyC9xmThPNTlqklmuHtnf8Ot o4e6Tbi40Ni5ahjphcPImKRh86uytlhL3Hgx5La/6jmu58rCabBwYV30gkP/zfRzmOyH JGnpc1mS/EFG/JE5MZqjshx69I8H3TvsES8cpXXM7LpAasBdxZ+oqa9ewUnNsUUHhPg7 R+ZJ14r6AAmExzV204iP740LWFY25RFflnAWSXv7YPPvyCUuJ8eKOtpvNTfKVEQfKFSA qAsQ/103UECkoeqM+pAn6EHUOv89WKWq8d4PSHoaKvdrKZNP23uF0acgYtKaF+GhrL20 36CA==
X-Gm-Message-State: APjAAAUKMR5tfPPl3D+Qx6yfNMK7imV1ykGUgvsoUihvwGiCy6sxvIaZ 7oamirE5AwJL6krjYcLy+DOdA7vMU4Vn+l5sZ/5WdcDhYHajpKtzxMK/pMy9pzpoRcilRhTFCcg yshTaGAHs8xzSmQ==
X-Google-Smtp-Source: APXvYqyh0LEYhXucDSHAB7+xLlORC0WGZVHQuFg/TL7I3FHnjBK5gAOzOPZJHKB1fAc1+3qCHNKWUC2N+Nw8/wtp3Wg=
X-Received: by 2002:a6b:cd81:: with SMTP id d123mr383095iog.78.1569966045579; Tue, 01 Oct 2019 14:40:45 -0700 (PDT)
MIME-Version: 1.0
References: <156907504831.22964.1710780113673136607.idtracker@ietfa.amsl.com> <A82AA337-86BF-485D-901B-3A3C73C6177B@lodderstedt.net> <e4427073-f995-4337-ca7c-99a92c745bf2@aol.com> <CBCF41AA-CADB-4CF9-8BB4-172E4571B655@bspk.io>
In-Reply-To: <CBCF41AA-CADB-4CF9-8BB4-172E4571B655@bspk.io>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 1 Oct 2019 15:40:19 -0600
Message-ID: <CA+k3eCS1Zgoj6UStsQDu=8y5EZioqU5hTysokYPpkZr0dAxhPA@mail.gmail.com>
To: Justin Richer <justin@bspk.io>
Cc: George Fletcher <gffletch@aol.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000074eaa20593e034b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/xfDUmaPJdNLibTr0OAvAUsCPtMg>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-rar-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 21:40:49 -0000

I'm not entirely sold on the draft attempting to define this set of common
data elements in the first place. But that said, I think (similar to
George?) I'm struggling with "data" more than the others. The definition in
the -02 draft is an "array of strings representing the kinds of data being
requested from the resource" and I'm honestly having a hard time
understanding what that actually means or how it would be used in practice.
And I'm not sure roughly equating it to “what kind of thing I want” helped
me understand any better.

On Tue, Sep 24, 2019 at 5:34 PM Justin Richer <justin@bspk.io>; wrote:

> The idea behind the “locations”, “actions”, “data”, and “identifier” data
> element types mirrors what I’ve seen “scope” used for in the wild. They
> roughly equate to “where something is”, “what I want to do with it”, “what
> kind of thing I want”, and “the exact thing I want”, respectively. I’m
> completely open for better names, and have even been thinking “datatype”
> might be better than just “data” for the third one.
>
> As for encoding, I think that form encoding makes sense because it’s the
> simplest possible encoding that will work. I personally don’t see a need to
> armor this part of the request with base64, as it is in JOSE, and doing so
> would make it one more step removed from easy developer understanding.
>
> -- Justin Richer
>
> Bespoke Engineering
> +1 (617) 564-3801
> https://bspk.io/
>
>
>
> On Sep 24, 2019, at 1:45 PM, George Fletcher <gffletch@aol.com>; wrote:
>
> Just two questions...
>
> 1. What is the rationale that 'data' is really an array of arbitrary
> top-level claims? I find looking at the spec and not finding a 'data'
> section a little confusing.
>
> 2. What is the rationale for sending the JSON object as a urlencoded JSON
> string rather than a base64url encoded JSON string? The later would likely
> be smaller and easier to read:)
>
> Thanks,
> George
>
> On 9/21/19 1:51 PM, Torsten Lodderstedt wrote:
>
> Hi all,??
>
> I just published a draft about ???OAuth 2.0 Rich Authorization Requests???
> (formerly known as ???structured scopes???).??
>
> https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
>
> It specifies a new parameter?????authorization_details"??that is used to
> carry fine grained authorization data in the OAuth authorization request.
> This mechanisms was designed based on experiences gathered in the field of
> open banking, e.g. PSD2, and is intended to make the implementation of rich
> and transaction oriented authorization requests much easier than with
> current OAuth 2.0.
>
> I???m happy that Justin Richer and Brian Campbell joined me as authors of
> this draft. We would would like to thank Daniel Fett, Sebastian Ebling,
> Dave Tonge, Mike Jones, Nat Sakimura, and Rob Otto for their valuable
> feedback during the preparation of this draft.
>
> We look forward to getting your feedback.??
>
> kind regards,
> Torsten.??
>
> Begin forwarded message:
>
> *From: *internet-drafts@ietf.org
> *Subject: **New Version Notification for
> draft-lodderstedt-oauth-rar-02.txt*
> *Date: *21. September 2019 at 16:10:48 CEST
> *To: *"Justin Richer" <ietf@justin.richer.org>;, "Torsten Lodderstedt" <
> torsten@lodderstedt.net>;, "Brian Campbell" <bcampbell@pingidentity.com>;
>
>
> A new version of I-D, draft-lodderstedt-oauth-rar-02.txt
> has been successfully submitted by Torsten Lodderstedt and posted to the
> IETF repository.
>
> Name: draft-lodderstedt-oauth-rar
> Revision: 02
> Title: OAuth 2.0 Rich Authorization Requests
> Document date: 2019-09-20
> Group: Individual Submission
> Pages: 16
> URL: ??????????????????????
> https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-rar-02.txt
> Status: ????????????????
> https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/
> Htmlized: ????????????
> https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
> Htmlized: ????????????
> https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar
> Diff: ????????????????????
> https://www.ietf.org/rfcdiff?url2=draft-lodderstedt-oauth-rar-02
>
> Abstract:
> ????This document specifies a new parameter "authorization_details" that
> ????is used to carry fine grained authorization data in the OAuth
> ????authorization request.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._