Re: [OAUTH-WG] Few questions about HOTK
Sergey Beryozkin <sberyozkin@gmail.com> Fri, 21 December 2012 21:27 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AC7421F85FE for <oauth@ietfa.amsl.com>; Fri, 21 Dec 2012 13:27:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7k+sP4Jvju0a for <oauth@ietfa.amsl.com>; Fri, 21 Dec 2012 13:27:24 -0800 (PST)
Received: from mail-wg0-f49.google.com (mail-wg0-f49.google.com [74.125.82.49]) by ietfa.amsl.com (Postfix) with ESMTP id 896D021F858C for <oauth@ietf.org>; Fri, 21 Dec 2012 13:27:23 -0800 (PST)
Received: by mail-wg0-f49.google.com with SMTP id 15so2407175wgd.16 for <oauth@ietf.org>; Fri, 21 Dec 2012 13:27:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=zoeKWUiib+fvI9Ma49WzVSrO8K04MzMqkSEY5Wy1804=; b=05pwQISHoWPeQQ1JZMVjTnSM2YW+ghgLe6nuM7w0l1jRNhwSwZa3OdgUkrfAME1Gy/ zvLiv2evWFrVgvaJbxS0Gy08g6aI7VnDyPrP03J7vIpOXY/Sf1ensXVKc8gDhuYYO036 +0k6nUUpxaoH0Fp5A7ug7x5/2QX06odRU+1PVNky/TTu0zCZjELMiZAwvA4w4IubX1RP BEdviynNYNdX4JC3bYZ2ohcUzEL2jtBWk+DIsxXXK3RTcwqwTRpjtcXdEWzGvSCqgnI9 vofxadhh27lBLZFxDt01RUJqiv2J/6UeZywuVG+VIkvz4C89tt0iJMw/m7yvv5OftW8X nTeg==
X-Received: by 10.180.107.5 with SMTP id gy5mr7957041wib.30.1356125242658; Fri, 21 Dec 2012 13:27:22 -0800 (PST)
Received: from [192.168.2.5] ([89.100.190.113]) by mx.google.com with ESMTPS id s10sm20244480wiw.4.2012.12.21.13.27.20 (version=SSLv3 cipher=OTHER); Fri, 21 Dec 2012 13:27:21 -0800 (PST)
Message-ID: <50D4D437.2090600@gmail.com>
Date: Fri, 21 Dec 2012 21:27:19 +0000
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: William Mills <wmills_92105@yahoo.com>
References: <50D387DB.4080608@gmail.com> <1356067808.32663.YahooMailNeo@web31810.mail.mud.yahoo.com> <50D444DB.4000003@gmail.com> <1356105294.799.YahooMailNeo@web31805.mail.mud.yahoo.com> <50D4877F.5090301@gmail.com> <1356107576.97442.YahooMailNeo@web31811.mail.mud.yahoo.com>
In-Reply-To: <1356107576.97442.YahooMailNeo@web31811.mail.mud.yahoo.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Few questions about HOTK
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2012 21:27:24 -0000
On 21/12/12 16:32, William Mills wrote: > I would find using a "mac" attribute inside a MAC token confusing. > Inside a MAC token or any other client signed thing I'd probably call > the keying assertion inside "key", and make the payload of that defined > by token type since some things like EC have more than one value in the > keying information. OK. Actually, the draft uses "mac_key" to identify the key inside the token on the outbound path from the server, and "access_token" assumes the role of key identifier which is quite minimalistic, the access token has gone - the key has gone, hence the key scoping is supported... "mac" is use on the path from a client to the server - but it is not part of the token as far as I understand - it is the client demonstration of the fact it received MAC token with the "mac_key" inside it; naming "mac_key" as simply "key" (which I read you suggesting) is a good idea IMHO Sergey > > ------------------------------------------------------------------------ > *From:* Sergey Beryozkin <sberyozkin@gmail.com> > *To:* William Mills <wmills_92105@yahoo.com> > *Cc:* "<oauth@ietf.org>" <oauth@ietf.org> > *Sent:* Friday, December 21, 2012 7:59 AM > *Subject:* Re: [OAUTH-WG] Few questions about HOTK > > On 21/12/12 15:54, William Mills wrote: > > No, MAC as I'm using it is a MAC token per > > http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02 > > Sure, what do you mean though when saying > "HOTK payload can be carried in a MAC token." ? > > I'm presuming you have in mind the parameters as defined in the draft, > and specifically I thought it was the 'mac' attribute which is > effectively a HOTK payload, possibly alongside few other Authorization > MAC scheme attributes ? > > Sergey > > > > > ------------------------------------------------------------------------ > > *From:* Sergey Beryozkin <sberyozkin@gmail.com > <mailto:sberyozkin@gmail.com>> > > *To:* William Mills <wmills_92105@yahoo.com > <mailto:wmills_92105@yahoo.com>> > > *Cc:* "<oauth@ietf.org <mailto:oauth@ietf.org>>" <oauth@ietf.org > <mailto:oauth@ietf.org>> > > *Sent:* Friday, December 21, 2012 3:15 AM > > *Subject:* Re: [OAUTH-WG] Few questions about HOTK > > > > On 21/12/12 05:30, William Mills wrote: > > > MAC and HOTK describe different properties of a token, and could > both be > > > used in the same token. MAC specifies a basic format for a signed token > > > payload and transaction. HOTK defines part of a token payload. HOTK > > > payload can be carried in a MAC token. > > > > Speaking of MAC, are you referring to > > "mac" parameter within MAC Authorization payload representing a HOTK > > property ? > > > > Cheers, Sergey > > > > > > > > -bill > > > > > > > ------------------------------------------------------------------------ > > > *From:* Sergey Beryozkin <sberyozkin@gmail.com > <mailto:sberyozkin@gmail.com> > > <mailto:sberyozkin@gmail.com <mailto:sberyozkin@gmail.com>>> > > > *To:* "<oauth@ietf.org <mailto:oauth@ietf.org> > <mailto:oauth@ietf.org <mailto:oauth@ietf.org>>>" <oauth@ietf.org > <mailto:oauth@ietf.org> > > <mailto:oauth@ietf.org <mailto:oauth@ietf.org>>> > > > *Sent:* Thursday, December 20, 2012 1:49 PM > > > *Subject:* [OAUTH-WG] Few questions about HOTK > > > > > > Hi Hannes, others, > > > > > > I'd like to understand what is the difference between HOTK > Symmetric [1] > > > and MAC [2]. > > > > > > I'm reading about HOTK Symmetric and JWS profile and it seems like HOTK > > > Symmetric text can support MAC. > > > > > > My main question at the moment: does HOTK (Symmetric) offer an > > > alternative to MAC or is HOTK actually a higher-level token scheme > which > > > can support different types of tokens ? > > > > > > thanks, Sergey > > > > > > [1] http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-01 > > > [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02 > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org <mailto:OAuth@ietf.org> <mailto:OAuth@ietf.org > <mailto:OAuth@ietf.org>> <mailto:OAuth@ietf.org <mailto:OAuth@ietf.org> > > <mailto:OAuth@ietf.org <mailto:OAuth@ietf.org>>> > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > > > > > > >
- [OAUTH-WG] Few questions about HOTK Sergey Beryozkin
- Re: [OAUTH-WG] Few questions about HOTK William Mills
- Re: [OAUTH-WG] Few questions about HOTK Hannes Tschofenig
- Re: [OAUTH-WG] Few questions about HOTK Sergey Beryozkin
- Re: [OAUTH-WG] Few questions about HOTK Sergey Beryozkin
- Re: [OAUTH-WG] Few questions about HOTK William Mills
- Re: [OAUTH-WG] Few questions about HOTK William Mills
- Re: [OAUTH-WG] Few questions about HOTK Sergey Beryozkin
- Re: [OAUTH-WG] Few questions about HOTK William Mills
- Re: [OAUTH-WG] Few questions about HOTK Sergey Beryozkin