Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access
jiangcheng <jiangcheng612@163.com> Mon, 25 March 2024 08:58 UTC
Return-Path: <jiangcheng612@163.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEBECC14F682 for <oauth@ietfa.amsl.com>; Mon, 25 Mar 2024 01:58:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.854
X-Spam-Level:
X-Spam-Status: No, score=-1.854 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=163.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r1wBQ6kyMrFs for <oauth@ietfa.amsl.com>; Mon, 25 Mar 2024 01:58:51 -0700 (PDT)
Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.2]) by ietfa.amsl.com (Postfix) with ESMTP id A2B94C14F5FA for <oauth@ietf.org>; Mon, 25 Mar 2024 01:58:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:Subject:Content-Type:MIME-Version: Message-ID; bh=cz2K/qc5vDhHh3wX7FfgH6ew9k6BTYQVPsC5OPYd7bA=; b=f zMDCrLweA7lTuVjAX4DUe4gCQ1jCWSnvsAQr1Azgizv2ppf930vTzdzIesbVWeQo 80CrUXDeAVbkjbe/HDb6NoJaejMhnLZ/rZf2bd9aXhsqU7ugTaEDd8Og7vRsdoOi K+ncAipyzndsN+q8kK78yt4EUUYU6gLicSrI6okhjU=
Received: from jiangcheng612$163.com ( [114.247.186.108] ) by ajax-webmail-wmsvr-40-113 (Coremail) ; Mon, 25 Mar 2024 16:58:38 +0800 (CST)
X-Originating-IP: [114.247.186.108]
Date: Mon, 25 Mar 2024 16:58:38 +0800
From: jiangcheng <jiangcheng612@163.com>
To: Justin Richer <jricher@mit.edu>, Warren Parad <wparad@rhosys.ch>
Cc: "OAuth@ietf.org" <OAuth@ietf.org>, zhangjl382 <zhangjl382@chinaunicom.cn>, jill32 <jill32@chinaunicom.cn>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version XT5.0.14 build 20230109(dcb5de15) Copyright (c) 2002-2024 www.mailtech.cn 163com
In-Reply-To: <CAJot-L3k2CzxUpQwvFuiHmJmCmon=UZ-vvc+CqKX01cmXL+TqA@mail.gmail.com>
References: <eb5d039.2726.18e5985d157.Coremail.jiangcheng612@163.com> <LV8PR01MB8677E37852D44BF495B13FABBD302@LV8PR01MB8677.prod.exchangelabs.com> <CAJot-L3k2CzxUpQwvFuiHmJmCmon=UZ-vvc+CqKX01cmXL+TqA@mail.gmail.com>
X-NTES-SC: AL_Qu2aA/+euEkq7imdYelS+TNL45FeHIfm76RVqu4zd/MshR314BE+XFlmHkHswP8MTFtlsiQj3iAwiXRGJrvU
Content-Type: multipart/alternative; boundary="----=_Part_238943_358462185.1711357118961"
MIME-Version: 1.0
Message-ID: <78e566ec.faf2.18e74d549f1.Coremail.jiangcheng612@163.com>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: _____wD3HyO_PAFmE9MQAA--.27083W
X-CM-SenderInfo: xmld0wxfkh0wqwrsqiywtou0bp/xtbBzQmrq2VOCkG2MAACsg
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/z_PgMnT_Oh1gyvt9UlpbS0fmQoU>
Subject: Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 08:58:55 -0000
Thank you very much for your feedback. We will continue to work on it. -Jiangcheng At 2024-03-23 18:09:34, "Warren Parad" <wparad@rhosys.ch> wrote: Some thoughts in no particular order, but mostly I'm with Justin: The exact data properties of the json probably don't belong in this RFC, but rather can be used as an example in the RFC rather than anything normative, as the structure defined herein is not sufficient in many cases. Depending exactly on how (#2) is done, needs to be more extensible or potentially completely ignored since any JSON or even string could be used to achieve #2. The mechanism of how to use the json to encrypt and decrypt the message feels like the only relevant/interesting detail here and it is the main detail left out. I'd recommend cutting the context related to the structure of the request (#1) and focus on how it will be used to encrypt/decrypt payloads (#2). - Warren On Sat, Mar 23, 2024 at 10:38 AM Justin Richer <jricher@mit.edu> wrote: Thank you for presenting your proposal to the group in Brisbane. Reading through the draft, it seemed that there are really two topics in here, and I'm wondering how they could be split: 1, a data structure for complex access rights 2, a cryptographic mechanism for selectively encrypting some of those rights to protect them from unintentional audiences. The data structure used to convey the access rights seems very similar to the object structure defined by RAR, RFC9396: https://www.rfc-editor.org/rfc/RFC9396 I was unable to find something in this data structure that is required to provide the cryptographic hiding functionality, have I missed something? Or would it be possible to apply this to RAR objects? Does the key distribution happen or of band of the protocol? In the oauth world, would these keys become part of the RS configuration? Thank you, - Justin From: OAuth <oauth-bounces@ietf.org> on behalf of jiangcheng <jiangcheng612@163.com> Sent: Tuesday, March 19, 2024 9:42 PM To:OAuth@ietf.org <OAuth@ietf.org> Cc: zhangjl382 <zhangjl382@chinaunicom.cn>; jill32 <jill32@chinaunicom.cn> Subject: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access Dear oauth, We have a draft and we are looking forward to soliciting comments on it. https://datatracker.ietf.org/doc/draft-zhang-jose-json-fine-grained-access/ Best regards _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] draft-zhang-jose-json-fine-grained-acc… jiangcheng
- Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained… Warren Parad
- Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained… Justin Richer
- Re: [OAUTH-WG] draft-zhang-jose-json-fine-grained… jiangcheng