Re: [plasma] Binary value encoding in AuthenticationTypeWSToken
Dan Griffin <dan@jwsecure.com> Thu, 28 June 2012 23:16 UTC
Return-Path: <dan@jwsecure.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD93811E8098 for <plasma@ietfa.amsl.com>; Thu, 28 Jun 2012 16:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfI4SySTDkRk for <plasma@ietfa.amsl.com>; Thu, 28 Jun 2012 16:16:04 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCB811E8088 for <plasma@ietf.org>; Thu, 28 Jun 2012 16:16:01 -0700 (PDT)
Received: from mail108-am1-R.bigfish.com (10.3.201.250) by AM1EHSOBE003.bigfish.com (10.3.204.23) with Microsoft SMTP Server id 14.1.225.23; Thu, 28 Jun 2012 23:14:13 +0000
Received: from mail108-am1 (localhost [127.0.0.1]) by mail108-am1-R.bigfish.com (Postfix) with ESMTP id B6F104C0597; Thu, 28 Jun 2012 23:14:13 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.237.149; KIP:(null); UIP:(null); IPV:NLI; H:BY2PRD0511HT001.namprd05.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -15
X-BigFish: PS-15(z38e0pz9371I1431Jc85fhzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah)
Received-SPF: pass (mail108-am1: domain of jwsecure.com designates 157.56.237.149 as permitted sender) client-ip=157.56.237.149; envelope-from=dan@jwsecure.com; helo=BY2PRD0511HT001.namprd05.prod.outlook.com ; .outlook.com ;
Received: from mail108-am1 (localhost.localdomain [127.0.0.1]) by mail108-am1 (MessageSwitch) id 1340925251764970_11750; Thu, 28 Jun 2012 23:14:11 +0000 (UTC)
Received: from AM1EHSMHS004.bigfish.com (unknown [10.3.201.245]) by mail108-am1.bigfish.com (Postfix) with ESMTP id AEAB640046; Thu, 28 Jun 2012 23:14:11 +0000 (UTC)
Received: from BY2PRD0511HT001.namprd05.prod.outlook.com (157.56.237.149) by AM1EHSMHS004.bigfish.com (10.3.207.104) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 28 Jun 2012 23:14:08 +0000
Received: from BY2PRD0511MB427.namprd05.prod.outlook.com ([169.254.2.160]) by BY2PRD0511HT001.namprd05.prod.outlook.com ([10.255.129.36]) with mapi id 14.16.0164.004; Thu, 28 Jun 2012 23:15:53 +0000
From: Dan Griffin <dan@jwsecure.com>
To: Jim Schaad <jimsch@nwlink.com>, "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: [plasma] Binary value encoding in AuthenticationTypeWSToken
Thread-Index: Ac1UpEx2LOyAAUCbTlWCGw46xov1XAANO6kAACnfWTA=
Date: Thu, 28 Jun 2012 23:15:52 +0000
Message-ID: <B66E1F139A0F29418103E63A6124AC1C09FE08F6@BY2PRD0511MB427.namprd05.prod.outlook.com>
References: <B66E1F139A0F29418103E63A6124AC1C09FDFC0B@BY2PRD0511MB427.namprd05.prod.outlook.com> <018501cd54d9$3dae6c50$b90b44f0$@nwlink.com>
In-Reply-To: <018501cd54d9$3dae6c50$b90b44f0$@nwlink.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [98.237.140.227]
Content-Type: multipart/alternative; boundary="_000_B66E1F139A0F29418103E63A6124AC1C09FE08F6BY2PRD0511MB427_"
MIME-Version: 1.0
X-OriginatorOrg: jwsecure.com
Subject: Re: [plasma] Binary value encoding in AuthenticationTypeWSToken
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2012 23:16:07 -0000
I'm referring to how the client authenticates to Plasma in the first place, i.e. part of the work the client has to do before a single Plasma call is made. The client will have to know: 1. What kind of credential to get 2. Where/how to get it 3. What Plasma AuthenticationType type to map it to 4. How to do the encoding for that mapping The draft text doesn't appear to address #3 at all. How can you expect interoperability? My first question remains unanswered. From: Jim Schaad [mailto:jimsch@nwlink.com] Sent: Wednesday, June 27, 2012 7:54 PM To: Dan Griffin; plasma@ietf.org Subject: RE: [plasma] Binary value encoding in AuthenticationTypeWSToken Please let me know what text is unclear in the document. This is A correct type. There is no ONE correct type of token to be returned. This is strictly a choice of the server. The server can use an XML based token, such as SAML or an ASN.1 based token, such as CMS or a non-structured token, such as an index in a database. There is no requirement in the document that the client understand the token returned to the client. In fact the requirement is just the opposite. The token is to be treated as an opaque blob by the client. If data such as lifetimes is to be returned they are returned as wst namespace attributes. Jim From: plasma-bounces@ietf.org<mailto:plasma-bounces@ietf.org> [mailto:plasma-bounces@ietf.org]<mailto:[mailto:plasma-bounces@ietf.org]> On Behalf Of Dan Griffin Sent: Wednesday, June 27, 2012 1:42 PM To: plasma@ietf.org<mailto:plasma@ietf.org> Subject: [plasma] Binary value encoding in AuthenticationTypeWSToken We're using AuthenticationTypeWSToken to transmit a SAML token - is that the correct type? If so, just wanted to clarify - the Value member of that type is a hex binary string, which seems like an odd choice. Wouldn't XML make more sense?