Re: [Rats] Interoperability ... RE: EAT Profiles
Laurence Lundblade <lgl@island-resort.com> Fri, 23 September 2022 19:15 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C40AC1524DD for <rats@ietfa.amsl.com>; Fri, 23 Sep 2022 12:15:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLjONWZEHjcd for <rats@ietfa.amsl.com>; Fri, 23 Sep 2022 12:15:23 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C1EFC1524DA for <rats@ietf.org>; Fri, 23 Sep 2022 12:15:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lGvfXc0b3X2UxNxuatcfRuMAfWIr8VFLFDtUC0qITblAN0y6jjsr7FB77GNMKmJ7Eq17ke4Af/YxCLioY5nLQw2n7u3jhPOD4GKnHCrTrU08yTPcp910XT6Swp1iNZ9iBxQpsTMVDuXEVrpP4800Abvn7baVXA0RPps2EOx13Kbz9L/WAQ4pNqrSNnE7Oqy5JBkKqAoyKP3eGouWJFFc4UP47VM6MP2IkLkTyJdFr3yS3/X0qSKgHuhqZwsTRqVyycckJi8PiKlzUqwMQiTseSmeje2UBazMmGnsPiWHGJR8+L7S+xzi49fJEcyMuIkyy9bw3IHoiyAZC/2mKG24uA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nto5VYW8EPSpZG7Q3MTEpdhAR7ry3qQ56RyxZmU8G8o=; b=CH+RSEOPdOuTh0PKD44LQPr4/DWm60jubmSP2vYlTwXMpYZUuxo7vTV3R1ZQ75W+P54U3JeAOPD8X4hlJi71Mpl3bYu0dkRIh3qDToA6CmC6kACnpRa15rVJFuAcTDxuqMGyshmJFaWAhvLyqzFiDlRP3H3KFqeDiRU3iTTil3EGpMzEMPwq8hvzUntCJndzTAjipL8PUYBg8DPG33ED/pU4Rms8ikseyi17hdfJ40BRDuF7vuzhvvdm1fozuAbgqdYn9fkkcKvufnoRhP4iVwTCz6t64k9/AR48jHxb7oMdPvMHrIjbGjuH6HHPvSl8jbg3pIM3lpB4cV/k1GCE7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by DM6PR22MB1769.namprd22.prod.outlook.com (2603:10b6:5:25d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.20; Fri, 23 Sep 2022 19:15:18 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::20fc:7118:33f4:ffaf]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::20fc:7118:33f4:ffaf%4]) with mapi id 15.20.5654.016; Fri, 23 Sep 2022 19:15:17 +0000
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <0A6E50D8-BE95-45E0-B5B3-314656F6C67E@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8909A5BC-90B5-4A37-9897-70AF953DE6B8"
Date: Fri, 23 Sep 2022 12:15:16 -0700
In-Reply-To: <DDD697CE-F129-415E-984B-F8BFA108E21E@intel.com>
Cc: Thomas Fossati <tho.ietf@gmail.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
To: "Smith, Ned" <ned.smith@intel.com>
References: <AS8PR08MB5911E476356C4005F68D6D4CFA4D9@AS8PR08MB5911.eurprd08.prod.outlook.com> <6F9F204B-E01C-4C56-9FA3-0E5F88F8C225@island-resort.com> <EF696290-B899-482F-B41E-BA358D57C123@intel.com> <CAObGJnNZ7=-v=ue94C+1CyfmXX7eYMTDKvdLYaBQ8K2cje42DA@mail.gmail.com> <4554C994-57E6-4873-9B41-66352CEA2920@intel.com> <CAObGJnNp7DrCn4MfAzBTBog1niOY0u5auETJU-iR7kk-CivJSw@mail.gmail.com> <A20E8654-BD16-48DE-B0A3-71EC45E16FE9@intel.com> <CAObGJnPPLcKpqnHYRnDbOJo-Um2WuQbq4tHOF7CLP8auh=i6=w@mail.gmail.com> <DDD697CE-F129-415E-984B-F8BFA108E21E@intel.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: SJ0PR05CA0130.namprd05.prod.outlook.com (2603:10b6:a03:33d::15) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|DM6PR22MB1769:EE_
X-MS-Office365-Filtering-Correlation-Id: 370e16f4-4ac8-4771-322a-08da9d97f380
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9GENKXQ3L+ZYMpHzBqreD4YPiWmZIKPb/1chu9ONqEKcbygnMjNUHYr0YFyRpvSeiz/F+652N23pxZs28Xd2P9zgDYnrkQtKaoYlKmxjjI8ruruelpfIs1dsrxEum3oKeuN50+4tyfJ83Ev9Wkx1okHBxVGYfFzmK8FsRxl9xJ0vu53CyVXh8dLp248YX+cIPGXfj2GPDZCNfoJr8Q3QPN/DZgwUUq+SJ0+uhB140VcogDfYjDgKaCJn8wQNcMUH62hKkvVL3Oi27F+wgCIfLw8kq9cxB01a++i62j3gduUIkd3nZ+hxA4oXEw3tnzo7SUOQXyszEK5wh1auOBDheiaWxv9HGvA2xjTaN8sH0SV3mEjx7d/DLYskTHKGkIkrXluJOEzQPN1b9nIEXEb1SRivKzLD/jX1oPYn/dvMIFbRa3eLfn4wp2Ui0xB6WNrGZXsJSoFWmyvHCLsEi99yCR3Ii58cKwxuvcTU9YKYXOpCrck1GfkQPaPEtE6PT3VQ39fMoCxT+Q+L2/mruxnmnXjbJcQGD356T4ndRwfcPwTI51+JlWvGoryU7KThujzRhuFRMtiiNY8N76UnpOvVsoTfvvWsfwVH63ouR5Yh1iIL+MXoZQ1MsLd6KJ685vTo9mUg9ivbAbC3fKj+Rm0FzBbuOEsPN2tUtAnOdhMxtr/SpAHGtELhvoi2WAwvAU0MpENzAIygicVYibkkvWB159DTiMY/5+l3U1Z/3lJQGEYux7+0NrE8nZYrz10CK0kR6hC/YYJ2GQCi2l7HZs7AO6wCZWRiM7GYf3hbeJmB2V4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(366004)(376002)(346002)(39830400003)(396003)(451199015)(33964004)(52116002)(53546011)(6512007)(33656002)(36756003)(186003)(26005)(6506007)(2616005)(66556008)(86362001)(6916009)(2906002)(8936002)(6486002)(66476007)(8676002)(4326008)(66946007)(5660300002)(38100700002)(38350700002)(54906003)(316002)(41300700001)(478600001)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: HaN5sRr2PQ/x+9aH/gu1z5detlGC5nw+BrBgru/j9713rPk1ut0avQW/KIwc5pseutbfynGeE8H50sOB38I8hUQVQ8+FHdPft2FhWvBibsh9U0KvYLOHcTDK67pqTQSb5LlVtCMDCyNv07c/hQ/BRyFxYbHTmujPhpNmlbNoQt1rHaQhr600fYYNhAJHywNW5QBffdX5C0qeiKw9LYWLON6GxorvJrT5rxgE6Gts8RU3Axt1GyDXQddsErq9NQm9faaoYHyUa01fOVEBLMQxUFh5DhEuz3LU18S2u+2toYwGU2Uhgxkd+mdtQNGkb8BmIy78pf/dXMKvez5b+tfKcI39+9cyBNTEDuoDsyGIkPjsQLq36NxCdoJ5D/XUa6OzunbHZ4I4XSsRkJhDuYlP4EmhohefwnfII7pdSg8hGPoyNycSVr5lFUUTQVRT11+aDbwQTx2H9rn//gbAtf8vQsv2W7MSjd3aBn0lZoJWscJ2S5qPctFwkcu398VuESGddsl6IxnlzHjeRTSFkYDQCuVrCA/l8Gjeuno/RBq0/d9jZqcdHc2q89dzEtxl7z3Bat59D4URl2hlBzmwM25K5E+IfvWrzKhvyJVc+8LM5gYm/MLD2K+qKeMO/DgmidYfkNnOXUDcUZGbthoZyOEGZjssXJvspMcpsLcy3o/eQQhRlr6NDzxSoY64V1QNDoCCzu89rPwWASf1dWoet3OyXawD91pjAoPHR+13cxCY6oqHYJDSfxAKmVcqTZTaZCzHudMDXOYkuuJqsyPimycdCv7xTvjTjzyJFi57+GbZ78zRL5qW1nVfDEPfdM62/HaO6gCDyFPxxklULPrsIFzCjT+sm9izUDRmCZW7RPuqzz2avr245dpy6yknnHZjm1mditowZ5ZSVP0+j51uLOK4VWhhKkxP0yaA22a7jTqa1VJD+imghAiAzN0Ajv9LN6l7EFEvCddmb6nBtAbLlvqUPN9GS71FOl7WmxIQ7BNqhAIK2jdLuls4g7BIP/XATjgePisK+xRFbPKD3k7yuLsiqt0Eb18duuxTkKSESL/2s6R8+ZdhxVtHxxmSltKjNwNlFBA6xtPtt0V8tx6Rc6Wzp7rhRD+gUYjOmgD7hFJMnfCx1cPbYclz/tol05GNHfRTy0avpzPUjm1uVKjOdkbkokEeISHHCh9EzcFLN2MUs4W3ZKK9KmQMxtBwvVM4rmZ+UiqBRxKwCmF42WIUsqbF7hoh6uyvWqxMstBW98dEZhEsOn79f73EGc/AcOXf31gIX8n1AhHsenHQbyBeJFSgVaSGxGbncrfsqHW+yWL8ghMuNY0veUtI5JuHv8mcws0xmxl1DxsVz2VeRLodhN9HdEJXq30k//EeQl3Lz7XD3v6NNiQmqEJqvlW4vJrYwwYPlJcAwkJ5zlVqYYmkRwQNIpVFitRuV2vU19qdNJwBiuvbaI/4HDj9XidvUp9ZqSetDGIYEGVqrjXBBUaoI77LlFRGMJ2/lsT1YT+CnHJa/56rmlB9dc3AlLl3EUD56aOHPbWV3VChoY8CO0Y06uTequvDkyjbJnGV3NTuZpJHCVX2TQ8q+Qa2aVVsIlChLlfH
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 370e16f4-4ac8-4771-322a-08da9d97f380
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2022 19:15:17.8496 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: WWTGpGtIJozjAs8JYiUqbUevxERGbIKHIWwBJI9Vp1tgbo2aBMaoq/CSWf0X6pStpfrXUukcb3xKJKbl10rFLA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR22MB1769
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/8qgY4vJNLG5T9z3YIfHf-vzQQd8>
Subject: Re: [Rats] Interoperability ... RE: EAT Profiles
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 19:15:24 -0000
> On Sep 22, 2022, at 4:33 PM, Smith, Ned <ned.smith@intel.com> wrote: > ... > Some clarification might be needed about profiles that answers these questions. > Does inclusion of EAT claims in a token make the profile an "EAT profile" even when there are non-EAT claims included? > Is EAT considered a profile of a CWT/JWT? Or can it be relevant elsewhere? > Can a CWT/JWT profile exist that is used for attestation that doesn't contain 'Claims-Set' defined claims? So far I don’t see any of these questions as particularly of issue. CWT and JWT will continue to exist as the standards they are. It’s fine for someone to put a claim defined in the EAT document in a CWT or JWT and that doesn’t make the CWT/JWT an EAT because CWT/JWT allow claims defined anywhere to be included. If someone says a token is an EAT, then it needs to follow the rules defined in EAT, but it doesn’t have to have any claims defined in the EAT document because none are mandatory. CWT/JWT doesn’t have a profile mechanism so EAT can’t be a profile of CWT/JWT. Someone can invent a profile mechanism for CWT/JWT that is different from the EAT profile mechanism, though maybe some IETF/IESG people might say that is a bad idea and duplication of effort. There’s not really anything mandatory about an EAT profile except that it has an eat profile identifier when it occurs in an EAT, but you can apply EAT profile without putting the identifier in. I think this is good and fine. To me all this is clearly implied by the wording in CWT, JWT and EAT so there’s nothing to be done. LL
- [Rats] Interoperability ... RE: EAT Profiles Hannes Tschofenig
- Re: [Rats] Interoperability ... RE: EAT Profiles Laurence Lundblade
- Re: [Rats] Interoperability ... RE: EAT Profiles Smith, Ned
- Re: [Rats] Interoperability ... RE: EAT Profiles Laurence Lundblade
- Re: [Rats] Interoperability ... RE: EAT Profiles Thomas Fossati
- Re: [Rats] Interoperability ... RE: EAT Profiles Smith, Ned
- Re: [Rats] Interoperability ... RE: EAT Profiles Thomas Fossati
- Re: [Rats] Interoperability ... RE: EAT Profiles Smith, Ned
- Re: [Rats] Interoperability ... RE: EAT Profiles Thomas Fossati
- Re: [Rats] Interoperability ... RE: EAT Profiles Smith, Ned
- Re: [Rats] Interoperability ... RE: EAT Profiles Laurence Lundblade
- Re: [Rats] Interoperability ... RE: EAT Profiles Hannes Tschofenig
- Re: [Rats] Interoperability ... RE: EAT Profiles Smith, Ned