IETF Logo Mail Archive

Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Wed, 13 November 2019 11:44 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4F21120251 for <rats@ietfa.amsl.com>; Wed, 13 Nov 2019 03:44:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AdtyVltsakaF for <rats@ietfa.amsl.com>; Wed, 13 Nov 2019 03:44:47 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60053.outbound.protection.outlook.com [40.107.6.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B63A12001A for <rats@ietf.org>; Wed, 13 Nov 2019 03:44:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aRAob7JQnFE5zw1TwiHtyWyEZcmJrGOKkKWOQ6iL0oDvJ4H8R07oiM9IWQwKrp3VzfjYsiebZNnL0ZvVOOTDeg3OdXdLEWQRN0NYE8JTVoz65qrufFufeHf67RExPfkixqrYfBC3jwViol1Y1/WDMmdejgk824tQ+yL2tRrB3a19zVAw3fm4/2lHShWI7WSM81E8hrVGHYXMcEhm+rWIC3vyY0xDX4oicYkhDysrV8PUT2EDG2LDGz8C8ntke3wiahSTNlNkbTM/R96bfMaDBU/MAWPuSkMsJLY5mqkZN8wM6bWV3rmFPV1ef4F64rHIMrxRPKToNDFW2NlwEQoLRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B8uVyKW8h9exj9GAerDnZBo3gw+0ULt8Uo/yc0NRe4M=; b=IeH3W/hgsR3aCPREarcgZ0t5K2qU9OW2zb93TM9Js6Kbmx0uOlUkYdsouCI8dhtxyPWh2veLn5qhFPiMFkWG2IJ6e8+NRjzBkzMm0TetMGYZi3MQrXJYx3ZNIlIZ9InfasFrdFgbbXY3CBltuKsGF/zu9zuMAO5PeCwp6DYUUMie/fquXvmS9u9UoI3M6XQ6qaFd2apT3B83kex+zThaZ+PQF1+9HlsqM5bN2AYmFRJzieRZi2vp0JVY+u8BH835MxS/COrO4toFLJzQfAqpFCqYLVcd5rNNw/Wi4/ppN8fHnUYJDPmKTVZQLU6GmnW24tzouai/eF4ywRBYNRfhFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B8uVyKW8h9exj9GAerDnZBo3gw+0ULt8Uo/yc0NRe4M=; b=Jr0o11RsBS+VGnGvteoCrQBvabZl0BzrqG5THuYgaxYxlt108/540OMcj0KV8Xm9W+hA9fPAP2sXe+j5/Je4QMomTWPe+8kXUfiNEypOd9FEJF6y8KwT4C6k8THViPQPy7iv/+SDyec3DJnZDOT6zW9i4Y3qrNcVgYV723vvgsI=
Received: from AM5P190MB0482.EURP190.PROD.OUTLOOK.COM (10.161.65.11) by AM5P190MB0484.EURP190.PROD.OUTLOOK.COM (10.161.63.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.25; Wed, 13 Nov 2019 11:44:44 +0000
Received: from AM5P190MB0482.EURP190.PROD.OUTLOOK.COM ([fe80::6c6c:2cd2:11dd:2aff]) by AM5P190MB0482.EURP190.PROD.OUTLOOK.COM ([fe80::6c6c:2cd2:11dd:2aff%5]) with mapi id 15.20.2451.023; Wed, 13 Nov 2019 11:44:44 +0000
From: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, Laurence Lundblade <lgl@island-resort.com>
Thread-Topic: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVmhIl8/lytau3hU+AhCwtIdg/0aeI8tQAgAADGYCAAAVngA==
Date: Wed, 13 Nov 2019 11:44:44 +0000
Message-ID: <20191113114441.76bxnne3d7x3vmut@anna.jacobs.jacobs-university.de>
References: <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <ba12a686-1b34-21a3-388c-bbe01c01a408@sandelman.ca> <4A83CDF5-D29F-4279-8B03-E9D23299EB53@island-resort.com> <0C6940B0-E93F-4274-9D00-DEC4119B8F69@island-resort.com> <85c7c287-48e3-83e7-900e-8e50ce43eba3@sandelman.ca> <147FEACA-56F0-43A0-8F25-639D0613E4BD@island-resort.com> <22fd43c8-7d6e-2dd8-c29a-aa86ee894ff6@sandelman.ca> <20191113111416.22xikah475zyxdro@anna.jacobs.jacobs-university.de> <b788928f-b95b-9bed-954c-0fc8cfd46119@sit.fraunhofer.de>
In-Reply-To: <b788928f-b95b-9bed-954c-0fc8cfd46119@sit.fraunhofer.de>
Reply-To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: FRYP281CA0015.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::25) To AM5P190MB0482.EURP190.PROD.OUTLOOK.COM (2603:10a6:206:1d::11)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 61113865-42fc-4b23-3349-08d7682ee065
x-ms-traffictypediagnostic: AM5P190MB0484:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM5P190MB0484E100E4FE3FAAD5D8965FDE760@AM5P190MB0484.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 0220D4B98D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39850400004)(346002)(376002)(396003)(136003)(189003)(199004)(52314003)(99286004)(386003)(25786009)(46003)(8676002)(316002)(5660300002)(54906003)(6246003)(102836004)(2906002)(478600001)(7736002)(86362001)(305945005)(1076003)(6506007)(786003)(71200400001)(186003)(229853002)(76176011)(6916009)(71190400001)(64756008)(66556008)(66476007)(8936002)(446003)(6116002)(256004)(66446008)(11346002)(66946007)(476003)(6306002)(81166006)(81156014)(6436002)(14454004)(43066004)(6486002)(4326008)(3450700001)(52116002)(486006)(6512007); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P190MB0484; H:AM5P190MB0482.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: D5gvG9bjreHuTadIzYpWM45/5m7OBSXn0b+M9l/PV6/ImbH2zcId0DT0P6nBkisZp3yF5AOLypPiIARb9IuSHmYejXptJoIGaUdrL5SdSxVNv+mmKodQMnO6ThdTYT1A1Imed31jFHGGTJ3gyR1vXm4r1a/H/hibYSpJk0FPSTtVQ/DDMyM4LIVVQD58untTWedFVIvnV/Fp6qkCFI7cCwwyuSrT9bmbG/vecgH3z+WFfyGVyXDiSekBoVR1AZLcTEdoRxYzJ0UQ6iNqdBUphgkFr++5T9UpAEpHuIdogV2GAC5UeqwzdPQDsFGZ132jFcEKcXAkbtQeNBhmn7h+tlr8h0f5Sf4MOy8231q7KzPMijvtohojmKTQBtN1cQGgz8bMQjwceWjE4fAEXbRbbGJwetA23IMIy4Qt1LF0EPj0M6dBhAyOd5PwIV7Epjuemyfm2rYXvdXmCJ8axvuDyPow5edJNm6q5tZD7fRKFiM=
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <3F21B87E4D559F4D85348711A1051D6F@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 61113865-42fc-4b23-3349-08d7682ee065
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2019 11:44:44.0186 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3rB2jEvXJ+DJUgxlUmocyGvDzxdLHKvP8eTi9U0YjaOZ/pD86JBZ60FWZhGxh0ZfBxpMO7zjOLrQsS+/Yz6i/paofGXWEjfIM6WrWV4Kx2k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P190MB0484
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/Am8fVMuVHnbGaLFzOo7sJGVu358>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2019 11:44:49 -0000

On Wed, Nov 13, 2019 at 12:25:21PM +0100, Henk Birkholz wrote:
> One reason for this - and I tried to express that carefully - is that just
> using the word "token" could be very confusing. We are using "Claim" as a
> synonym to "Assertion" at the moment. Outside of the IETF that makes a lot
> of sense. Inside the IETF, we still have to be a bit careful here, as
> "Claim" is well defined in Web Tokens - and it is a data model term
> (basically: a specific key value representation).

I looked into JWT and I think I roughly know what they mean by claim.
Now we have "assertion" (also not defined in your architecture draft).
Hmm.
 
> An EAT is a CWT (or JWT, not the point). So both are Claim sets that compose
> tokens. The architecture is intended to be representation (I am using this
> term to dance around the sanity rending serialization/encoding words, and to
> spare Rich some of the pain) agnostic. Claims in the architecture are
> therefore representation agnostic, too. Claims in tokens - by RFC definition
> - are not.

To me, it seemed like in JWT, we have 'sets of claims' and then these
claim sets are serialized into a string representation ('serialized
sets of claims') and the serialization is finally digitally signed and
encrypted, giving us a token. This works for me.

The notion of "claim sets that compose token" confuses me. If I compose
token, I get a "set of tokens". Yes, indirectly I get also a union(?)
of the claim sets included in the tokens.

Anyway, we need to get terminology worked out or we will not
understand what we are doing or worse we agree on something but
people interpret the agreement differently...

> I am not a super big fan of this compromise, but it found consensus, removed
> a blocker, and we were able to progress.

Progress is when we all agree on the same thing.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email