IETF Logo Mail Archive

Re: [regext] Login/Logout Processing (was RE: I-D Action: draft-ietf-regext-rdap-openid-15.txt)

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 08 July 2022 13:20 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EF93C14CF01 for <regext@ietfa.amsl.com>; Fri, 8 Jul 2022 06:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uncC5dCpom6K for <regext@ietfa.amsl.com>; Fri, 8 Jul 2022 06:20:50 -0700 (PDT)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 825E4C157908 for <regext@ietf.org>; Fri, 8 Jul 2022 06:20:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=3166; q=dns/txt; s=VRSN; t=1657286450; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=k30f+x0XqsWE+xdSGcs+p/r/lCG7WyEagMVMxkhTrXE=; b=bCn9661NdDrmpSaON9mSBTplbY1o5+qRW4obsF49Yjz4EeKh64alkjjt JtEufTj14jkkpHH3aSmyhJmdisMBmUOYcyyUDmM+zkzbJP3V8z/mPxabA ftDkAwLe/QTJ3FDT/1z69sM5TpYMBt6Hl/ddlHbi5tjFM6ElRfOL6C7T/ ppR3CAw3N0gq3rN3gll1QhLjAMX2VP1QwTiOzETnrrIVSDxihrKznc8zR I5PgB6g0Bo3zD5strD7MPKiGX10SMoG2APLXdKT33yKfR196aOzqRGBod hFO3ZMq0IaAZl3C7izDVr845XXRo94cNnYyJtzHOOsZPRQxDxUfip9Dx8 Q==;
IronPort-Data: A9a23:SfqoSaMZQzZjKHXvrR39lsFynXyQoLVcMsEvi/4bfWQNrUok0WRRn zcfXDzSP/iNYDb9eY0nbYiw9hwHvpWHzIdrGQZtpSBmQkwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oAMKRCQ7InQLlbGILes1htZGEk1Ek/NtTo5w7Rj2tEw0YDja++wk YiaT/P3aQfNNwFcbzp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMebS4K8bhL wr15Orgoj6GpUdF5uSNyd4XemVSKlLbFVbW1ioOA8BOiDAazsA5+v5T2Pbx9S67IthG9jx84 IwliHC+desmFpLqtOIDcSZ/LwY9OL94qaXOOiWS7uXGmiUqc1O0qxlvJGsMG9Qn3MtHWTsI6 /cfMihLZxzFmfitxvSwTewEasYLdZGtZdxE/Cg9lneFXJ7KQriaK0nOzcRY2zM0i8ZEEP3dT 9QUczt0bRvGJRZIPz/7Dbpnwbj22CemLFW0rnqWtJEQ3kKN3Ddz96L8CP2POdmnVJpayxPwS mXuuj6R7gshHNmW0zuCtHariOHVkC/8cIMTCPuz8OQsgUH77lYMCRkWWF++ieG4kAi5Qd03A 1YZ9Sc+sYAz+VClCN7nUHWFTGWstAQaAsVWHv1iskSW1LCS5geCQ2IDCDRbboVgqtUtQ3oh0 Vrhc87VOAGDeYa9ERq1nop4ZxvrUcTJBQfuvRM5cDY=
IronPort-HdrOrdr: A9a23:AmS+AKBFugP4y+TlHelx55DYdb4zR+YMi2TDsHoBLCC9E/bo9f xG88566faZslgssRIb9uxoUZPoKU80nqQFgrX5U43CYCDW/EWlK4145ZbvznnKC0TFmtJ15O NFf7JlANP9SXp3na/BijWQIpIFzMOc+K6lwd3CyWxgJDsGV4h74xxnBh2gHkp6eQlDCfMCf6 ah2g==
X-IronPort-AV: E=Sophos;i="5.92,255,1650945600"; d="scan'208";a="15766617"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.24; Fri, 8 Jul 2022 09:20:48 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) by BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) with mapi id 15.01.2375.024; Fri, 8 Jul 2022 09:20:48 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "mario.loffredo@iit.cnr.it" <mario.loffredo@iit.cnr.it>, "Rwilhelm@PIR.org" <Rwilhelm@PIR.org>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] Login/Logout Processing (was RE: I-D Action: draft-ietf-regext-rdap-openid-15.txt)
Thread-Index: AQHYkpeqKwWWp4J4EUC9dzI4wY1yXK10dRJQ
Date: Fri, 08 Jul 2022 13:20:48 +0000
Message-ID: <b21c56e638c14611b58253c15275715f@verisign.com>
References: <102c42b35987492fb67f79834921d3e1@verisign.com> <306d6553-7f6e-7f11-69ae-a079c766f12c@iit.cnr.it>
In-Reply-To: <306d6553-7f6e-7f11-69ae-a079c766f12c@iit.cnr.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/19uodD8IGXLzQ07HW1nCPt6DNDA>
Subject: Re: [regext] Login/Logout Processing (was RE: I-D Action: draft-ietf-regext-rdap-openid-15.txt)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 13:20:54 -0000

> -----Original Message-----
> From: regext <regext-bounces@ietf.org> On Behalf Of Mario Loffredo
> Sent: Friday, July 8, 2022 2:52 AM
> To: Hollenbeck, Scott <shollenbeck=40verisign.com@dmarc.ietf.org>;
> Rwilhelm@PIR.org; regext@ietf.org
> Subject: [EXTERNAL] Re: [regext] Login/Logout Processing (was RE: I-D
> Action: draft-ietf-regext-rdap-openid-15.txt)
>
> Caution: This email originated from outside the organization. Do not click links
> or open attachments unless you recognize the sender and know the content
> is safe.
>
> Hi Scott,
>
> according to my experience about session management,  client and servers
> should operate as in the following:
>
> - Normally, a session/login followed by another session/login should result in
> opening a new session on the server with a new session cookie.
>
> - The server sets the session cookie once the session/login is received, the
> client includes the session cookie received from the server in any RDAP
> request within the scope of that session including session/refresh,
> session/status and finally session/logout.
>
> - If the client sends any request other than session/login including an
> unknown cookie, the server must return an error.
>
> - If the client sends a session/login request including a cookie, the server
> could return an error or ignore the cookie received by the client and hence
> provide the client with a new session cookie. To be decided what should be
> the server's behaviour in that case.
>
> - A server can refuse to open a new session after a session/login if a
> maximum number of concurrent sessions per user exists and the client
> exceeded that limit. This is to prevent servers from resource starvation.
>
> - A session can be removed by the server due to timeout expiration or
> because a maximum session lifetime exists, regardless the fact that the
> session ia active, and the session has exceeded that limit. This is to prevent
> server from handling inactive sessions and indefinitely opened sessions.

[SAH] Hmm, you're right, Mario. A client could be managing sessions for multiple users, so a login followed by a login probably isn't an error condition unless the second request includes a cookie as you described above. The text needs to address this.

Scott

v2.29.0 | Report a Bug | By Email | System Status