Re: [regext] I-D Action: draft-ietf-regext-rdap-openid-13.txt

"Hollenbeck, Scott" <shollenbeck@verisign.com> Wed, 18 May 2022 13:49 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8659C14F735 for <regext@ietfa.amsl.com>; Wed, 18 May 2022 06:49:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32K8B2bhTNEN for <regext@ietfa.amsl.com>; Wed, 18 May 2022 06:49:31 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABD86C14F6EB for <regext@ietf.org>; Wed, 18 May 2022 06:49:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2055; q=dns/txt; s=VRSN; t=1652881773; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=V0caheMZ58OhcE0VqZvuSBrRcY8qJYKVy8e9I39Mtpo=; b=cPZY0LqlYAc1Bjs4t5A2A97nee5CLam8eO00yJPdth/tachbobPdrm10 kln/mGpXcZGjAgPJHyFQlUvH6he6JnFIzGjWsJvKEOT1yGzT1jo8RSYbY QnqUBv4rFwRdsS4HsL2KMw8sWTwWZJV63uyxgkKIa/gnQ+5zgXeWBOBSb OTUXqFK+nEs22ZkH6Oxh1tPgGss3aPLa+o5z5q818RhT/g1SddJjRNJNN YsI3oHbmy5yv3IyY6Z1ro1dXi96Z0hJX/1dWs/mGbXaiLEeoXGgrMPubU 4TRbOVDB7mFXRQwPI1QZk3gdGVyVgU6UyqKMdo1pyoLDgV+bR/drf9QjI g==;
IronPort-Data: A9a23:As0tyqy7414lXso9Y+J6t+eCxCrEfRIJ4+MujC+fZmUNrF6WrkVTy DcXD2yPb62MZmvwKd9waI/j8RlX6JKAnNdnQAI5+C00HyNBpPSeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUGRUchkf5KkYAL+EnkZqTRMFWFw0HqPp8Zj2tQy2YXgU1vX0 T/Pi5a31GGNimYc3l08tvrrRCNH5JwebxtB4zTSzdgS1LPvvyF94KA3fMldHFOhKmVgJdNWc s6YpF2P1jiAo0pyUIPNfoHTKSXmSpaKVeSHoiQOB/j62nCurARqukowHKJ0hUu6F1xlNj2+o TlAncXYdOsnAkHDsMkHXgN9KntmB6JP3oOXE2aZ8sKB8FKTJhMAw902ZK03Faci3L9IJ0x+r aZeNjsKdAjFju7w3qigTK9ngcFLwMvDZdtZ4y47i2iEVrB6EPgvQI2TjTNc9CwwgcRKEPDUa sEaQSRidhXbYhJJfFwQDfrSmc/x2yGmKGQC8Dp5o4IKzErpyCBQyYO3LfqLfMKpRPparn2H8 zeuE2PRR0ty2Mak4SCI/X+8msfOkD/1HoUIG9WFGuVCikeVn3MVBQ1ODx6gv+P/j0+lHthYb UYO/HNos7Ip8gqgSdyVswCEnUNodyU0A7J4e9DWIinWokYIy2513lQ5cwM=
IronPort-HdrOrdr: A9a23:cG6hEKzdIkXAkN7iElvjKrPw8b1zdoMgy1knxilNoHtuA6mlfq GV7ZYmPHDP6Ar5NEtPpTniAsa9qBrnnPZICOIqTNSftWfd2VeAHcVN4Yzv2DX8FyC73f4178 tdWpk7LNHrF1B1gYLZ7BnQKbwd6ejC1Kyzn+/RwzNWUAdwZ8hbgjtREAqBDUFsfgVACKc4EJ b03KF6mwY=
X-IronPort-AV: E=Sophos;i="5.91,235,1647302400"; d="scan'208";a="15013120"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.24; Wed, 18 May 2022 09:49:30 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) by BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) with mapi id 15.01.2375.024; Wed, 18 May 2022 09:49:30 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] I-D Action: draft-ietf-regext-rdap-openid-13.txt
Thread-Index: AQHYar2vrqYqnmdi30W+3SwegrJDS60kpfmA
Date: Wed, 18 May 2022 13:49:30 +0000
Message-ID: <065d8e4a403447c596d45cb6f906f205@verisign.com>
References: <165288156932.31728.2247716171948716878@ietfa.amsl.com>
In-Reply-To: <165288156932.31728.2247716171948716878@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/9Erbo73SuxVpQx_H0f6ceVD4gZU>
Subject: Re: [regext] I-D Action: draft-ietf-regext-rdap-openid-13.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2022 13:49:35 -0000

> -----Original Message-----
> From: I-D-Announce <i-d-announce-bounces@ietf.org> On Behalf Of
> internet-drafts@ietf.org
> Sent: Wednesday, May 18, 2022 9:46 AM
> To: i-d-announce@ietf.org
> Cc: regext@ietf.org
> Subject: [EXTERNAL] I-D Action: draft-ietf-regext-rdap-openid-13.txt
>
> Caution: This email originated from outside the organization. Do not click links
> or open attachments unless you recognize the sender and know the content
> is safe.
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Registration Protocols Extensions WG of the
> IETF.
>
>         Title           : Federated Authentication for the Registration Data Access
> Protocol (RDAP) using OpenID Connect
>         Author          : Scott Hollenbeck
>       Filename        : draft-ietf-regext-rdap-openid-13.txt
>       Pages           : 36
>       Date            : 2022-05-18
>
> Abstract:
>    The Registration Data Access Protocol (RDAP) provides "RESTful" web
>    services to retrieve registration metadata from domain name and
>    regional internet registries.  RDAP allows a server to make access
>    control decisions based on client identity, and as such it includes
>    support for client identification features provided by the Hypertext
>    Transfer Protocol (HTTP).  Identification methods that require
>    clients to obtain and manage credentials from every RDAP server
>    operator present management challenges for both clients and servers,
>    whereas a federated authentication system would make it easier to
>    operate and use RDAP without the need to maintain server-specific
>    client credentials.  This document describes a federated
>    authentication system for RDAP based on OpenID Connect.

[SAH] I made a lot of changes in this version based on some excellent suggestions from Pawel Kowalik and Mario Loffredo. There may yet be more to talk about, so please let me know if you have any other feedback.

Scott