Re: [regext] I-D Action: draft-ietf-regext-rdap-openid-17.txt

"Hollenbeck, Scott" <shollenbeck@verisign.com> Thu, 18 August 2022 13:24 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C53DC1522B1 for <regext@ietfa.amsl.com>; Thu, 18 Aug 2022 06:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gm3nOVqdeZey for <regext@ietfa.amsl.com>; Thu, 18 Aug 2022 06:24:11 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4C1C14CE20 for <regext@ietf.org>; Thu, 18 Aug 2022 06:24:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2403; q=dns/txt; s=VRSN; t=1660829051; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=VSMvAhPyPdbHrNZWrHbnf/0mBCqDYiXKoUrBTsJXubg=; b=mHXJRFpxbGWg1XaGysgcsGb3epF3G3tDzUQVBaXOjcuLMC+T83NUql4g zifttt0Nh7aXXBYWv43cJBKSjLhvdpPlEj7PDI12AM7KPFEamB+h+5Ojc TD/3dKdMSicsJJd2sAQ35veDBXfRrQqbBPdYFbk25QtKWCoJ4UHxS5qRb acXbGqaslqW9GXkQDrC8g4u8WnGT7iKAtYE1y4w7uTSsgoVEINEuyVes5 2U/M9WljBKdhXrrW4cvVbcYp49iweR5w7MSx6ep1O1AUX8pUiHF5aZdKi 5AKm92xlbSrTszWJWDWk+lUNp3faLfHNijgkzAd+jz4QpTiYfnTEsz8kl A==;
IronPort-Data: A9a23:rbBbraouDU70kD3Hoc0uV/CDr71eBmJKZBIvgKrLsJaIsI4StFCzt garIBmBO/eIZ2uneNwlOoiwp0MA7cDUy9VrGgs6/HgxQSMVpZacVYWSI3mrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYGYpLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMS31GWNglaYCUpJrfPYwP9TlK6q4mlA7gVuPaojUGL2zBH5MrpOfcldEFOlGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD8fwXG8M49m/t4sol IgS78zYpTABZcUgkMxFO/VRO38mYf0eoNcrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXAGoXUECzjbO0/JjhTslxnuI5AMzaJqpK7xmMzRmBZRonabr5Zfz1w/JohG52mMtJB+6Yb sZfdyB0alLLZBgn1lU/Ucp4xbjzwCCiKHsE+Dp5poJui4TX5Bdx17zpPdzfd9eJbdtYhEeDp 23AuW/+B3n2MfTGmWHcqin13YcjmwvYH9oqToCS+MVr3kWV+EIWLBMPV1S09KzRZkmWHog3x 1Yv0jAjoqUi6GSqQ8XzGRqirxa5UgU0UcBWSvI85RHVk+/P/RzfA2kfCzRGLtY8spZwWyYx0 BmCmNaB6SFTjYB5gEm1rt+8xQ5e8wBORYPeTUfolTc43uQ=
IronPort-HdrOrdr: A9a23:0BHuuqCTZhmWWt7lHelx55DYdb4zR+YMi2TDsHoBLCC9E/bo9f xG88566faZslgssRIb9uxoUZPoKU80nqQFgrX5U43CYCDW/EWlK4145ZbvznnKC0TFmtJ15O NFf7JlANP9SXp3na/BijWQIpIFzMOc+K6lwd3CyWxgJDsGV4h74xxnBh2gHkp6eQlDCfMCf6 ah2g==
X-IronPort-AV: E=Sophos;i="5.93,246,1654560000"; d="scan'208";a="18310313"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Thu, 18 Aug 2022 09:23:56 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) by BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) with mapi id 15.01.2375.031; Thu, 18 Aug 2022 09:23:56 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] [regext] I-D Action: draft-ietf-regext-rdap-openid-17.txt
Thread-Index: AQHYswUVYjMf6SZBHEeb4hS7KeCQeq20pFxQ
Date: Thu, 18 Aug 2022 13:23:56 +0000
Message-ID: <8cd98d486f7d4338a23cfb51338a8a88@verisign.com>
References: <166082873591.34725.2033323161642995143@ietfa.amsl.com>
In-Reply-To: <166082873591.34725.2033323161642995143@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/DhG25zCOF4RoR5TukZIg_CLzjrU>
Subject: Re: [regext] I-D Action: draft-ietf-regext-rdap-openid-17.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2022 13:24:15 -0000

> -----Original Message-----
> From: regext <regext-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
> Sent: Thursday, August 18, 2022 9:19 AM
> To: i-d-announce@ietf.org
> Cc: regext@ietf.org
> Subject: [EXTERNAL] [regext] I-D Action: draft-ietf-regext-rdap-openid-17.txt
>
> Caution: This email originated from outside the organization. Do not click links
> or open attachments unless you recognize the sender and know the content is
> safe.
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Registration Protocols Extensions WG of the
> IETF.
>
>         Title           : Federated Authentication for the Registration Data Access
> Protocol (RDAP) using OpenID Connect
>         Author          : Scott Hollenbeck
>   Filename        : draft-ietf-regext-rdap-openid-17.txt
>   Pages           : 40
>   Date            : 2022-08-18
>
> Abstract:
>    The Registration Data Access Protocol (RDAP) provides "RESTful" web
>    services to retrieve registration metadata from domain name and
>    regional internet registries.  RDAP allows a server to make access
>    control decisions based on client identity, and as such it includes
>    support for client identification features provided by the Hypertext
>    Transfer Protocol (HTTP).  Identification methods that require
>    clients to obtain and manage credentials from every RDAP server
>    operator present management challenges for both clients and servers,
>    whereas a federated authentication system would make it easier to
>    operate and use RDAP without the need to maintain server-specific
>    client credentials.  This document describes a federated
>    authentication system for RDAP based on OpenID Connect.

This version corrects a few outdated references and one error where a boolean true value was represented as a string. With these fixes, I believe the draft is finished and is ready for working group last call.

In the past we've thought that it might be prudent to hold off on completing this draft until ICANN processes focused on authenticated access to registration data ran to completion. It's now clear that those ICANN processes aren't focused on using RDAP, so I think it's best if we declare victory and move this document over the finish line.

Scott