Re: [regext] Publication has been requested for draft-ietf-regext-rdap-openid-23
"Hollenbeck, Scott" <shollenbeck@verisign.com> Thu, 17 August 2023 19:56 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFB84C15153E; Thu, 17 Aug 2023 12:56:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.405
X-Spam-Level:
X-Spam-Status: No, score=-4.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZDd9dbHS-zQ; Thu, 17 Aug 2023 12:56:34 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 728FCC15109A; Thu, 17 Aug 2023 12:56:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=18960; q=dns/txt; s=VRSN; t=1692302193; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=kcoNzvQvGOlMQJe6rUGHYhyLish7SfFJrJggeTnGFkE=; b=PVJEUjSgKE5/rW71g/3f+zYONSlh06+ldTs83DsYqJvi2uTKGu0IXGxs nzKYiWR8Krbf3lAljK20t70QoKH0VXAA62TAkPBPbTlF722hy9h2/gfzv sbpZNR5+jWefuk2crijPIc9A7OZZu5UYi0l5XjDXDnM2dxu373fu4Tf0T C//w6+1mqR5OEDVEZ56BqVf/dncEznPlAHx/xljC0kiwWUoZo/JDllBHN Ee3CdOMANaonynfXDfauveQyoM20SpEDl2LOsU/LhXYhpNjcF2Gpqz01B yLH1Lg8i/yGFTfqeupTB1kR0LgeiRlZ0LFXt4/VyEArlvaMiWQSdBJ3Lh w==;
IronPort-Data: A9a23:OargQKydgvszE99GhA56t+c2xyrEfRIJ4+MujC+fZmUNrF6WrkUFz mdMXT+CP/2KMGLwKIsjbI7i/RwC6JOGm4JhTARupC00HyNBpPSeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHPymYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArlV ena+qUzA3f7nWYtWo4ow/jb8kg37K2t4GlwUmEWPpingnePzxH5M7pCfcldH1OgKqFIE+izQ fr0zb3R1gs1KD90V7tJOp6iGqE7aua60Tqm0xK6aID76vR2nRHe545gXBYqQRwO12jWxYAZJ OJl7vRcQS9xVkHFsLpFD0kAS0mSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KSZf8 qVALGlUUi/d38ym/qjjVu1Xl/12eaEHPKtH0p1h5RvjK68ZZ73zG/yM+9Rfxi92j8wIA+zFY YwSbj8HgBboOkUJYwhMTstjx6H01hETcBUBwL6RjbE35GzXwQp73bPuGMTYYN2RRMpT2E2fo woq+kyjXkBHZIfBkFJp9FqD1tT0rAmhSbgAFYyFxMF1hwSr6HUMXUh+uVyT5KPRZlSFc8lCM 0EO5zEjt4A98UWqSp/2WBjQiGSJsRMMR/JRHvE0rgaXxcL8+QuWC3gYCzVBYd08r+c3SCAkk FiTkLvU6SdHuqeTEG2b+6fM9HapJzJTKG4ZICUDCwEf5YClvpsoiFTESdML/LOJs+AZ0ArYm 1iixBXSTZ1K5SLX/81XJWz6vg8=
IronPort-HdrOrdr: A9a23:Wo5DSKzrxhudJzXAWQP8KrPw8b1zdoMgy1knxilNoHtuA6mlfq GV7ZYmPHDP6Ar5NEtPpTniAsa9qBrnnPZICOIqTNSftWfd2VeAHcVN4Yzv2DX8FyC73f4178 tdWpk7LNHrF1B1gYLZ7BnQKbwd6ejC1Kyzn+/RwzNWUAdwZ8hbgjtREAqBDUFsfgVACKc4EJ b03KF6mwY=
X-Talos-CUID: 9a23:UzhDm216/Au1z6f4o/3TFLxfXdEiKyXZlS7sHBHgJ3ZXUuWJTWSBwfYx
X-Talos-MUID: 9a23:a2D0uQpLYoXcV8YfdFIezx4yD/xZyf6/MlIMoKg0hNaDbBReIijI2Q==
X-IronPort-AV: E=Sophos; i="6.01,180,1684800000"; d="scan'208,217"; a="24958361"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.31; Thu, 17 Aug 2023 15:56:32 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) by BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) with mapi id 15.01.2507.031; Thu, 17 Aug 2023 15:56:31 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "superuser@gmail.com" <superuser@gmail.com>
CC: "regext@ietf.org" <regext@ietf.org>, "AlBanna, Zaid" <zalbanna@verisign.com>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] Publication has been requested for draft-ietf-regext-rdap-openid-23
Thread-Index: AQHZzXjmEGmbowwhZEaK6KR43lvV1a/pudLAgADqGYCAAkiQgIACAlkA///4hnA=
Date: Thu, 17 Aug 2023 19:56:31 +0000
Message-ID: <9b1d217f603f422e8113a6fe0adfb5d8@verisign.com>
References: <169141539729.16856.3286991888155976046@ietfa.amsl.com> <CAL0qLwZ6TOUS-PgNbVN3xatsTtQppzROou4AbgMSNCKnaFf8Fg@mail.gmail.com> <6b39bd1ebabd4135b3c54a404409ccb8@verisign.com> <CAL0qLwZS7NcJGOr4PNaENb-hZzOq_oYQHZ_3_2FxXwgY1HMCag@mail.gmail.com> <b2ef6a44ad584a439126e3df56ec9167@verisign.com> <CAL0qLwZtEU7r+JWdf4MZJ-MY9jjA=SRUGiUVYrSN-0juy3smMw@mail.gmail.com>
In-Reply-To: <CAL0qLwZtEU7r+JWdf4MZJ-MY9jjA=SRUGiUVYrSN-0juy3smMw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00D5_01D9D123.63A8AEC0"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/ZMN1g7xudKPYHvCMDBlhSt1b6eo>
Subject: Re: [regext] Publication has been requested for draft-ietf-regext-rdap-openid-23
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2023 19:56:38 -0000
From: Murray S. Kucherawy <superuser@gmail.com> Sent: Thursday, August 17, 2023 11:56 AM To: Hollenbeck, Scott <shollenbeck@verisign.com> Cc: regext@ietf.org; AlBanna, Zaid <zalbanna@verisign.com>; regext-chairs@ietf.org Subject: [EXTERNAL] Re: [regext] Publication has been requested for draft-ietf-regext-rdap-openid-23 [SAH] [snip] In Section 3.1.2, what is a "given period of interaction"? [SAH] The intention here is to use encourage clients to use one form of interaction or the other consistently in the course of sending RDAP queries and receiving RDAP responses over a given period of time. For example, don’t mix in token-oriented actions while in the middle of a session-oriented interaction. OK, I thought you might have actually been trying to say "session". But the same text could legitimately mean, say, "month", or "before an unspecified timeout expires"; in the latter case, I'd be wondering what timeout you mean. [SAH] Yes, I was trying to say “session” without using that word because token-oriented clients don’t establish sessions in the way the term is used in the document. On the other hand, would it be clearer to say something like “within an exchange of requests and responses over a period of time”? What's the advice to an implementer of token-oriented clients? It feels like we're trying to describe a time boundary beyond which you can establish a new pattern. What might that be for non-session situations? It's fine if there's no good answer, but I wanted to tease out any opportunity to be more crisp here. [SAH] What I’m trying to say here is that a client shouldn’t mix token-oriented requests in between session-oriented login and logout requests. Maybe that’s the best way to say it: “Clients MAY operate as either session-oriented or token-oriented clients, but they MUST do so consistently by not mixing token-oriented and session-oriented requests while interacting with an OP.” Does that work? [SAH] [snip] In Section 3.1.4.1, same question. [SAH] This SHOULD exists because other methods exist to discover the provider. The server might not support the query parameter because it can determine the issuer from the given credential (Gmail maps to Google, for example), or it may only support a single identity provider. But if I use one of those other methods, is there any degradation to interoperability or security? [SAH] Not that we’re aware of. At least one implementer has confirmed that it’s more common not explicitly receive anything that identifies the provider. The alternatives are described in 3.1.4. OK so this seems like a good candidate for another SHOULD-unless construction as you did above. Thanks for clarifying. [SAH] OK, how about this: “Alternatively, if mapping of an End-User's identifier is not possible, or not supported by the RDAP server, the RDAP server SHOULD support explicit specification of a remote OP by the RDAP client in the form of a query parameter as described in Section 5.2.2 unless the remote OP has been identified using an out-of-band mechanism.”? In Section 5.1.1, the entire object is OPTIONAL. This doesn't seem right. Would there be any practical use to such a thing? [SAH] A token-oriented client won’t ever establish a session. Does that mean at least one of the object's attributes will always be set? If so, a MUST at the bottom indicating such would tighten this up (e.g., "X is OPTIONAL, Y is OPTIONAL, Z is OPTIONAL, but you MUST set at least one of them"). [SAH] Mario helpfully reminded me that Section 5.2.3 describes the objects to be returned in a response based on success or failure. How about adding this to 5.1.1 right before the example: “Note that all of the members of the "farv1_session" data structure are OPTIONAL. See Section 5.2.3 for instructions describing when to return the minimum set of members.” Thanks, I hadn't connected the two. So the normative prose around this does indeed say an empty object is syntactically legal, but 5.2.3 provides guidance that it should really never happen. Do we need to protect consumers against the possibility of a syntactically valid but semantically nonsense empty reply by giving them guidance about how to handle such a thing? I'm fine if the answer is "no", but I wanted to ask the question. [SAH] I think we’re safe with not saying any more that’s already in RDAP itself: if a client sees something it doesn’t expect, it can safely be ignored.
- [regext] Publication has been requested for draft… James Galvin via Datatracker
- Re: [regext] Publication has been requested for d… Murray S. Kucherawy
- Re: [regext] Publication has been requested for d… Hollenbeck, Scott
- Re: [regext] Publication has been requested for d… Murray S. Kucherawy
- Re: [regext] Publication has been requested for d… Hollenbeck, Scott
- Re: [regext] Publication has been requested for d… Murray S. Kucherawy
- Re: [regext] Publication has been requested for d… Hollenbeck, Scott
- Re: [regext] Publication has been requested for d… Murray S. Kucherawy
- Re: [regext] Publication has been requested for d… Hollenbeck, Scott
- Re: [regext] Publication has been requested for d… Murray S. Kucherawy