[sacm] CoSWID and CWT
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 20 November 2019 19:37 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 301DE120932 for <sacm@ietfa.amsl.com>; Wed, 20 Nov 2019 11:37:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1sgv2gL9TMQ2 for <sacm@ietfa.amsl.com>; Wed, 20 Nov 2019 11:37:09 -0800 (PST)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76C9120926 for <sacm@ietf.org>; Wed, 20 Nov 2019 11:37:08 -0800 (PST)
Received: by mail-ot1-x32f.google.com with SMTP id m15so652945otq.7 for <sacm@ietf.org>; Wed, 20 Nov 2019 11:37:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=fbOWmP5rGjJuw8Rho7pDQuxllk4gH0W5AbF/PoNoh4Y=; b=muDhX8hwMr+OsxdCRiAma5jUJ8GBXRq9yve9WS8OqGUeSMSdTemvsvjtTKy5xkTJRx DoJEcnOIa3X3pYyY7OJRDJy2Yk0FZkhsBDQSguY8Ata5b3Mv19M/3N1dPqIahKTndR9N rIHgmx+mGZJ9i5IUj4gxYsPpA/gLCch9KpMAC2d4vEFmTgPpH9fB3Bv5kuVf0SxkFowb Av8tYJtq1jpnpfuhX2MmLglXGIxfvomLHJRF3IFvoGyEEWPRdQFbuCWTXsfj0cC5BVLe TAXrMuCMQ/JjScoGKt8a4N0Ji0Oa2Ehk9b34PYn9BvIv7t1yFkqcknIoD1x6u4Lbxhl6 8WRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fbOWmP5rGjJuw8Rho7pDQuxllk4gH0W5AbF/PoNoh4Y=; b=dpj71zQOHJI/2v6B1XWQ473zPQq76FH8d6j7qBYPSp5qP2QKLMNg5kiKvZdILJZWdq nNirJom24jjNy7rNmwaSdYtuIfQ7/bDm7ou+jDb8GevhM8BKmadnuXZSqc/Jd8/Dlhct mfnsVXQ9S10EOUXoDqmPZwm3te5Zv9YNVBu+qW6EgB/HFRVDo9DtKdyGRy9RbJcICoJd y7l6FbuKiB8rWeDuNhJQCpnzyS/d89ZXLReDWch40iTPJbHTiy5c7/sPmfyCCrcU6ye3 OY/FYdHYA92f9xvyU0DVIq+4sIobbWIFcilA50j9jHX/KRtHjePew9z4hyWiWtk0xrAL NBMw==
X-Gm-Message-State: APjAAAUKH4wesFQ+mYZ5T9C5auHN/4NkfGrXEMktZ4rldWfCLMx+PBoz EPRuG/z5kTo6dLrjMjJHs0fLVQPntmD/qd9HtXWRovhU
X-Google-Smtp-Source: APXvYqxg+j7lSUgpM2NqxOitsiV6Q9qLp+7R5eMw3j1l3XlnDv0Kn8rVvsQNSeul5Pu9++sGy02Zxbc/QCiYw3vEVaw=
X-Received: by 2002:a9d:17ca:: with SMTP id j68mr3379240otj.250.1574278628002; Wed, 20 Nov 2019 11:37:08 -0800 (PST)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 20 Nov 2019 14:36:32 -0500
Message-ID: <CAHbuEH50qPfAbxgt2mE7brW5-kMoNvHp+yKjyPa0L0V9d7zPuQ@mail.gmail.com>
To: "<sacm@ietf.org>" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006652200597cc4ef0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/yMyS2HKDRAhTASsgItitP8b4BwU>
Subject: [sacm] CoSWID and CWT
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 19:37:10 -0000
Hello! I have been thinking about this a bit more and am wondering if CoSWID could just be the StringOrURI in a CWT. This would let you add claims over time to a CoSWID that are out-of-scope for Co-SWID and it would also put it into the format of an EAT in case there were other interesting things to do using that common format. This would make it an easy adjustment of text for the CoSWID document as well. If more claims needed to be defined in time, it would be quite simple to do it in the CWT rather than the CoSWID with it's well defined scope. Looking at the ROLIE descriptor document, it would need to support getting EATs in this format as well as it specifically calls out getting a signed or encrypted CoSWID in addition to a CoSWID. The ROLIE descriptor document also explicitly calls out what is not in a CoSWID. There would likely be some vendor specific claims added and this is possible in a CWT as well. I hope that clarifies. Is there a size restriction on the StringOrURI? The signature would be on the CWT in this case. -- Best regards, Kathleen
- [sacm] CoSWID and CWT Kathleen Moriarty