[Secdispatch] Re: Topics for IETF 120
David Brossard <david.brossard@gmail.com> Wed, 11 September 2024 18:50 UTC
Return-Path: <david.brossard@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BBEBC14F5EE; Wed, 11 Sep 2024 11:50:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0amd-LKYfyp; Wed, 11 Sep 2024 11:50:11 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09659C14F686; Wed, 11 Sep 2024 11:50:11 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-42cb58d810eso7909095e9.0; Wed, 11 Sep 2024 11:50:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726080609; x=1726685409; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gR4aksPPQN3RYclR6jSUuEdu1jq7LZBLL5oZz1QPyvs=; b=UKceF9DSvETTsbthaywJTrwef0abxjGiIKk4L8gQRTuJud47Ms/XIYgATlj0hIIDf/ kQlHcjR9X1NaIiQDBJpmsZZFOxmewYtpwuxHF+goxkubEwssF8dposntdQ6/vBlVypCf fIOhG2QFUH0fzORhk5HmW3itt/xY4uX9LVilX++Ou0aCDI972rB7w2mEQcM9XA+x+Y/R DPfkySC3Gbftgfksz1SXWo8ddupnr/RTQo1Cfder74K+/E84r9HI+mqmmeYBtalVsk3V EOj50G5rO5jEjEYkoXt1MoSJycmt6VyDvARgfRcqAK8seK611qA0SaDb4Qn3ku7iyqpd HxSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726080609; x=1726685409; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gR4aksPPQN3RYclR6jSUuEdu1jq7LZBLL5oZz1QPyvs=; b=nhgrykmzdlMBq/ps5f//ZarYyuW5GBJGXJBKHQ5CLDeD43NEGJvKEUHSnAYpFrHu+j 0ZIRrrJKuapGulNwNSJsDGrLu3Ko5xOctzoBNVMnW+1xRnGkF0m9PRZk3FUL4EvnAnRC 5BOgpdyR1IdDmvsJIEMRStQG9aJ1DmPw5krH9HnH5OvcVCK9GEQBvMFhCu3CjOtXLF2f flUYUS46+BzSGAG8scWXhDqV9IcbmIv+YTeW3vujgJYOP5SsuJALrQvrtR+gCiDagw8W cRMFgimULh3rbw2RdamLRZ6S8q/k1I9DI67QwziEad655w/uN7U7zcpv7bCXnImsvW+8 Qh7w==
X-Forwarded-Encrypted: i=1; AJvYcCW+YMiKCDq2Q5n3kjxgZn/MCDXfn5kQRwM5OusjdDcb1JFzwVDI/R7v5JFKqApkZhV0uFyciz113YDQFPg=@ietf.org, AJvYcCW4TiMJk8yETUtMCElJJPjNToOGX4H0nP/kUQLahz6rI5Svq0I4DwZjZ+ZX51H/vlXjs6gfDxYOs7jwbUUgNX5HiQo=@ietf.org
X-Gm-Message-State: AOJu0Yw8GrS2jaZW0TGoMcBbhNQ+tDbRN1Cw+JD6RlTkFilRLB2LPcVa Y2q4B5JYD8OV7ZbLxqd8jmxNfFQ+dE7ok+haXhEaNt6h1YmAV5ANIanNJ/rBQ4bBFs3GV6FfsCS EWkca3ufuPw2MvlEOr2uPqOE16S0=
X-Google-Smtp-Source: AGHT+IE2NlC3BlsxBP0qIpZ4qQnzanRJL/lSbwFxX8DYDydaaFo1UR+Q81lTB2otQQuo44GS3iEbzXnhNzw2b5oYBtE=
X-Received: by 2002:adf:edce:0:b0:374:cb28:b3f8 with SMTP id ffacd0b85a97d-378c27a268bmr190341f8f.1.1726080608989; Wed, 11 Sep 2024 11:50:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAJO7GQ_MJ=eGsmGR1odkZEeN=PALeyc5SnUQJVReitz5D3fBMQ@mail.gmail.com> <37BE4D5D-06E4-4875-BDD1-99717F790081@bluepopcorn.net> <CAJO7GQ_AU7efX5LiqTssNs3sFzeHE=ieSAAwzAm4NF1N+8Putw@mail.gmail.com>
In-Reply-To: <CAJO7GQ_AU7efX5LiqTssNs3sFzeHE=ieSAAwzAm4NF1N+8Putw@mail.gmail.com>
From: David Brossard <david.brossard@gmail.com>
Date: Wed, 11 Sep 2024 11:49:57 -0700
Message-ID: <CAJO7GQ-22tphu6Xjbrxrba3ndz-=T14Gzq3pnD-=Ybk4p45eGg@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Content-Type: multipart/alternative; boundary="0000000000008d7a440621dc75f1"
Message-ID-Hash: WYJMZJSZVRG5PH7QC7PBUCDBKSAFUQLO
X-Message-ID-Hash: WYJMZJSZVRG5PH7QC7PBUCDBKSAFUQLO
X-MailFrom: david.brossard@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdispatch.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dispatch-owner@ietf.org, alldispatch-chairs@ietf.org, Andrew Clymer <andy@rocksolidknowledge.com>, theo.dimitrakos@ifiptm.org, secdispatch@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Secdispatch] Re: Topics for IETF 120
List-Id: Security Dispatch <secdispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/iXasvMKVYEKGMfYcuhMWlRTgwcM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Owner: <mailto:secdispatch-owner@ietf.org>
List-Post: <mailto:secdispatch@ietf.org>
List-Subscribe: <mailto:secdispatch-join@ietf.org>
List-Unsubscribe: <mailto:secdispatch-leave@ietf.org>
Hi Jim, With IETF 120 in the back, I wanted to circle back and talk about next steps. After the lightning talk, a few folks came up to me to talk about their needs for an authorization policy language. In OAuth, there is also a need but the consensus was that the language should live outside OAuth and OAuth would just be a consumer of it. Other WGs e.g. WIMSE, SCIM, ACE of course, and perhaps SPICE, I am thinking therefore that ALFA 2.0 would belong to the Security Area (SEC). Is the next step to talk to Deb & Paul? The current stub of a draft is here: https://datatracker.ietf.org/doc/draft-brossard-alfa-authz/ . I have also CCed my two co-authors, Andy Clymer from Rock Solid Knowledge (UK) and Theo Dimitrakos (IFIPTM, UK and Huawei, Germany) who should be able to attend IETF 121 in Dublin. Thanks for your insights, David. On Fri, Jul 12, 2024 at 11:02 AM David Brossard <david.brossard@gmail.com> wrote: > Hi Jim, all, > > Thanks for taking the time to reply. Apologies for missing the deadline. > This is my first IETF and I wasn't paying close attention. > > I will take you up on the lightning talk option. Per the rules on this > site <https://datatracker.ietf.org/group/hotrfc/about/>, I will email a > short abstract to hotrfc@ietf.org. > > I'm looking forward to meeting you in person, > David. > > > On Mon, Jul 8, 2024 at 11:06 AM Jim Fenton <fenton@bluepopcorn.net> wrote: > >> David, >> >> Thanks for reaching out. Copying alldispatch chairs (which includes >> Rifaat). >> >> For this IETF, we are again experimenting with a unified “dispatch” >> session called alldispatch. That seems relevant here because this topic >> seems like it might be in Aecurity Area or in ART (applications/real time) >> Area, and the idea of alldispatch is to have a unified venue, especially >> when it isn’t entirely clear which area something belongs in. >> >> At this point, the agenda for alldispatch at IETF 120 is full. We had a >> deadline for agenda topics a couple of weeks ago as well. >> >> If you want to do something at IETF 120, you have a couple of options: 1) >> Give a lightning talk to pitch the idea at the Hot RFC Lightning Talks on >> Sunday evening, and/or 2) Set up an informal side meeting and recruit >> relevant people to come to it. >> >> Let us know if you have any other questions. >> >> -Jim >> >> On 8 Jul 2024, at 10:35, David Brossard wrote: >> >> Dear Dispatch owners, >> >> First of all, my apologies if I'm supposed to email dispatch@ietf.org >> rather than owners. I'm new(ish) to IETF and its processes. >> >> My name's David and I've been involved in authorization and its >> standardization for the past 15 years. I've worked at OASIS and am >> currently the co-chair of the OpenID AuthZEN WG. >> >> As I'm more and more interested in the overlap between AuthZ and >> authentication, I'll be taking part in the OAuth WG sessions and have >> submitted a draft ID >> <https://datatracker.ietf.org/doc/draft-brossard-oauth-rar-authzen/> for >> their consideration. I've already reached out to Rifaat and some of the >> OAuth folks (whom I know relatively well from my interactions at IIW and >> other venues). >> >> Additionally, I'd like to propose a new standard for authorization policy >> language - or to be more specific an evolution of an old and trusted >> standard: ALFA 2.0. It's a modernization of ALFA (released in 2012) itself >> a modernization of XACML (initially started in 2001). Because it's so >> relevant to OAuth, I thought IETF could be a natural home for the draft >> standard. I'm not sure, though, OAuth itself would be the natural WG for >> this work hence my reaching out to you. >> >> I've not submitted an ID just yet but will have a framework out by >> today's deadline. >> >> Let me know what good next steps should be and which WG you believe would >> be a natural home for ALFA 2.0. IF you want to read up on ALFA itself, >> here's a deck I put together for IIW >> <https://www.slideshare.net/slideshow/internet-identity-workshop-iiw-2023-introduction-to-alfa-authorization-language/267197190> >> last year. There's also https://alfa.guide which is a site I maintain >> (in the spirit of Aaron P.'s oauth.net website). >> >> Thanks for your time, >> David. >> >> > > -- > --- > David Brossard > http://www.linkedin.com/in/davidbrossard > http://twitter.com/davidjbrossard > http://about.me/brossard > --- > Stay safe on the Internet: IC3 Prevention Tips > <https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf> > Prenez vos précautions sur Internet: > http://www.securite-informatique.gouv.fr/gp_rubrique34.html > -- --- David Brossard http://www.linkedin.com/in/davidbrossard http://twitter.com/davidjbrossard http://about.me/brossard --- Stay safe on the Internet: IC3 Prevention Tips <https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf> Prenez vos précautions sur Internet: https://cyber.gouv.fr/bonnes-pratiques-protegez-vous
- [Secdispatch] Re: Topics for IETF 120 David Brossard
- [Secdispatch] Re: Topics for IETF 120 Jim Fenton