IETF Logo Mail Archive

Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 11 July 2019 09:58 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 334F81202D6 for <sipcore@ietfa.amsl.com>; Thu, 11 Jul 2019 02:58:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLXIFozkNSyg for <sipcore@ietfa.amsl.com>; Thu, 11 Jul 2019 02:58:41 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30061.outbound.protection.outlook.com [40.107.3.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D99191202D1 for <sipcore@ietf.org>; Thu, 11 Jul 2019 02:58:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DLPdPS+4U6DiT26wgKxxSChGC9ZmP48+KF1UnXtmlhP1NDdNysstH3806w37jWiKr17Opa/wP4ULLs+GElPMX457rP+2BYq8r6yaTH17dtzFoB3BcNu482U8GJ5yKE/YFSBZ1smWQoRp6EwX/D9J5mcpaiZdkVqKzxCRb1I7xZ11ccDyLw5kwNHy8Y0faJKaUKpuq7smVMw5wDyrfjDlW2yovHX/57FyFFXsgq5Vaezwk54gYNQ6N/2kfEebXqKmPTimjmTDnyCOufrQ3CdzgDBM74LAVKmRrMhHuskHVcMqBPClnixZNpP2YWT+hISS/6XqEG17VkgoJhGh9bTBTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ELuhBJNNZnVZ7p/v8JUqkl4Mnp/XYR9+4ipqMh9KQ1I=; b=I5BkAH1e+KW+7Rch/HU7LJe/SEpO3z/D54GUJiWWrKkq5El/vTwZ2HHDu9SAkfQEvbXj5lsf7AElW6SIPfIfAPO8fHaqPzf6D8i2ioDMV3h4Bij2hebmqAXsWWPjNsoJ0jV6G0Tm6zzrkoP6RLfgXFxwTuHVN/DDp4iDWMtUB8tiHkYkj8e06lhLlk0F4AC6vikVFsmodB8tkYacCmlfvWvTQcddYDZLnotBKLEU9L1LxavEfeu+pB8ZidCB/PpmvGkRwqwqg98YdfD92LIXTYW0g5trY9SPpLQyG3kn9fZuUmSM1XomaIr5uaWsc/YSB1EHnJa2foryk8LFf+KxUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=ericsson.com;dmarc=pass action=none header.from=ericsson.com;dkim=pass header.d=ericsson.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ELuhBJNNZnVZ7p/v8JUqkl4Mnp/XYR9+4ipqMh9KQ1I=; b=d5DSUAI0Cxkdp0kP6X7nLdB1Mqae7O8l7IKGKMLxHANtucemXfqVBOmljq+iarsR/Uw7fIOGRXFu1TBl6jZ/Y8PkjzxPJHfMayvKdCX7WQ9svcx876d36l+xh4dlM5TOPSTjoQToan4KSv/dDn/1oU+/viibK1xFmdEKFtWocbE=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3244.eurprd07.prod.outlook.com (10.170.246.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.5; Thu, 11 Jul 2019 09:58:38 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5050:a3a9:be80:cf43]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::5050:a3a9:be80:cf43%5]) with mapi id 15.20.2073.008; Thu, 11 Jul 2019 09:58:38 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Olle E. Johansson" <oej@edvina.net>, Paul Kyzivat <pkyzivat@alum.mit.edu>
CC: "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt
Thread-Index: AQHVNLWxruT/m/C2REGBvr04oIfCDqa/Al8AgAHwRACAACa0QIAAOvWAgACKbgCAAH00gIAARqSA///Z+ACAADMUgP//1TCAgABAXACAATj+gIABDXaAgAAhKQCAADqCgA==
Date: Thu, 11 Jul 2019 09:58:37 +0000
Message-ID: <B45FDA7A-C630-4899-AF67-FD2359C48319@ericsson.com>
References: <156249821133.14592.1211919336596009446@ietfa.amsl.com> <CAGL6epLsP_UfZMAcFLsORrR05Enu-vp=jnkgUFuKSttQm8swAw@mail.gmail.com> <c8d5c42e-ab21-80e8-3189-c8592dd02d3a@alum.mit.edu> <HE1PR07MB3161C55955B2FCED2C0F6A9993F60@HE1PR07MB3161.eurprd07.prod.outlook.com> <68ed93ae-57df-6bc7-774b-47959417abda@alum.mit.edu> <HE1PR07MB3161D46B4A44FC7E789ADDB893F10@HE1PR07MB3161.eurprd07.prod.outlook.com> <4a9787e5-b5e2-bc08-0fa0-fae6bd44148d@alum.mit.edu> <527F4C39-F065-4335-A939-6D443F1801E7@ericsson.com> <5bb63c0c-130d-7f69-10b0-1ed1b274cc58@alum.mit.edu> <87AD4BB8-CE77-4FD7-BB72-6643DF513058@ericsson.com> <168b1354-b35b-edee-e5f9-d4ddbecfae40@alum.mit.edu> <607A513F-8616-4777-8B5E-59390E845709@ericsson.com> <b6ca4c79-5a17-10da-3882-20bc8b0e9b98@alum.mit.edu> <5ABB2F7B-8928-4581-8AAD-C8EFDBE95F7E@edvina.net> <C980D7F7-4CED-4363-81AE-199C5A6275B4@edvina.net>
In-Reply-To: <C980D7F7-4CED-4363-81AE-199C5A6275B4@edvina.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1a.0.190609
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 133b4d97-c9ea-42e7-1f07-08d705e65898
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR07MB3244;
x-ms-traffictypediagnostic: HE1PR07MB3244:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <HE1PR07MB32447A9D89987D5233C5F30593F30@HE1PR07MB3244.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0095BCF226
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(396003)(366004)(346002)(39860400002)(189003)(199004)(71200400001)(58126008)(71190400001)(229853002)(110136005)(81166006)(6512007)(81156014)(33656002)(5660300002)(8936002)(8676002)(6486002)(66066001)(86362001)(2906002)(53936002)(256004)(14444005)(4326008)(476003)(2616005)(3846002)(76176011)(6116002)(102836004)(6246003)(2171002)(99286004)(66946007)(6436002)(6506007)(7736002)(68736007)(6306002)(36756003)(66446008)(64756008)(66476007)(66556008)(76116006)(44832011)(26005)(11346002)(446003)(14454004)(478600001)(305945005)(186003)(486006)(25786009)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3244; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: VSZAAr91rBMKUJA9KMUx/EWOf+4Zf69ScZBJgw7iSBhUYUhleNLPduz7m2Fir6bJ75u38nMZ3Eu5Mgjv2l/mpHsXyUQTPpKXfu3uyujo3FORlC3HiOsZ/eB02eyrA4wXWQOMWYUMu0RTs1OCPDSrt3MeYApI8s4iSpYJ7MtzBOjsQB2iLhb/055L63XH1H+9Q+DxZSuNPqUKGvHmFEot3TjHqk2swFQxe2i4hOQoQEeBZ43y/Z4oldBgZszEUcE7OPTzAXqUzD4REnugqKdIugeBEsHhPSTkTKGyRxEnZSBSZdIzDzV7KSmIkN+tZ7wUAhPISCuWCi6NIQWYKRtzRDcrMnuyHL+D0MfElENennQ1VZngXV2u2tPtgZ4dbD0Q5IUN21fJPA+6iX6uAlKddii4pPcXVKEojh1X7A6jKlQ=
Content-Type: text/plain; charset="utf-8"
Content-ID: <CB51818AFFF3AA41A6953A6F81121AF3@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 133b4d97-c9ea-42e7-1f07-08d705e65898
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2019 09:58:38.1756 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3244
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipcore/IhiqWcchB1iKa_OUB-C4F4lwwjY>
Subject: Re: [sipcore] I-D Action: draft-ietf-sipcore-sip-token-authnz-02.txt
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipcore/>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 09:58:44 -0000

Hi,

>The tokens generally, but if I understand it right not always, are JWT structures that contain various data.
>Found a draft that specifies an Oauth Access Token JWT profile
>https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-00
>
>"The original OAuth 2.0 Authorization Framework [https://tools.ietf.org/html/rfc6749]
>   specification does not mandate any specific format for access tokens.
>   While that remains perfectly appropriate for many important scenario,
>   in-market use has shown that many commercial OAuth2 implementations
>   elected to issue access tokens using a format that can be parsed and
>   validated by resource servers directly, without further authorization
>   server involvement.  The approach is particularly common in
>   topologies where the authorization server and resource server are not
>   co-located, are not ran by the same entity, or are otherwise
>   separated by some boundary.  All of the known commercial
>   implementations known at this time leverage the JSON Web Tokens(JWT)
>   [https://tools.ietf.org/html/rfc7519] format.
>“
>
> I think we can safely assume that an Access Token is going to be parsable.

The question is whether we want to mandate JWT, eventhough the statement above probably is correct.

Regards,

Christer

v2.23.0 | Report a Bug | By Email