Re: [SPICE] Revised Charter
Michael Prorock <mprorock@mesur.io> Tue, 06 February 2024 19:21 UTC
Return-Path: <michael.prorock@mesur.io>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46414C151080 for <spice@ietfa.amsl.com>; Tue, 6 Feb 2024 11:21:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mesur-io.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdoGZljvmS8v for <spice@ietfa.amsl.com>; Tue, 6 Feb 2024 11:20:57 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFC9AC151062 for <spice@ietf.org>; Tue, 6 Feb 2024 11:20:56 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-a3566c0309fso734521466b.1 for <spice@ietf.org>; Tue, 06 Feb 2024 11:20:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mesur-io.20230601.gappssmtp.com; s=20230601; t=1707247255; x=1707852055; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=talklzgwbf0AdMJ9QDLQByjSGl0XuPYOSTpVVxhUdzE=; b=ybYujghR0+j0CFk8mt+PwOWd3jN3brZNcYVnzsM9F+4XG67lxGTyeE02mIGpYP6m4k CiRy7VlQ5GzZcjsyExTLR2t/00F7A+K4Pp1o7W86Y/Ans+0Nu9cj1UuHAuFHpjulIaGw HtsPi4glMILTKA/W+x9TLpJ39urYqbPHLHb2W0QB8UTY02RfUBONbAv46i6LR/fOViHW KLaOSgvQIaE+aC2kTLiafZkjwInNO2ROC+3GdhlsBH4jGcjMuWwpbx/Zn2hA1HakDd+R Rr+5w3Q1hxIyrQzQF4BCl1prLGkbloyptyLsi/QjOxWjOJvgOKi45Yzs44NYmI+AJGK7 kTlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707247255; x=1707852055; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=talklzgwbf0AdMJ9QDLQByjSGl0XuPYOSTpVVxhUdzE=; b=Hgz+3t+SqZr8kOIm4gq57MmUm3j2i1bEPVROFRSPJ41S9BqKGGekVUqly3cfASERvL oWhDmCvWIWyOrr3yyAwCaLMBXo7v65JOfydQaJjw+lff41atQUJcww+KQDvB+jQP6FhG V2IUk+NE7eVHeawMV2k56LbQ5Ky5cUnwTgTw4kq/iSwgRCVvH/LMSAwEDU1X023oY/sG TpRDy3K0KkEA4KMitGVmfMG1BkyZifWPCpZGQ+rwJ6X8akA20da5NN97z2o7wmirb5m/ AxheEnWS0QXnCVzcz8nbTwMJal87qC10zPN4a37j5+7s2xILIUm4K1awiBJVlQsB5u+E 22LQ==
X-Gm-Message-State: AOJu0YzmHZA/tjR+xVBZfaTcROs9JZDl+xocAqWV6eTw3jv88DY/kiic p3/GQGjUjrA5t6AHVWCdB96bN+mA86qiIaQpWu9mIJ2Z/izXwrucxpQsCFUUnuXeHwMgy7d/heO nhRib0Wvb5CY7Lbr1i5TVG1xotD1G6tq5nc3W
X-Google-Smtp-Source: AGHT+IFPtq7JNrqlxy9pl9u8J1ZAGviwb/9cL7SGkrHibsmLiJipWEsOZjbpbO6xWZBwPZ0fpIqxTcye6KkIH9kRdZQ=
X-Received: by 2002:a17:906:3b8b:b0:a37:6303:18b8 with SMTP id u11-20020a1709063b8b00b00a37630318b8mr2496653ejf.54.1707247253838; Tue, 06 Feb 2024 11:20:53 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_+_uWRwgden4DhfOG4kxbExhMk3vgL_9thjt9M4y=Q7CA@mail.gmail.com> <BN2P110MB1107422AB87BB4AFED71A751DC71A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAN8C-_LuOZ6yGLQ6XmuKTpCJCMW+sVMsrtgnCaHZmSDoctYjiA@mail.gmail.com> <BN2P110MB1107BE3E49B8612EBF11A383DC46A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB1107BE3E49B8612EBF11A383DC46A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Michael Prorock <mprorock@mesur.io>
Date: Tue, 06 Feb 2024 12:20:42 -0700
Message-ID: <CAGJKSNQ+NiHpFFBLFdFPg-1t-CSU+GVui5LrddNyXiUa2PAw=Q@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: Orie Steele <orie@transmute.industries>, "spice@ietf.org" <spice@ietf.org>
Content-Type: multipart/related; boundary="0000000000001c01eb0610bb7a7e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/YKjCl6k_ILCPX6HM5Pcmp1shFo8>
Subject: Re: [SPICE] Revised Charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 19:21:01 -0000
Thanks Roman, That google doc is extremely helpful. Orie (and list) I will take a stab at a PR that reflects this feedback. Mike Prorock CTO, Founder https://mesur.io/ On Tue, Feb 6, 2024 at 11:52 AM Roman Danyliw <rdd@cert.org> wrote: > Hi! > > > > Thanks so much for this PR and the related discussion. I have a bit more > feedback: > > > > (1) Editorially, this overall charter text is too long and includes things > that I don’t believe help constrain the scope. I wanted to be constructive > with a proposal but I didn’t know how to best convey proposed editorial > changes on a PR with an explanation. I made a GDoc with track > changes/suggestions, > https://docs.google.com/document/d/1mmaB4Ll8jEpgmuoGNLwks51Set5yxLX7Cc3btq4q_9k/edit?usp=sharing. > If this is not usable, I can find a different way to pass along the changes. > > > > A few motivating ideas include reducing the background and reducing the > number of times parts of the architecture defined. I also proposed the > removal of all individual documents as I wasn’t sure how “related > documents” helped narrow the scope. > > > > (2) The “Goals” section includes a long list of “topics will be considered > in the milestones”. While I can see how these would be important > properties of digital credentials, it wasn’t clear to me who they constrain > the future solution. For example: > > > > -- What does "consider" mean? Using a dictionary definition, "consider" > means the solution wouldn't have to deliver any of these properties. > > > > -- Are these properties going to be provided by unique specifications > produced by the WG? > > > > -- These topics are described in a level of detail that would make it > challenging to assess whether the property was realized. For example, > "Confidentiality (ensuring information is protected from unauthorized > access" is the textbook definition of confidentiality. What is > "unauthorized" in the context of the architecture framed above? > "Availability (efficiently information processing, minimizing data in > flight ...", what's "efficient enough", how many bits "in flight" is too > many or few? > > > > I wonder if this list could be much shorter? Perhaps some reduced set of > properties can be woven in the text to describe the desired framework. > > > > (3) Per the “Meta Discovery”: > > > > -- As design guidance or constraining the solution space, the current text > would benefit from refinement. It doesn't commit to HTTP; or define or > commit to supporting constrained device > > > > -- Per the link draft-ietf-oauth-sd-jwt-vc, my superficial read of the > abstract suggests that it is a “data format”. Is that work that will be > done here too? I’m confused primarily because the current charter text > talks about HTTP and device types but the OAuth document seems more > concrete on the support token type, omits the protocol and device types > > > > -- Per the “not limited to JSON”, what ecosystem does this text intend to > support? Is it only the artifact described in the “selective disclosure of > claims” program of work? > > > > (4) Per the “Selective Disclosure of Claims”, I had trouble understanding > what kind of solution is being described. Specifically, I wasn’t sure what > underlying technologies were being built on. > > > > -- JOSE/COSE was mentioned in the “Goals/In Scope” section. Is that a > dependency? > > > > -- Is this deliverable defining new token format? Augmenting the CWT > claim registry? Adding claims into the COSE registries? CBOR tags? > > > > -- The existing JOSE charter (https://datatracker.ietf.org/wg/jose/about/) > already has in scope: > > > > -- "Standards Track document(s) specifying representation(s) of JSON-based > claims and/or proofs enabling selective disclosure of these claims and/or > proofs, and that also aims to prevent the ability to correlate by different > verifiers." > > -- Standards Track document(s) defining CBOR-based representations > corresponding to all the above, building upon the COSE and CWT > specifications in the same way that the above build on JOSE and JWT. > > > > In what way will this selective disclosure document be different from a > JWP? > > > > -- Is this work going to profile other/existing token formats to describe > how to extend/augment them into being digital credentials? Put into > another way, is this working going to specify a new “envelope” for > selective disclosure of claims (e.g., alternative to JWP), or is it going > to profile/reuse an “envelope” (e.g., JWP) described elsewhere and provide > guidance on how specific industries can add their own claims into it to > construct digital credential? > > > > (5) Editorial. In whatever way this program of work text is refined, that > needs to be summarized back in the “Goals” section. > > > > Regards, > > Roman > > > > *From:* Orie Steele <orie@transmute.industries> > *Sent:* Friday, January 19, 2024 2:05 PM > *To:* Roman Danyliw <rdd@cert.org> > *Cc:* spice@ietf.org > *Subject:* Re: [SPICE] Revised Charter > > > > Roman, > > Thank you for your detailed comments. > > I have raised this PR which I believe addresses all of them: > > https://github.com/transmute-industries/ietf-spice-charter/pull/22 > > However, some of your comments are questions, which I feel it is better to > answer on the list, in case no text change is needed to address them. > > Inline for the rest: > > > > On Thu, Jan 18, 2024 at 4:44 PM Roman Danyliw <rdd@cert.org> wrote: > > Hi! > > > > Thanks for all of the iteration to get to this text. I have a few > questions and comments. > > > > ** Per the “Background” Section: > > > > -- “Some sets of claim names are registered with IANA and originate from > the IETF, OIDF and other standards organizations.” > > > > o Editorially, at no point in the text so far has there been any link made > between “sets of claims” and a “digital credential”. The introductory > paragraph talks about “values” and “attributes” of claims. I recommend > some bridging text. > > > > I have added some text to the introduction to address this. > > > > > o As a reader, I’m not sure why I am being told this detail. No > subsequent text in the deliverables mentions that claims from other SDOs > need to be used or that they are being built upon. > > > I added references to the existing registries, and highlighted that JWT > claims focus on people, whereas many of the CWT claims focus on devices. > > The background context for this is that we think that organizations other > than the IETF, will likely need to describe claims, because a single global > registry won't fit all of them... and would likely overwhelm the designated > experts who might not be able to evaluate if a new claim in needed for > every element in the periodic table, or for every organic chemistry > molecule, or for claims specific to a regional government. > > > > > -- “IETF and IRTF working groups have developed foundational building > blocks with BBS Signatures, RSA Blind Signatures, Verifiable Random > Functions, or other Selective-Disclosure and collection limitation > techniques.” > > > > o Editorial nit. IRTF doesn’t have WGs, it has research groups. The IESG > will flag this. > > > Thanks, I have clarified that IRTF has research groups. > > > > > o There are assertions of foundational building blocks but the text > doesn’t narrative how this work would build on them. One can infer that > BBS/VRF/etc are the crypto that will be used. The IETF WG references of > “Selective-Disclosure” and “collection limitation techniques” is what? > Recommend either citing WGs or RFC/drafts if this link is important. > > > I have added citations. > > > > > o I’m trying to keep the IETF/IRTF lanes clear. Coordination with CFRG is > noted later. Is there coordination, or reuse? What planned activities in > this WG would alter the course of CFRG? > > > I clarified how we think SPICE will consume work from CRFG, and how we > might provide comments on use cases, for example: > > A use case for BBS Blind Signatures is privacy preserving credentials, > such as proving that a human passed a captcha previously and should not be > challenged again, like is done with privacy pass. > > > > > ** Per the “Key Design Properties of Digital Credentials” section > > > > -- What is the intended use of this section? In what way does this text > scope the planned work? For example, will the WG deliver some version of > those as part of the “A document specifying the selective disclosure of > claims in a secure and privacy-friendly manner”? Are those related to the > planned architecture deliverable?) > > > Yes, these are essentially topics we think the architecture will address, > and that SOME credential formats can support. > > There has been a lot of discussion about limiting credential formats to > just the ones that can do all of these (SPICE will only work on BBS > verifier-verifier unlinkable hardware isolated TEE credentials), but that > position does not have consensus in my opinion. > > > > > -- I’m a little confused by the framing of this section as being able > design properties of “digital credentials” but the > “In-Scope”/”Goal”/”Deliverable” sections aren’t linked to digital > credentials. Some editorial bridging is needed. > > > I hope I have addressed this. > > > > > ** Strongly recommend merging “In-Scope” and “Goals” sections. Move the > text currently in Goals to the end of the current “In Scope” text (i.e., > reverse the order). Editorially, charters typically first say what they > will do and then describe who they will work with. > > > Done. > > > > > ** Per the “Goals” > > > > -- Per the text “Additionally, the SPICE WG will coordinate with other > SDOs, such as ISO or W3C, on data model elements or protocols needed to > support existing credential use cases” > > > > o what is the thinking behind “support existing credential use cases”? > Are these new design goals? > > > An example of an existing digital credential could be the identity > credential based on SD-JWT or ISO mDoc described here: > > - https://github.com/WICG/identity-credential > > If SPICE develops SD-CWT, we would hope that it was influenced by the work > that it is attempting to improve on. > > However, unlike WIMSE, we are not trying to make a credential that is > "only for workloads" or "only for people". > > As an analogy, WIMSE credentials being "only for workloads" are inspired > by attempts to use "JWT and DPoP" which are similarly an > "existing credential use case". > > > > > o I observe that ISO is a very BIG organization. IETF even has multiple > liaisons for subsets of ISO. Can this text be more specific about the > relevant links? > > > I removed direct references to other organizations, which I imagine might > raise new objections however I will counter with this argument: > > Unless you are an active member of those organizations, and those > organizations are building digital credentials, and you are contributing to > both groups, I don't see a lot of value in calling out that the > organizations exist. > > I think Manu Fontaine has been most vocal on the desire to reference TCG > and CCC, but I don't understand how he plans to coordinate SPICE related > deliverables (as described in the charter) with those groups, so I will let > him argue to add this back : ) > > Similarly Denis has mentioned ISO, I am not aware of anyone who is > actively contributing to the ISO work on mDoc / mobile drivers licenses / > covid vaccinations that is also planning to contribute to SPICE, but I > think they are welcome to contribute regardless of if ISO is mentioned > directly by name. > > > > > ** Per the “In-Scope” > > > > -- Per the text “The SPICE WG will consider the use of TEEs (Trusted > Execution Environments) for managing key material and digital credentials.” > Can that design be made now? Can this be deferred for future charter > scope? I’m practically asking what “consider” means here. It seems like a > conditional scope (i.e., “we don’t know if we want to deliver this but we > want it in scope”). > > > I removed this, it's been a recurring point of contention. Some folks feel > that TEE is essential, others don't. I don't see the sentence adding any > value to the charter, and I do see it continuing to cause confusion. > > I did move some references to it to the "design considerations" of the > digital credentials section. > > > > -- Per the text “Focusing on crisp technical specifications and producing > separate informative guidance documents helps to keep technical interested > parties involved”, I observe that the planned deliverables only include a > single informative architecture. Is that sufficient? > > > I think so. > > > > Perhaps that is the lesson learned? > > > Much of the charter debate has reinforced this point. > > It is easy to talk about the "philosophical value" of digital credentials, > or even "desirable privacy properties", without discussing how to build > anything that can be implemented. > > I would say that this will remain the primary risk of the architecture > deliverable. > > > > > ** Per the Deliverables? > > > > -- Will the meta-discovery document describe a single protocol? multiple > protocols for discovery? Does it build on any prior work protocol work > (e.g., is it an HTTP API? COAP?) > > > Short answer is we don't know. > > It seems very likely that HTTP will be a component, but we don't want to > preclude other transports such as QR Codes, NFC, Bluetooth, etc... > > The point of this document is not to address all of these, but to provide > a concrete way to discover the optionality that exists in the wild today. > > I added some related drafts that we have worked on trying to characterize > this challenge. > > > > -- Per a “document specifying the selective disclosure of claims in a > secure and privacy-friendly manner”: > > > > o What is the relation between this document and digital credential (the > substance of the front matter)? Is this providing a framework/set of > claims to let others produce their own digital credentials with particular > security properties? > > > Yes, I added some references, and extra text to try to make this clearer. > > > > > o What is the relationship between the “security” and “privacy-friendly” > properties and the more detailed key design properties? > > > I think it's mostly just repeating the design properties, I think the new > text addresses this. > > > > > o What is the encoding of the claims for this document? JSON and CBOR are > noted in the lesson learned but not in the explicit scoping. > > > At this point, we don't seem to be able to agree to pick just one, but > there does seem to be consensus to pull the useful digital credential parts > from each, and harmonize them. > > As an example, SCITT built "receipts" which SD-JWT does not support, OAuth > built SD-JWT which COSE does not support, so SCITT cannot use it. > > Both rely on the `iss` , `sub` and `cnf` claims, which are supported in > JOSE and COSE, and are essential to the "3 roles", issuer (AS), holder > (client) (of credentials, maker of presentations) and verifier (RP)... > > Another example would be how JWT supported claims in headers, but CWT did > not until recently, and when that feature was added, we learned that kccs > had already ported part of it... for those who want the details: > > - https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/22/ > - > https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/10/ > > in https://www.iana.org/assignments/cose/cose.xhtml#header-parameters > > The claims disclosure document, will address this kind of challenge, when > deploying credentials based on CWT and JWT, in a similar way to how EAT > attempted to address this in: > > > https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-25#name-the-claims > > Hopefully these comments are helpful, if you like I can merge the PR or I > can leave it open and make adjustments in case you have further comments. > > Regards, > > OS > > > > > Roman > > > > *From:* Orie Steele <orie@transmute.industries> > *Sent:* Thursday, January 18, 2024 1:19 PM > *To:* spice@ietf.org > *Subject:* [SPICE] Revised Charter > > > > Hello Spice Enthusiasts, > > Our revised draft charter can be found here: > > - > https://github.com/transmute-industries/ietf-spice-charter/blob/8f140a014ed13a21ff308b4d48d745ead67d8c54/charter.md > > Thanks to everyone who contributed text on github and through the mailing > list. > > As mentioned on our calls, I will submit a bof request with the draft > charter text as of today. > > If anyone has objections to the current charter text, please provide NEW > and OLD suggestions through the mailing list (on a seperate thread), so we > can finalize any remaining gaps. > > If you support the current draft charter text, please reply to this email > indicating that you support the current text. > > I support the current charter text. > > Regards, > > OS > > > > -- > > > > > *ORIE STEELE *Chief Technology Officer > www.transmute.industries > > [image: Image removed by sender.] <https://transmute.industries/> > > > > > -- > > > > > *ORIE STEELE *Chief Technology Officer > www.transmute.industries > > [image: Image removed by sender.] <https://transmute.industries/> > -- > SPICE mailing list > SPICE@ietf.org > https://www.ietf.org/mailman/listinfo/spice >
- [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Mahmoud Alkhraishi
- Re: [SPICE] Revised Charter Brent Zundel
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Roman Danyliw
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Roman Danyliw
- Re: [SPICE] Revised Charter Brent Zundel
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Denis