Re: [tram] [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
Eve Maler <eve@xmlgrrl.com> Sun, 24 August 2014 22:16 UTC
Return-Path: <eve@xmlgrrl.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFFFC1A885A; Sun, 24 Aug 2014 15:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.9
X-Spam-Level:
X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_DOMAIN_NOVOWEL=0.5, URI_NOVOWEL=0.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZ2VXqVr4UI1; Sun, 24 Aug 2014 15:16:43 -0700 (PDT)
Received: from mail.promanage-inc.com (eliasisrael.com [50.47.36.5]) by ietfa.amsl.com (Postfix) with ESMTP id 45F3E1A8857; Sun, 24 Aug 2014 15:16:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.promanage-inc.com (Postfix) with ESMTP id 748065382384; Sun, 24 Aug 2014 15:16:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at promanage-inc.com
Received: from mail.promanage-inc.com ([127.0.0.1]) by localhost (greendome.promanage-inc.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q45Z1jrWhqQK; Sun, 24 Aug 2014 15:16:41 -0700 (PDT)
Received: from [192.168.168.111] (unknown [192.168.168.111]) by mail.promanage-inc.com (Postfix) with ESMTPSA id CB1635382376; Sun, 24 Aug 2014 15:16:41 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset="us-ascii"
From: Eve Maler <eve@xmlgrrl.com>
In-Reply-To: <53F700D2.8000502@gmx.net>
Date: Sun, 24 Aug 2014 15:16:53 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <75ABCB88-B531-442F-9643-C954ED3AA528@xmlgrrl.com>
References: <913383AAA69FF945B8F946018B75898A2831989C@xmb-rcd-x10.cisco.com> <53F700D2.8000502@gmx.net>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/HTj7BKsNBRO8_yEXMP1aafZiZco
X-Mailman-Approved-At: Mon, 25 Aug 2014 07:28:02 -0700
Cc: "tram@ietf.org" <tram@ietf.org>, "draft-ietf-tram-turn-third-party-authz@tools.ietf.org" <draft-ietf-tram-turn-third-party-authz@tools.ietf.org>, "Gonzalo.Camarillo@ericsson.com >> Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>, "sperreault@jive.com" <sperreault@jive.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [tram] [OAUTH-WG] Review of draft-ietf-tram-turn-third-party-authz-01
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Aug 2014 22:16:45 -0000
In case the UMA model of establishing and conducting loosely coupled AS-RS relationships is of interest, you can find more information here: http://tools.ietf.org/html/draft-hardjono-oauth-umacore-10 (for the AS's protection API, the OAuth token securing that API, and the declaration of AS config data including endpoints) http://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-03 (for the resource set registration sub-API) Eve On 22 Aug 2014, at 1:35 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > Hi Tiru, >> ... >>> ... >>> b) You describe a key establishment scheme to be used between the >>> resource server and the authorization server. What assumption do you make >>> about the relationship between the authorization server and the resource >>> server? Are they supposed to have a business relationship or some other >>> relationship with each other ? >> >> Authorization and Resource servers could have a business relationship (loosely coupled, for example Enterprise network using TURN server provided by third party provider like Akamai) or could be deployed in the same administrative domain (tightly coupled, for example Google providing both WebRTC and TURN servers) > > I guess you assume that there is some long-term secret (such as > asymmetric credential) in place and you then derive the symmetric keys > from it (by using DSKPP). Maybe you want to say that (in addition to the > assumed relationship between the two entities). If there is no > relationship between the two parties then they will certainly be a > challenge to get this done securely. Eve Maler http://www.xmlgrrl.com/blog +1 425 345 6756 http://www.twitter.com/xmlgrrl
- Re: [tram] Review of draft-ietf-tram-turn-third-p… Tirumaleswar Reddy (tireddy)
- Re: [tram] Review of draft-ietf-tram-turn-third-p… Tirumaleswar Reddy (tireddy)
- Re: [tram] Review of draft-ietf-tram-turn-third-p… Hannes Tschofenig
- Re: [tram] [OAUTH-WG] Review of draft-ietf-tram-t… Eve Maler
- Re: [tram] Review of draft-ietf-tram-turn-third-p… Brandon Williams
- Re: [tram] Review of draft-ietf-tram-turn-third-p… Tirumaleswar Reddy (tireddy)