IETF Logo Mail Archive

Re: [GNAP] Review of draft-ietf-gnap-core-protocol-00

Fabien Imbault <fabien.imbault@gmail.com> Fri, 13 November 2020 12:57 UTC

Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC493A0957 for <txauth@ietfa.amsl.com>; Fri, 13 Nov 2020 04:57:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1OrH6d_GxG4 for <txauth@ietfa.amsl.com>; Fri, 13 Nov 2020 04:57:48 -0800 (PST)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02BF93A0934 for <txauth@ietf.org>; Fri, 13 Nov 2020 04:57:48 -0800 (PST)
Received: by mail-io1-xd2b.google.com with SMTP id i18so8182127ioa.3 for <txauth@ietf.org>; Fri, 13 Nov 2020 04:57:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=l6Krminzw8lrdBCcW6HBob7p1q+cGDVEKIobPlrNzCA=; b=jk8wBXgmRYl/zdFOW+0co47f4UfUon5iev3Ss1TXRCtC3WrJoWib82+hLnrBgfTczQ 9D5IFXEv8u4e8no749a45TgPt+m6WfbYhq9UCw36dhVsk10kZnxbvkINGq3xYzilWE2E 1YWYkhOrp7x8GPhZ47zq92+XBtBObJR9pXp9O/6HHyJLit5UXy7HfoDXENDLSw/iTf5E TOtxWS+jqsJw+/GbOdYw6HymznuxvHJ4TqV66yRIrcnplo6n8mRV0ZIgDVemZGtpLAFD E1X+4dS7EmQXtwkExr34m9QX6zFDcw5bDVMPIFT8JkxMPRZj0XFjmJ4FtjLsNtvfMy91 Krjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=l6Krminzw8lrdBCcW6HBob7p1q+cGDVEKIobPlrNzCA=; b=KT7afSE+U+h27ubMJouFQLe0v1LL1ez5fbhsnjIN5fDVaIVdKEhLGxZweUEDvOW1Je jBP3+ZaiHCA6PZPXUZCeSZvKNz3ZZT41/kH+8wGRYcF1Vx3QxHZewyCghxnZdKAuSRqb Fs1+E7MDmcha882n8u5gisOzAaAIMR0Y5BmU+V1qauG17aXnD3qwYzBEIXLIDvLpakiA 7UZ3f2ALZIL0lBGKTBSWIqotyIpC2rKPzNL1OiRwCQqTbLKyHvn2Q9dsnC4+C6b4IVAu KjaYCxkqgpcnsJIcTL3MoZBGyWe2t2EIUlQGnw/ra/0RPTQxKfGxnG8teKIDxHJY5cx1 ToCg==
X-Gm-Message-State: AOAM531wc53tq+vQr/X7bt/X4e23KcmMJkW2zLlghNQxvDaYzEQhou/H EghYnMxqzcswgSYwjfeP0yKTtQQihIXqppO3PvD4wZr6hbIA7YRv
X-Google-Smtp-Source: ABdhPJxm5qZSpTgaJXTzg3v+BW/iABpJT5SkGu9Sj2whGlPxbEw4feCf3LrLdbgMD/Fbh1Gr4GzU/HM00ovbmW8adLU=
X-Received: by 2002:a6b:6001:: with SMTP id r1mr1624161iog.144.1605272267178; Fri, 13 Nov 2020 04:57:47 -0800 (PST)
MIME-Version: 1.0
References: <160433257633.23038.15047041472414640530@ietfa.amsl.com> <AB11DC08-C6ED-4045-A8F5-872AD263035D@mit.edu> <FR2P281MB01063C2EA739E892B549611D8D110@FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM>
In-Reply-To: <FR2P281MB01063C2EA739E892B549611D8D110@FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Fri, 13 Nov 2020 13:57:35 +0100
Message-ID: <CAM8feuQcCdQFGUKy-ou7H3Ta38yyN1LR+0XJd9WophRMRdPDEA@mail.gmail.com>
To: Francis Pouatcha <fpo=40adorsys.de@dmarc.ietf.org>
Cc: GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000040c49e05b3fc934e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/-AM3_Z8ehHMahSlriNwXjQX1HVo>
Subject: Re: [GNAP] Review of draft-ietf-gnap-core-protocol-00
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 12:57:50 -0000

Hi Francis,

Thanks a lot for your feedback, never to late :-) - including I hope for my
late answer.

Reviewing the structure of the document might be useful indeed. I've opened
a new issue https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/30

As for the rest of your comments B: embedded as a comment with [FI] (i
removed the parts related to the structure of the spec).

Cheers
Fabien


On Tue, Nov 3, 2020 at 11:00 PM Francis Pouatcha <fpo=
40adorsys.de@dmarc.ietf.org> wrote:

>
> B) Current Document
>
> Roles description shall not hold any assumption on the physical structure
> of the party fulfilling the roles.
> [FI] not sure what you mean
>


> Roles:
> -> grant endpoint of the AS: Why is this a post request? This eliminates
> the chance of having user device hosted AS (no server).
>
[FI] what would you propose instead?
Would also be interested to understand better the deployment model when
there is no server. That's something that was discussed several times but
I'm still missing the underlying architecture and use case.


> -> Resource Owner (RO) : Authorizes the request? Does it authorize the
> request or the access to a resource?
>
[FI] yes, we should make the wording clearer

>
> Missing Section Interactions:
> --> This section shall introduce the notion of interaction before we start
> listing interaction types.
>
[FI] yes

>
> Interaction Types:
> --> I prefer a classification with Redirect, Decoupled and Embedded is. In
> the draft, we have one redirect and 2 decouple interactions and nothing
> else.
>
[FI] this should be handled as a specific discussion item. As a reminder,
how would you define embedded?

In practice there's at least these modes:
- redirect and redirect back
- redirect to different browser or device
- user code
- CIBA


> Resource Access Request vs. Resource Request
> --> Both are mixed up. No clarification of the context of each section.
>
[FI] could you clarify what you'd expect.  Btw on this topic, there's a
more general discussion on whether we should make a distinction or not.

>
> Token Content Negotiation
> --> Not expressed as such. This is central to GNAP and not represented
> enough  in the document.
>
[FI] right. This should be a specific discussion item.

>
> Requesting "User" Information
> we identify two types of users: RQ and RO. It will be better not to refer
> to a user in this draft, but either to a RQ or an RO.
>
[FI] yes that would avoid potential misunderstandings. Although in the end,
people will translate RQ into user or end-user most of the time. Cf in
definition, currently we have Requesting Party (RQ, aka "user")


> Interaction Again
> -> For each interaction type, we will have to describe the protocol flow
> and the nature and behavior of involved Roles (Parties), Elements, Requests.
>
[FI] yes

>
>
> Best regards
> /Francis
>
> --
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email