Re: [Txauth] Txauth Digest, Vol 9, Issue 48

Fabien Imbault <fabien.imbault@gmail.com> Wed, 20 May 2020 14:10 UTC

Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E4CC3A0A09 for <txauth@ietfa.amsl.com>; Wed, 20 May 2020 07:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AIpdfXWEqjM0 for <txauth@ietfa.amsl.com>; Wed, 20 May 2020 07:10:16 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD4BB3A0A06 for <txauth@ietf.org>; Wed, 20 May 2020 07:10:15 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id g25so2505959otp.13 for <txauth@ietf.org>; Wed, 20 May 2020 07:10:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=FeNi9EPU8PfhTM4jS3z40W6lNAVfRBgBLlQtwkPDv0U=; b=kbnLAv7fulrki5IZoNsD3KV11yQDHDEkvNjNKtYjwj665ZSZ5pJcuLTGlR9OvwM47M oVzQeArIdGY/hXKxWSOd5RPqLTqpwRA7QlSqCDCdt9CB5uTnHvWRfdWzafe4IC14+HPx w7eWRpZggCsyGkft8SqISbPoWhlE/rfYD8270ITqpwmMXZBcnKKYPvmKDprxs99D1loI BlnMSLT6KNR70ePxHExSy6OeVW9Kv6Nr+ImQd2KhVjCRNpeDSSU1CM7Gg1VRkFiYLCWv jKmwm7u5oI0JKRdW1oN3qeoVzarDeBjHH1XTQ7AtKDPc/6xciIGrnCnRed9s69w/+7sU URkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=FeNi9EPU8PfhTM4jS3z40W6lNAVfRBgBLlQtwkPDv0U=; b=nuTdV+D/3EUkzpK0WnLqkl2yVu8emcFb5t3sjZkmWum90kl7be7tKclHsp4mLcCk3V 9BiI6YihKYVwyaT7O3/N+VXvNg3CpiyPdc5yVlB/8tPmgOdAWijXEQ07DVzAxJjfYQWc ScatsvhGGVgBqMxh1er23OS2cyOKQm6wk/BOhbUXGICUGnEpQZUZM5PE01O7GNRNhirG LrXEy6R7226MAdPpQIiCoKojdXYDcltBO/h9Qb6ETp4udheJzaXkyYQsNgq9KBjnzyV7 KvrEU24aX8AsL7IqhyAKHn2rAWEM8e44L15mEr3k5KUNFBWSJuhLQ9E6C/a4POROr9m5 ISOw==
X-Gm-Message-State: AOAM531r3VUYd/7a9uqeth1WBB79SYL0s+IQUQ3XTzOi16YftdGvPcbO JyQbKjcH6ncosixbREAUkyrj1w41yS+uZINeswEJL4Kb
X-Google-Smtp-Source: ABdhPJynEt92mCHag3eTc2i6VXQGBOsPBVesdyQTGXfL3p6yr/Khp8OdfDYfjasvx/844sgpE7pSyyEi2oCHtLs5d2k=
X-Received: by 2002:a05:6830:3109:: with SMTP id b9mr375414ots.41.1589983814762; Wed, 20 May 2020 07:10:14 -0700 (PDT)
MIME-Version: 1.0
References: <mailman.567.1589983294.8861.txauth@ietf.org>
In-Reply-To: <mailman.567.1589983294.8861.txauth@ietf.org>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Wed, 20 May 2020 16:10:03 +0200
Message-ID: <CAM8feuQWD8+4Gj5XQ9GoszNuXBCMoaL5VW=O2biYuOrqdOmJmg@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007a44b205a614f4da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/-pG4FgDOiMHXHxWQDkzAfPCGWPE>
Subject: Re: [Txauth] Txauth Digest, Vol 9, Issue 48
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2020 14:10:23 -0000

Hi Yaron,

I guess they get for me into the category "wouldn't object", anyway you'll
have answers from other people to discriminate.

I wish you all a good day.

Fabien



> ---------- Forwarded message ----------
> From: Yaron Sheffer <yaronf.ietf@gmail.com>
> To: Fabien Imbault <fabien.imbault@gmail.com>om>, <txauth@ietf.org>
> Cc:
> Bcc:
> Date: Wed, 20 May 2020 17:01:24 +0300
> Subject: Re: [Txauth] Txauth Digest, Vol 9, Issue 46
>
> Hi Fabien,
>
>
>
> Thank you for the detailed response. I’m struggling though with those
> where you “don’t have a strong opinion”. Should we count them as “wouldn’t
> object” or are they really “object” and you don’t have a good explanation –
> which is totally fine.
>
>
>
> Regards,
>
>                 Yaron
>
>
>
> *From: *Txauth <txauth-bounces@ietf.org> on behalf of Fabien Imbault <
> fabien.imbault@gmail.com>
> *Date: *Wednesday, May 20, 2020 at 15:26
> *To: *<txauth@ietf.org>
> *Subject: *Re: [Txauth] Txauth Digest, Vol 9, Issue 46
>
>
>
> Thanks Yaron, sorry I had missed that. That's great.
>
> So here I go, of course that's a personal view and explanations should be
> taken as constructive criticisms.
>
>
>
> Wouldn’t Object:
>
> * TxAuth      Transmission of Authority -> seems good to me, even if Tx still makes me think more of transaction. The easiest to remember for me.
>
> * XAuthZ    eXtensible authoriZation protocol -> I like that AuthZ makes the scope clearer. Maybe a bit hard to pronounce and may look very nerdy to the average user (but I think it's still ok).
>
> * GranPro    GRAnt Negotiation Protocol -> seems pretty clear
>
> Object:
>
> * TXAuth    Testable eXtensible Authorization (doesn't seem production ready)
>
> * TXAuth      Truly eXtensible Authorization (don't know what would be a not truly extensible auth)
>
> * RefAuthZ    Refactored Authorization Protocol (same idea, refactored compared to what)
>
> * ReAuthZ    Reimagined Authorization Protocol (same idea)
>
> * AAuthZ    Alternative Authorization Protocol (same idea)
>
> * PAuthZ    Protocol for Authorization (too broad)
>
> * TINOA   This Is Not OAuth (so what?)
>
> * DIYAuthZ    Do-It-Yourself Authorization Protocol (people don't want DIY auth I think, they want secure stuff)
>
> * IDPAuthZ    Intent Driven Protocol for Authorization (too close to IDentity Provider)
>
> For the rest, I don't have strong opinions, it's just that they don't resonate well to me, and I struggle to remember them.
>
> Fabien
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Yaron Sheffer <yaronf.ietf@gmail.com>
> To: Fabien Imbault <fabien.imbault@gmail.com <fabien.imbault@gmail..com>>,
> <txauth@ietf.org>
> Cc:
> Bcc:
> Date: Wed, 20 May 2020 14:54:35 +0300
> Subject: Re: [Txauth] Txauth Digest, Vol 9, Issue 44
>
> Hi Fabien,
>
>
>
> Please see my email from yesterday for method and calendar.
>
>
>
> https://mailarchive.ietf.org/arch/msg/txauth/sxMA2D3xkluRwJJGWcPOck7HlT8/
>
>
>
> Thanks,
>
>                 Yaron
>
>
>
> *From: *Txauth <txauth-bounces@ietf.org> on behalf of Fabien Imbault <
> fabien.imbault@gmail.com>
> *Date: *Wednesday, May 20, 2020 at 13:38
> *To: *<txauth@ietf.org>
> *Subject: *Re: [Txauth] Txauth Digest, Vol 9, Issue 44
>
>
>
> Hi,
>
>
>
> Well, I guess the issue with the poll illustrates quite clearly why we
> need authorization in systems.
>
>
>
> I'm not sure we really need more names right now, the brainstorming
> produced quite a large set of possibilities (which Nigel evaluated based on
> some common requirements), from which we need to choose.
>
> My personal opinion is that we need to keep things simple: find a way to
> decide on a name and start focusing on the specification itself.
>
>
>
> Let's see what co-chairs propose in terms of method and calendar.
>
>
>
> Fabien
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Nigel Hamilton <nige@123.do>
> To: txauth@ietf.org
> Cc:
> Bcc:
> Date: Wed, 20 May 2020 06:20:40 +0100
> Subject: [Txauth] Name Game (contd)
>
> Hi,
>
>
>
> It's a bit disappointing that the voting went awry. It's normal to go
> through a few iterations however.
>
>
>
> I personally like WRAC - as it is distinctive and the expanded acronym
> helps to explain what it does. I just want to flag up, however, that there
> are some potential trademark problems with it. If it had been submitted
> prior to the first poll - it would have appeared in the lower list and not
> made the first voting round.
>
>
>
> Cheers
>
>
>
> Nige
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: David Skaife <blue.ringed.octopus.guy@gmail.com>
> To: Yaron Sheffer <yaronf.ietf@gmail.com>
> Cc: "txauth@ietf.org" <txauth@ietf.org>
> Bcc:
> Date: Wed, 20 May 2020 10:50:19 +0100
> Subject: Re: [Txauth] Call for WG name preferences
>
> Hi Yaron,
>
>
>
> I think overall the proposed approach is sensible, however, I'm not sure
> it's a good idea to allow new names to be suggested at the same time as
> when people are stating which names they would and wouldn't object to. It's
> going to get very chaotic if new names are being suggested at the same time
> as this consensus check. Also, what happens if someone suggests a new name
> a few hours before the deadline giving very little time for people to
> confirm whether they object to it or not?
>
>
> Would it not be more sensible to draw a line under new name suggestions
> before we then state our preferences?
>
>
> Many thanks,
>
> David Skaife
>
>
>
> On Tue, May 19, 2020 at 9:34 PM Yaron Sheffer <yaronf.ietf@gmail.com>
> wrote:
>
> Hi!
>
> After reviewing the community feedback and discussions with the AD, we’d
> like to again launch a process to elicit feedback on naming.  Our proposal
> is below.  We’d appreciate any clarifying questions, proposed improvements
> or objections by 0800 UTC, Thursday, May 21st .
>
> Thanks,
>         Yaron and Dick
>
> PS, I’m sharing the load with Dick and taking point on this consensus call
> -- Yaron
>
> ----
>
> Before we submit the draft charter [1] to the IESG, we wanted to explore
> the name of the group. During the chartering discussions, some people
> objected to the BoF name being the WG name.  We’d like to get consensus on
> what the WG name should be.  Our first attempt to elicit input [2] wasn’t
> successful, and this is a second attempt to get consensus from the
> community.
>
> To get to consensus, we want to gather preferences on the currently known
> WG name candidates. Our goal is not to select the most popular name -- it
> is to select a name everyone can live with and ensure that we understand
> and weigh any objections there might be with that choice.  To that end,
> we’d like to elicit your name preferences in the following way:
>
>  (1) In previous discussions, the following candidate names have been
> voiced (we have listed only these names that received at least one vote
> previously):
>
> * AAuthZ    Alternative Authorization Protocol (AAuthZ)
> * AZARP    AuthoriZed Access to Resources Protocol
> * AZARAP    AuthoriZation And Resource Access Protocol
> * BeBAuthZ    Back-end Based Authorization Protocol
> * BYOAuthZ    Build-Your-Own Authorization Protocol
> * CPAAP    Comprehensive Privileged Authentication Authorization Protocol
> * DAZARAP    Delegated AuthoriZation And Resource Access Protocol
> * DIYAuthZ    Do-It-Yourself Authorization Protocol
> * GNAP    Grant Negotiation and Authorization Protocol
> * GranPro    GRAnt Negotiation Protocol
> * IDPAuthZ    Intent Driven Protocol for Authorization
> * NIRAD    Negotiation of Intent Registration and Authority Delegation
> * PAuthZ    Protocol for Authorization
> * RefAuthZ    Refactored Authorization Protocol
> * ReAuthZ    Reimagined Authorization Protocol
> * TIAAP    Tokenized Identity and Access Protocol
> * TIDEAuth    Trust via Intent Driven Extension Auth
> * TIDYAuth    Trust via Intent Driven Yield Auth
> * TIEAuth    Trust via Intent Extension Auth
> * TINOA   This Is Not OAuth
> * TXAuth    Testable eXtensible Authorization
> * TxAuth      Transmission of Authority
> * TXAuth      Truly eXtensible Authorization
> * XAuthZ    eXtensible authoriZation protocol
>
> We would ask that you consider these names, and respond to the list with
> your selection of the following two categories:
>
> * “Wouldn’t Object” -- this is not necessarily your preferred name, but
> you would be comfortable with it being the name of the WG (choose as many
> names as you want)
> * “Object” -- you would be uncomfortable with the WG being named in this
> way (choose as many names as you want; please provide an explanation)
>
> (2) If your preferred name isn’t in the list per (1), you can send a note
> to the mailing list stating that you’d like the WG to consider a new name.
> Please ensure the name adheres to the previously discussed naming criteria
> at [3]. We still request that you provide your other preferences and
> objections.
>
> (3) If you previously sent in your preferences, but a new name suggestion
> or someone’s objection changed your mind, then send another message to the
> mailing list with your revised preferences.  For the purposes of consensus,
> we’ll assume that everyone who hasn’t commented on a new name introduced
> per (2) “objects” to it (i.e., we want to hear positive confirmation of
> preference on new names).
>
> (4) Please provide your input by 0800 UTC June 4, 2020.
>
> With that input, our plan is to assess rough consensus in the following
> way:
>
> (a) See if there is consensus for a name identified given the “wouldn’t
> object to being the WG name” preference and the level of “would object”
> feedback
>
> (b) If there isn’t clear consensus with (a), but a significantly reduced
> set of candidates around which there is enthusiasm, the chairs will share
> the results and request feedback
>
> (c) If rough consensus appears to be reached through steps (a) – (b),
> revisit the objections to this candidate name, elicit additional objections
> and see if they change the consensus.
>
> Regards,
>         Yaron and Dick
>
> [1] https://datatracker.ietf.org/doc/charter-ietf-txauth/
> [2]
> https://mailarchive.ietf.org/arch/msg/txauth/GnTUvD191MGMF63Oe3VTqkYi0Wg/
> [3]
> https://mailarchive.ietf.org/arch/msg/txauth/lAe06IW4nihUzyTkWVDcq8rnUa8/
>
>
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
>
>
>
> ---------- Forwarded message ----------
> From: Yaron Sheffer <yaronf.ietf@gmail.com>
> To: David Skaife <blue.ringed.octopus.guy@gmail.com>
> Cc: "txauth@ietf.org" <txauth@ietf.org>
> Bcc:
> Date: Wed, 20 May 2020 12:57:07 +0300
> Subject: Re: [Txauth] Call for WG name preferences
>
> Maybe, but the proposal makes it clear that the default for new names is
> that we consider everyone to “object” to them unless explicitly told
> otherwise.. So people will understand that the only way for a name to have
> a chance is to propose it early in the game..
>
>
>
> Thanks,
>
>                 Yaron
>
>
>
> *From: *David Skaife <blue.ringed.octopus.guy@gmail.com>
> *Date: *Wednesday, May 20, 2020 at 12:50
> *To: *Yaron Sheffer <yaronf.ietf@gmail.com>
> *Cc: *"txauth@ietf.org" <txauth@ietf.org>
> *Subject: *Re: [Txauth] Call for WG name preferences
>
>
>
> Hi Yaron,
>
>
>
> I think overall the proposed approach is sensible, however, I'm not sure
> it's a good idea to allow new names to be suggested at the same time as
> when people are stating which names they would and wouldn't object to. It's
> going to get very chaotic if new names are being suggested at the same time
> as this consensus check.. Also, what happens if someone suggests a new name
> a few hours before the deadline giving very little time for people to
> confirm whether they object to it or not?
>
>
> Would it not be more sensible to draw a line under new name suggestions
> before we then state our preferences?
>
>
> Many thanks,
>
> David Skaife
>
>
>
> On Tue, May 19, 2020 at 9:34 PM Yaron Sheffer <yaronf.ietf@gmail.com>
> wrote:
>
> Hi!
>
> After reviewing the community feedback and discussions with the AD, we’d
> like to again launch a process to elicit feedback on naming.  Our proposal
> is below.  We’d appreciate any clarifying questions, proposed improvements
> or objections by 0800 UTC, Thursday, May 21st .
>
> Thanks,
>         Yaron and Dick
>
> PS, I’m sharing the load with Dick and taking point on this consensus call
> -- Yaron
>
> ----
>
> Before we submit the draft charter [1] to the IESG, we wanted to explore
> the name of the group. During the chartering discussions, some people
> objected to the BoF name being the WG name.  We’d like to get consensus on
> what the WG name should be.  Our first attempt to elicit input [2] wasn’t
> successful, and this is a second attempt to get consensus from the
> community.
>
> To get to consensus, we want to gather preferences on the currently known
> WG name candidates. Our goal is not to select the most popular name -- it
> is to select a name everyone can live with and ensure that we understand
> and weigh any objections there might be with that choice..  To that end,
> we’d like to elicit your name preferences in the following way:
>
>  (1) In previous discussions, the following candidate names have been
> voiced (we have listed only these names that received at least one vote
> previously):
>
> * AAuthZ    Alternative Authorization Protocol (AAuthZ)
> * AZARP    AuthoriZed Access to Resources Protocol
> * AZARAP    AuthoriZation And Resource Access Protocol
> * BeBAuthZ    Back-end Based Authorization Protocol
> * BYOAuthZ    Build-Your-Own Authorization Protocol
> * CPAAP    Comprehensive Privileged Authentication Authorization Protocol
> * DAZARAP    Delegated AuthoriZation And Resource Access Protocol
> * DIYAuthZ    Do-It-Yourself Authorization Protocol
> * GNAP    Grant Negotiation and Authorization Protocol
> * GranPro    GRAnt Negotiation Protocol
> * IDPAuthZ    Intent Driven Protocol for Authorization
> * NIRAD    Negotiation of Intent Registration and Authority Delegation
> * PAuthZ    Protocol for Authorization
> * RefAuthZ    Refactored Authorization Protocol
> * ReAuthZ    Reimagined Authorization Protocol
> * TIAAP    Tokenized Identity and Access Protocol
> * TIDEAuth    Trust via Intent Driven Extension Auth
> * TIDYAuth    Trust via Intent Driven Yield Auth
> * TIEAuth    Trust via Intent Extension Auth
> * TINOA   This Is Not OAuth
> * TXAuth    Testable eXtensible Authorization
> * TxAuth      Transmission of Authority
> * TXAuth      Truly eXtensible Authorization
> * XAuthZ    eXtensible authoriZation protocol
>
> We would ask that you consider these names, and respond to the list with
> your selection of the following two categories:
>
> * “Wouldn’t Object” -- this is not necessarily your preferred name, but
> you would be comfortable with it being the name of the WG (choose as many
> names as you want)
> * “Object” -- you would be uncomfortable with the WG being named in this
> way (choose as many names as you want; please provide an explanation)
>
> (2) If your preferred name isn’t in the list per (1), you can send a note
> to the mailing list stating that you’d like the WG to consider a new name.
> Please ensure the name adheres to the previously discussed naming criteria
> at [3]. We still request that you provide your other preferences and
> objections.
>
> (3) If you previously sent in your preferences, but a new name suggestion
> or someone’s objection changed your mind, then send another message to the
> mailing list with your revised preferences.  For the purposes of consensus,
> we’ll assume that everyone who hasn’t commented on a new name introduced
> per (2) “objects” to it (i.e., we want to hear positive confirmation of
> preference on new names).
>
> (4) Please provide your input by 0800 UTC June 4, 2020.
>
> With that input, our plan is to assess rough consensus in the following
> way:
>
> (a) See if there is consensus for a name identified given the “wouldn’t
> object to being the WG name” preference and the level of “would object”
> feedback
>
> (b) If there isn’t clear consensus with (a), but a significantly reduced
> set of candidates around which there is enthusiasm, the chairs will share
> the results and request feedback
>
> (c) If rough consensus appears to be reached through steps (a) – (b),
> revisit the objections to this candidate name, elicit additional objections
> and see if they change the consensus.
>
> Regards,
>         Yaron and Dick
>
> [1] https://datatracker.ietf.org/doc/charter-ietf-txauth/
> [2]
> https://mailarchive.ietf.org/arch/msg/txauth/GnTUvD191MGMF63Oe3VTqkYi0Wg/
> [3]
> https://mailarchive.ietf.org/arch/msg/txauth/lAe06IW4nihUzyTkWVDcq8rnUa8/
> <https://mailarchive..ietf.org/arch/msg/txauth/lAe06IW4nihUzyTkWVDcq8rnUa8/>
>
>
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
> -- Txauth mailing list Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
> -- Txauth mailing list Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>