IETF Logo Mail Archive

Re: [Txauth] Use Case: Directed Tokens

Denis <denis.ietf@free.fr> Fri, 03 July 2020 09:09 UTC

Return-Path: <denis.ietf@free.fr>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E9283A00DF for <txauth@ietfa.amsl.com>; Fri, 3 Jul 2020 02:09:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.621
X-Spam-Level:
X-Spam-Status: No, score=-1.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.276, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAcLuPidQIHM for <txauth@ietfa.amsl.com>; Fri, 3 Jul 2020 02:09:38 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp06.smtpout.orange.fr [80.12.242.128]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A8AC3A0B3A for <txauth@ietf.org>; Fri, 3 Jul 2020 02:09:37 -0700 (PDT)
Received: from [192.168.1.11] ([86.238.65.197]) by mwinf5d12 with ME id yZ9a220094FMSmm03Z9aUQ; Fri, 03 Jul 2020 11:09:35 +0200
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Fri, 03 Jul 2020 11:09:35 +0200
X-ME-IP: 86.238.65.197
To: Dick Hardt <dick.hardt@gmail.com>
Cc: Tom Jones <thomasclinganjones@gmail.com>, Justin Richer <jricher@mit.edu>, txauth@ietf.org, Tobias Looker <tobias.looker@mattr.global>
References: <4F145676-A126-4D35-8890-A0DDF891EA06@mit.edu> <32ae1a93-fc9d-cd15-798e-ec493482dd26@free.fr> <90F181EE-8E34-4486-BCFB-ADACE55A55CF@mit.edu> <dd8ef917-c63a-0070-810a-aecfd9aac0a0@free.fr> <CAJmmfSRMWRMQbfZ2ktaRRq1oVeZtXSRf0TGiCJmcLi1FJF6N+w@mail.gmail.com> <6CCD515B-BE87-452B-9034-777D90E110DD@mit.edu> <CAK2Cwb4RMRT-_AJerg6DbGJ08naO1=aHOD3r-RKaU0N5BVvDjw@mail.gmail.com> <3b49cf41-883c-66d9-ac92-b34301161eca@free.fr> <CAD9ie-sSA8EHXA_y4KErvbhWw243EM17C2kEm_T3hCZGqxNqjA@mail.gmail.com>
From: Denis <denis.ietf@free.fr>
Message-ID: <eae565da-c883-1466-8c2d-d4a1ca3d96d8@free.fr>
Date: Fri, 03 Jul 2020 11:09:39 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <CAD9ie-sSA8EHXA_y4KErvbhWw243EM17C2kEm_T3hCZGqxNqjA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------740A8D61DB12305136E553CC"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/0ITa4JND1xqMKEx-fH7MxQel8xQ>
Subject: Re: [Txauth] Use Case: Directed Tokens
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2020 09:09:40 -0000

Hello Dick,

> Apologies for the delayed response:
>
> On Fri, Jun 26, 2020 at 9:04 AM Denis <denis.ietf@free.fr 
> <mailto:denis.ietf@free.fr>> wrote:
>
>     The principle where a RS would only have relationships with one AS
>     would make the model non scalable.
>     It would prevent to get attributes from two different ASs,  for
>     example:
>     identity attributes from a bank and a master degree diploma from a
>     university.
>
>
> Where do you see that the RS can have a relationship with only one AS?

In general, a RS can trust one or more AS, but this does not necessarily 
means that a RS and an AS have a (bi-)lateral relationship.
The current text of the charter is vague enough so that no one can 
really know. The text of the charter should be made more explicit.

>     For privacy reasons, every AS should know as little as possible
>     about the interactions between a client and multiple RSs.
>     It is even possible that this goes as little as knowing /nothing
>     at all/.
>
>
> OAuth 2.0 works this way now.

I don't think so. Today, the only way to request specific attributes in 
OAuth 2.0. is to use the scope/RS pair which means that:

  * the AS knows to which RS the access token is intended, and
  * the AS and the RS have a bi-lateral relationship to know what the
    scope means.

>  The OAuth 2.0 assumption where the AS is in a position to know all 
> the interactions of a given user has with all the RSs
> that an AS server has a relationship with should not be re-iterated.
>
> I am still confused why you think the AS knows anything about the 
> interactions a given user has with all the RSs.
> The AS knows which clients the user is using, but does not need to 
> have any knowledge of which RSs a client is accessing.

In OAuth 2.0, as soon as, for security reasons, an access token is 
targeted then the AS is able to know who the target is.
In GNAP, while not preventing this, we should have the ability to hide 
to the AS who the RS target is.

>  The AS does not need to know anything about the RS. The RS clearly 
> needs to trust the AS, as it is trusting the access granted by the AS 
> to the client,
> but it is /unidirectional trust/ between the RS and the AS.

"unidirectional trust" is not an appropriate wording. Since trust is 
between an entity A and an entity B for some kind of operation C
it does not presume what may happen in terms of trust between entity B 
and entity A. Nevertheless, it looks like that we are in agreement on 
that point.

Denis

>
> /Dick

v2.23.0 | Report a Bug | By Email