Re: [GNAP] Concerns with the lack of progression of GNAP after 20 months of work

Fabien Imbault <> Tue, 01 March 2022 13:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CC1153A0942 for <>; Tue, 1 Mar 2022 05:46:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZlSB5hP2PXIf for <>; Tue, 1 Mar 2022 05:46:33 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 764883A094B for <>; Tue, 1 Mar 2022 05:46:33 -0800 (PST)
Received: by with SMTP id k7so5567969ilo.8 for <>; Tue, 01 Mar 2022 05:46:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BNunR/QlIojszKaQCmPReSbnVJ+yJh/8Aa/0xbBctWE=; b=UjSm71ZtvqeiirSTdPvNF9DAEY4J4Bxo0xcNrulm8wMYuyMTIwbLaqei8d95aik0XK cRFKCQ72oOW/TFVhpV4SKFaCGODrnDJf0LwRU275P5egGzjEJiQ7pTGzDvFBi2McAqil TGLwrhJofdnEJqoVvV3CB8JxG/diPPm8zwrVXEVE87NiGVbXIkY8fkBUWVqJ8NutxMYD kjn853XsalCT2mrZ298uLvBjqF/TglZAkMst/QfkArLXCmw26d9tzgw7vwF1eYhOCxv2 z9oyUs69EhrfqAZ18GxZDOmWIprGl9UqelKQAEPPe2hkyMjv4WHE4DlC1kfLRb7LYqum YkTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BNunR/QlIojszKaQCmPReSbnVJ+yJh/8Aa/0xbBctWE=; b=39kHp6NPLAxHrinhCbAxvdgNYJtoxTv363rbKrIB0X/b/8Iugt0IVInimX2dMzsgeu cWwY8E6NjhWO9JpT/013cSRIJ9YKdYUNgTE3X+4vNPXhh1MNME1A7Ed2TukL/M+5btFU TWyXhIMCqzWX+yyVVE7b6UrKjbCm0/e51wuF4GiOQleuAmgJT+sB/2TFdwuuofGKvKmc z9w6wqjB1dqBb1lTdGNYIMxNzKEV5UiMucvQrDu1yg2JX6msm9E8jnvTE+jLoPF/zEXy 1/G1O8K97+B5pPQyQtxLxJ99qBRXiofRs5gxk+GvSW6GnK81hQz0nloom2aANTZliuSN jIQA==
X-Gm-Message-State: AOAM532X+pvJbjsGpw1OImP8YmOO4M1CdX3DQy1JovAESn26FGfd1jd7 TvUsXnV1ImoZS8WNAgYvzY+5e0lum/PVih8RY0aXlPX/9JA=
X-Google-Smtp-Source: ABdhPJyBvVMS2FS90ypwgXpZWcbR5cMZoB2oFr7pTNsbUV1iDlEi3mXWUtUjgHOe+tKREi0/AJp8fVJ3BOzmCecy5gs=
X-Received: by 2002:a92:dc90:0:b0:2be:f994:7dcf with SMTP id c16-20020a92dc90000000b002bef9947dcfmr22946116iln.160.1646142392403; Tue, 01 Mar 2022 05:46:32 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Fabien Imbault <>
Date: Tue, 01 Mar 2022 14:46:20 +0100
Message-ID: <>
To: Denis <>
Cc: GNAP Mailing List <>
Content-Type: multipart/alternative; boundary="0000000000008c8e9605d92864aa"
Archived-At: <>
Subject: Re: [GNAP] Concerns with the lack of progression of GNAP after 20 months of work
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Mar 2022 13:46:37 -0000


The RS draft is important, but the priority has been put into resolving the
open items of the main draft. As seen in the related PRs.

Please list the GitHub issues related to the RS draft that you'd like us to
focus on next.

Best regards,

On Tue, 1 Mar 2022, 14:30 Denis, <> wrote:

> Fabien,
> It is not useful to send flames.
> It would be much better that you spend time to respond to the issues
> raised on draft-ietf-gnap-resource-servers-01
> and publish a new draft that addresses these issues and in the mean time
> provide a summary of the way these issues have
> been addressed (including the issues you don't agree with).
> "Stabilizing the core draft" and "focusing on real world implementations"
> without progressing the resource-servers draft
> looks like a headlong rush.
> Denis
> Dear Denis,
> Sorry I have to say this, but repeating your misconceptions don't make
> them true. That's currently not helping anyone going forward.
> The editors and chairs welcome anyone with helpful contribution.
> Already the spec had many great improvements, from many outstanding
> individuals cited in the text. Including on security and privacy.
> We are now stabilizing the core draft and focusing on real world
> implementations to demonstrate the value and interoperability.
> Best regards,
> Fabien (speaking only in my own name)
> On Tue, 1 Mar 2022, 12:49 Denis, <> wrote:
>> Hello everybody,
>> GNAP has four main components : users, clients, ASs and RSs.
>> GNAP is supposed to describe a protocol. A protocol is a set of rules
>> that control the way data is exchanged between computers.
>> A reader would expect to find the description of the data sent by a
>> client to a RS (which are indeed described in ietf-wg-gnap/core-protocol),
>> but also find how that data *shall be handled by a RS* which is supposed
>> to be described in draft-ietf-gnap-resource-servers. Unfortunately,
>> this is not the case.
>> The focus has been placed on the "core" protocol, leaving aside the the
>> RS.
>> The core document (ietf-wg-gnap/core-protocol) has now got more than 400
>> issues !
>> Besides the editors (and the chair), very few members are active and at
>> this time it is unlikely that more members will participate
>> since *the main driving line for the construction of GNAP has been los*
>> *t*.
>> The recent message called "embedding GNAP" got no reply from the WG,
>> except one from a co-editor.
>> IMO, this demonstrates that *GNAP is still a **moving target* *after 20
>> months of work.*
>> Does this mean that all the WG members agree with the very few emails
>> that are exchanged or that the WG members are
>> no longer really able to participate to the discussion since such
>> participation would involve a lot of days to get "up to speed" again ?
>> I would guess that the right answer is the latter.
>> The core document has still *no security model *and hence its security
>> is more than questionable.
>> The core document is AS centric and hence *the **privacy concerns of the
>> users cannot be addressed*. Is this deliberate ?
>> When the work started, privacy was supposed to be a major concern to be
>> taken into consideration, but in practice, this is not the case.
>> The core document still does not address the general use case.
>> There are so many options that *interoperability will not be possible*.
>> *draft-ietf-gnap-resource-servers-01** expired on 13 January 2022*.  We
>> are now close to an IETF meeting and no draft is available.
>> The milestones are outdated and, anyway, are not observed (see
>> Milestones:
>>   Jul 2021 - Core delegation protocol in WGLC
>>   Oct 2021 - Key presentation mechanism binding to the core protocol, TLS, to WGLC
>>   Oct 2021 - Key presentation mechanism binding to the core protocol, detached HTTP signatures, to WGLC
>>   Oct 2021 - Key presentation mechanism binding to the core protocol, embedded HTTP signature, to WGLC
>>   Dec 2021 - Guidelines for use of protocol extension points to WGLC
>>   Feb 2022 - Guidelines on migration paths, implementation, and operations to WGLC
>> At the next IETF meeting, rather than addressing, *as usual,* the last
>> technical issues that no one or very few people will be able to follow or
>> understand,
>> I would suggest that the editors address the following topics:
>> *interoperability*, *privacy *and *security *at a level that will allow
>> everybody to understand
>> the real issues behind these three words and by presenting *a balanced
>> view*.
>> Denis
>> PS: If we were working within ISO, this WG would already have been closed.
>> --
>> TXAuth mailing list