Re: [Txauth] Txauth Digest, Vol 9, Issue 56

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 28 May 2020 20:47 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8527F3A0DE3 for <txauth@ietfa.amsl.com>; Thu, 28 May 2020 13:47:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNlibB7PKXMO for <txauth@ietfa.amsl.com>; Thu, 28 May 2020 13:47:52 -0700 (PDT)
Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1319A3A0DB4 for <txauth@ietf.org>; Thu, 28 May 2020 13:47:51 -0700 (PDT)
Received: by mail-qt1-x833.google.com with SMTP id b11so202534qtt.3 for <txauth@ietf.org>; Thu, 28 May 2020 13:47:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version; bh=0g2H3ZoWLfm/c8fhNRoLXQLv8iuGKcMkBIcREPsseSs=; b=S9V5jYu5gw8JbOe0cqZ5gTBBhJ5cy87l0z1udYnfotTFpv0uVWY8572wEvKzymVPzZ RIyLRIt8Xx9UxGJFn8VEkNMFn9A5+sWvWnzLpjqZ8cZFySp9fyFLMgYtLQ5JEPkg1OGY +/qgbhZe/NyGTC7jVoBGQQDpKaS67C8R8zyXog0SDGtpg6vXoWnr6mPw0qWGYq8084l/ vJFCxNA9QEHjdkqNXJ1nYNzgWAQHa03TiUY/1CzH+J1+z493KwybqYaOmiQe1camD/sl i9vAv80ERwTklOlnnhXicGWeOUt+9/hmkJlASyd/UQAsw7lKK3oF2fVLtzZlBWyDgsy7 YHUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version; bh=0g2H3ZoWLfm/c8fhNRoLXQLv8iuGKcMkBIcREPsseSs=; b=oS1IlYwPSQzMRUdrtr33LJDdOuWYxxxESTO9loCfFEFzSEJ6j+fPGkyw2VUT0ZAmyk fWTvW3UVqJQzNF7XNmMx8lR0uM5sUt7KN/QbstdF4IanxO3sRXXHJqe7CSS9DBD7MpR5 k1ENDAsgD6NtIyVcivUL9AthYgEQOcab8IaFzi/ujUu70q/bDIF7pZtWS8v2K50+s2u0 UWZLTtYlNd0qkPQu5cqh70R2Xep79bioBQrw+gZ3jT/KRn+sh05v6xa19b7uDNmbpOlP gLVOxdBJ8M+1wErfUGHdXicRdpHShvzYiCighqlwxvuWBQEslfS+ckJGrnFIKvLuOcg9 bYHQ==
X-Gm-Message-State: AOAM5304GUN+nrVRJdtPRlcXflAQkxMptONQf+4xh/RI3SWfNPpLQ7HV ezHHQprSGdcpm14bUU1w0ioq/jrf
X-Google-Smtp-Source: ABdhPJxgMaNx2deItD55aoU3hDrzaXsvn1lXwGVVQ3qfX+RtMEzhb9FfBif+HYOUo+9i6LT6PY4qrQ==
X-Received: by 2002:aed:33c1:: with SMTP id v59mr2042310qtd.250.1590698870794; Thu, 28 May 2020 13:47:50 -0700 (PDT)
Received: from [172.26.49.35] (pub-corp-42-8.intuit.com. [91.102.42.8]) by smtp.gmail.com with ESMTPSA id l2sm5426507qkd.57.2020.05.28.13.47.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 May 2020 13:47:50 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.37.20051002
Date: Thu, 28 May 2020 23:47:46 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Nigel Hamilton <nige@123.do>, <txauth@ietf.org>
Message-ID: <CB089A1B-30DC-464A-979E-B440C8A3B625@gmail.com>
Thread-Topic: [Txauth] Txauth Digest, Vol 9, Issue 56
References: <mailman.2351.1590682645.8861.txauth@ietf.org> <CADbPLe3NM8yiWWRuycN4shCMvgREDgUPuCmf_N4phQqipP-Avw@mail.gmail.com>
In-Reply-To: <CADbPLe3NM8yiWWRuycN4shCMvgREDgUPuCmf_N4phQqipP-Avw@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3673554468_23642343"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/1TWZPQ-JwEaVmJ-qUazhj3JfcWA>
Subject: Re: [Txauth] Txauth Digest, Vol 9, Issue 56
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 20:47:56 -0000

Hi Nige,

 

We are already past the deadline for new name suggestions.

 

Everybody is welcome (and very much encouraged) to offer their opinion on the current list of names.

 

Thanks,

                Yaron

 

From: Txauth <txauth-bounces@ietf.org> on behalf of Nigel Hamilton <nige@123.do>
Date: Thursday, May 28, 2020 at 22:23
To: <txauth@ietf.org>
Subject: Re: [Txauth] Txauth Digest, Vol 9, Issue 56

 

Hi,

 

Unfortunately AuthX doesn't pass the trademark smoke test [1].

 

If you would like to suggest a name before the deadline - please check if the name is already registered as a trademark. 

 

Cheers

 

NIge

 

1. https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/1/UK00003310084

 

On Thu, May 28, 2020 at 5:17 PM <txauth-request@ietf.org> wrote:

Send Txauth mailing list submissions to
        txauth@ietf.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://www.ietf.org/mailman/listinfo/txauth
or, via email, send a message with subject or body 'help' to
        txauth-request@ietf.org

You can reach the person managing the list at
        txauth-owner@ietf.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Txauth digest..."
Today's Topics:

   1. Name suggestion for next round... (Vijay IETF)
   2. Re: Name suggestion for next round... (Justin Richer)
   3. Re: Name suggestion for next round... (Yaron Sheffer)
   4. Re: Name suggestion for next round... (Vijay IETF)
   5. unsolicited feedback on naming (Wayne Chang)



---------- Forwarded message ----------
From: Vijay IETF <vijay.ietf@gmail.com>
To: txauth@ietf.org
Cc: 
Bcc: 
Date: Thu, 28 May 2020 15:08:37 +0530
Subject: [Txauth] Name suggestion for next round...

Hi,

 

I'd like to suggest AuthX for inclusion in the next round...

 

Why AuthX?

 

The group's draft charter includes concepts, not in words but perhaps by induction, from the realms of identity, authorization, and authentication. 

 

1. The X in AuthX indicates that.

2. It's simple.

3. Avoids the unproductive conversations on the semantics of Transaction.

4. It indicates that the group is open to exploring all things X (known, unknown) wrt identity, authorization, authentication.

 

No matter how narrow we try to scope the charter down, those are inescapable and related concepts. 

 

Witness the massive confusion thrust upon developers arising from OIDC and OAuth2 specifications coming from two different organizations on concepts that in my mind are inseparable from a systems perspective.

 

Specifications that are not self contained are confusing at minimum. And do a disservice to the wider community at worst when they punt on something fundamental and related as being out of scope.

 

If we are breaking from the past then it behoves upon us to not repeat the mistakes from the past.

 

- Vijay




---------- Forwarded message ----------
From: Justin Richer <jricher@mit.edu>
To: Vijay IETF <vijay.ietf@gmail.com>
Cc: txauth@ietf.org
Bcc: 
Date: Thu, 28 May 2020 10:37:18 -0400
Subject: Re: [Txauth] Name suggestion for next round...
Hi Vijay,

Sorry to say this, but according to the process put forward by the chairs, the cut-off for suggesting new names has already passed. Now the group is looking for feedback on the existing list of candidates, not for additional candidates. 

In addition, AuthX is an existing company name in this space: https://www.authx.com/

 — Justin

> On May 28, 2020, at 5:38 AM, Vijay IETF <vijay.ietf@gmail.com> wrote:
> 
> Hi,
> 
> I'd like to suggest AuthX for inclusion in the next round...
> 
> Why AuthX?
> 
> The group's draft charter includes concepts, not in words but perhaps by induction, from the realms of identity, authorization, and authentication. 
> 
> 1. The X in AuthX indicates that.
> 2. It's simple.
> 3. Avoids the unproductive conversations on the semantics of Transaction.
> 4. It indicates that the group is open to exploring all things X (known, unknown) wrt identity, authorization, authentication.
> 
> No matter how narrow we try to scope the charter down, those are inescapable and related concepts. 
> 
> Witness the massive confusion thrust upon developers arising from OIDC and OAuth2 specifications coming from two different organizations on concepts that in my mind are inseparable from a systems perspective.
> 
> Specifications that are not self contained are confusing at minimum. And do a disservice to the wider community at worst when they punt on something fundamental and related as being out of scope.
> 
> If we are breaking from the past then it behoves upon us to not repeat the mistakes from the past.
> 
> - Vijay
> -- 
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth





---------- Forwarded message ----------
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Justin Richer <jricher@mit.edu>du>, Vijay IETF <vijay.ietf@gmail.com>
Cc: <txauth@ietf.org>
Bcc: 
Date: Thu, 28 May 2020 17:56:39 +0300
Subject: Re: [Txauth] Name suggestion for next round...
Please see here for the latest on the name selection process: https://mailarchive.ietf.org/arch/msg/txauth/Gr_FZOKAmIeZOjPvVK_2JyaVIZY/

The deadline is June 4, 0800 UTC.

Thanks,
        Yaron

On 5/28/20, 17:37, "Txauth on behalf of Justin Richer" <txauth-bounces@ietf.org on behalf of jricher@mit.edu> wrote:

    Hi Vijay,

    Sorry to say this, but according to the process put forward by the chairs, the cut-off for suggesting new names has already passed. Now the group is looking for feedback on the existing list of candidates, not for additional candidates. 

    In addition, AuthX is an existing company name in this space: https://www.authx.com/

     — Justin

    > On May 28, 2020, at 5:38 AM, Vijay IETF <vijay.ietf@gmail.com> wrote:
    > 
    > Hi,
    > 
    > I'd like to suggest AuthX for inclusion in the next round...
    > 
    > Why AuthX?
    > 
    > The group's draft charter includes concepts, not in words but perhaps by induction, from the realms of identity, authorization, and authentication. 
    > 
    > 1. The X in AuthX indicates that.
    > 2. It's simple.
    > 3. Avoids the unproductive conversations on the semantics of Transaction.
    > 4. It indicates that the group is open to exploring all things X (known, unknown) wrt identity, authorization, authentication.
    > 
    > No matter how narrow we try to scope the charter down, those are inescapable and related concepts. 
    > 
    > Witness the massive confusion thrust upon developers arising from OIDC and OAuth2 specifications coming from two different organizations on concepts that in my mind are inseparable from a systems perspective.
    > 
    > Specifications that are not self contained are confusing at minimum. And do a disservice to the wider community at worst when they punt on something fundamental and related as being out of scope.
    > 
    > If we are breaking from the past then it behoves upon us to not repeat the mistakes from the past.
    > 
    > - Vijay
    > -- 
    > Txauth mailing list
    > Txauth@ietf.org
    > https://www.ietf.org/mailman/listinfo/txauth

    -- 
    Txauth mailing list
    Txauth@ietf.org
    https://www.ietf.org/mailman/listinfo/txauth






---------- Forwarded message ----------
From: Vijay IETF <vijay.ietf@gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: txauth@ietf.org
Bcc: 
Date: Thu, 28 May 2020 21:13:12 +0530
Subject: Re: [Txauth] Name suggestion for next round...

Hi Justin,

 

Thanks. My bad. Suggesting a name of a company that exists is a terrible idea. I should have done my homework. Sorry about that!

 

Was flooded by DNSOP WG emails and lost track of the cut-off dates and the name selection process thread.

 

I give up. Naming is hard. 

 

I do find the process to "strongly object" in order to eliminate a popular vote a bit odd. 

 

Is there a precedent for this mode of selection in any setting within IETF? Genuinely curious since I am new to the working internals of IETF.

 

 

On Thu, 28 May 2020 at 20:07, Justin Richer <jricher@mit.edu> wrote:

Hi Vijay,

Sorry to say this, but according to the process put forward by the chairs, the cut-off for suggesting new names has already passed. Now the group is looking for feedback on the existing list of candidates, not for additional candidates. 

In addition, AuthX is an existing company name in this space: https://www.authx.com/

 — Justin

> On May 28, 2020, at 5:38 AM, Vijay IETF <vijay.ietf@gmail.com> wrote:
> 
> Hi,
> 
> I'd like to suggest AuthX for inclusion in the next round...
> 
> Why AuthX?
> 
> The group's draft charter includes concepts, not in words but perhaps by induction, from the realms of identity, authorization, and authentication. 
> 
> 1. The X in AuthX indicates that.
> 2. It's simple.
> 3. Avoids the unproductive conversations on the semantics of Transaction.
> 4. It indicates that the group is open to exploring all things X (known, unknown) wrt identity, authorization, authentication.
> 
> No matter how narrow we try to scope the charter down, those are inescapable and related concepts. 
> 
> Witness the massive confusion thrust upon developers arising from OIDC and OAuth2 specifications coming from two different organizations on concepts that in my mind are inseparable from a systems perspective.
> 
> Specifications that are not self contained are confusing at minimum. And do a disservice to the wider community at worst when they punt on something fundamental and related as being out of scope.
> 
> If we are breaking from the past then it behoves upon us to not repeat the mistakes from the past.
> 
> - Vijay
> -- 
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth




---------- Forwarded message ----------
From: Wayne Chang <wyc@fastmail.fm>
To: txauth@ietf.org
Cc: 
Bcc: 
Date: Thu, 28 May 2020 12:16:57 -0400
Subject: [Txauth] unsolicited feedback on naming
hi all, good to meet you. adding $0.02 on naming as an outsider, using good, bad, ugly descriptors:

        * AAuthZ    Alternative Authorization Protocol (AAuthZ)
ugly, tough to pronounce and looks like a typo of AuthZ

        * AZARP    AuthoriZed Access to Resources Protocol
ugly, initialism doesn't imply function

        * AZARAP    AuthoriZation And Resource Access Protocol
ugly, initialism doesn't imply function

        * BeBAuthZ    Back-end Based Authorization Protocol
bad, "back-end" is way too broad

        * BYOAuthZ    Build-Your-Own Authorization Protocol
bad, "BYO" means "bring your own" to me

        * CPAAP    Comprehensive Privileged Authentication Authorization Protocol
ugly, unclear how to pronounce, looks close to "CRAAP"

        * DAZARAP    Delegated AuthoriZation And Resource Access Protocol
ugly, initialism doesn't imply function

        * DIYAuthZ    Do-It-Yourself Authorization Protocol
bad, DIY implies amateurish and backyard

        * GNAP    Grant Negotiation and Authorization Protocol
bad, initialism doesn't imply function

        * GranPro    GRAnt Negotiation Protocol
ugly, .+pro or has hints of proprietary

        * IDPAuthZ    Intent Driven Protocol for Authorization
ugly, IdP already means identity provider to lots of folks

        * NIRAD    Negotiation of Intent Registration and Authority Delegation
bad, expansion is too wordy and intent registration is unclear to external stakeholders

        * PAuthZ    Protocol for Authorization
bad, initialism does not imply function

        * RefAuthZ    Refactored Authorization Protocol
bad, "Ref" means reference to lots of folks as in you're trying to define the gold standard

        * ReAuthZ    Reimagined Authorization Protocol
ugly, implies that you might authorize _again_

        * TIAAP    Tokenized Identity and Access Protocol
ugly, "tokenized" anything has charged meanings to technologists and non-technologists alike

        * TIDEAuth    Trust via Intent Driven Extension Auth
bad, i like "TIDEAuth" but Trust via Intent Driven Extension is just semantic soup

        * TIDYAuth    Trust via Intent Driven Yield Auth
bad, tidy implies small, driven yield means nothing to me

        * TIEAuth    Trust via Intent Extension Auth
good

        * TINOA   This Is Not OAuth
ugly

        * TXAuth    Testable eXtensible Authorization
good, except "Testable" doesn't sound like the main priority here?

        * TxAuth      Transmission of Authority
good

        * TXAuth      Truly eXtensible Authorization
good, not sure about "Truly" because we will no doubt encounter limits ourselves

        * XAuthZ    eXtensible authoriZation protocol
bad, best expanded form here, but XAuthZ is not aesthetic to me

is there a reason we didn't call it TXAuth/TxAuth and have it stand for Transaction Authorization? either of those would be my first choice. i understand that the name picking period is over.


Txauth mailing list
Txauth@ietf.org
https://www.ietf.org/mailman/listinfo/txauth

-- Txauth mailing list Txauth@ietf.org https://www.ietf.org/mailman/listinfo/txauth