Re: [Txauth] Reviewing draft-hardt-xauth-protocol-11 - Dictionary
Dick Hardt <dick.hardt@gmail.com> Tue, 21 July 2020 17:59 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 125983A0D4D for <txauth@ietfa.amsl.com>; Tue, 21 Jul 2020 10:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VrTB46YoUYxE for <txauth@ietfa.amsl.com>; Tue, 21 Jul 2020 10:59:05 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9A143A0D60 for <txauth@ietf.org>; Tue, 21 Jul 2020 10:59:04 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id q4so25122592lji.2 for <txauth@ietf.org>; Tue, 21 Jul 2020 10:59:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pkOtdZw0uAEAsu2Xxku64D2MaNm0/kpgaBRLDj88mPI=; b=MHjQfV0P1GbE8AcZ0iYzCSQzwWxF3RaSSmmYcTl0D3vsuoJzGi2ddvPbAnO3TVzGVn JnCtQlwV1k4UvzDqcVz9XS4cEfz0dZpNoYtJoW9et4ZTZfTwnqEwAhbejsa1wkpX4AVd 8/RAehhUQkWtNqJNdOdJ+fBBtiWZgZQNBjuvPQZeMdxnGPr37hqwQRU28pXa31ZkSbyE zL7c/kF+2Nwxj90auHQdeYBYe9wwft1H33Jy7T8CwfGw0IxUY9y8MHKesjIySp+4L1Rq ixR0X68QVPTbU+c1OnBYHppLQlkwI3RULKrnzA2SlE5KrPxcvQmnR0RJaewp6tSF9wv0 MUyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pkOtdZw0uAEAsu2Xxku64D2MaNm0/kpgaBRLDj88mPI=; b=TOgBjOdbOyFM4VPkVhzwy9KsmKlYKzPC7USF9gkBXpY97TgT6dWxr2buoCPTb96KRY PVdDkPEL9JMR5g480wNcJn/WND8C1XdmWjbz44Gb65Yloi3UHFY/OrYKTbYRgIhnEcyi s2E7PBOUyK4pSbt5OABL9QWfawY5ljMlOvLDupYXcerwGvyd6NYEortfAxAqB86/R38g JB0RVJNMsxa2VRKokufJJY9nj4Z7bHSNwophledC1HBzJrAwluRrL8tplgPCJJlBynVf 3Pz87wpPzBRR0R7C967hjRHi5VkOAyqcH2qfLNm+VUpxSqaZhwHrNz8HJ7NqZxVYeULw zlkg==
X-Gm-Message-State: AOAM5311w4JwgDn5J8rgozjDOFsK7yufbJmrpp/CV+Xpd8SWrMSYAX8K 9uQugO/Xbw+ubIwsW4hRtr6seQ602HXDMN44APaw0Yr6
X-Google-Smtp-Source: ABdhPJy/e81d+fhe8fNTkpbboGkOmX4gl7Aaky3nOHSb5+I4BzBlRHNQeG0H+8paIKG+JqCzlGcJIRl2g9/oSAYdYsE=
X-Received: by 2002:a2e:9611:: with SMTP id v17mr13997814ljh.110.1595354342881; Tue, 21 Jul 2020 10:59:02 -0700 (PDT)
MIME-Version: 1.0
References: <CAOW4vyO2C1E3Sg58CrSVT81t0T3iCTY87tdAx+a8d2A+cNa3nA@mail.gmail.com> <CAD9ie-vMzepgmaP-jUunKSo-chWrGpB230TWgJq7u8Yt-afDxA@mail.gmail.com> <CAOW4vyObyZC7USUqsW_qdDV9Hcpvg9OHKmM1yMEjSUvmjx0UZQ@mail.gmail.com>
In-Reply-To: <CAOW4vyObyZC7USUqsW_qdDV9Hcpvg9OHKmM1yMEjSUvmjx0UZQ@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Tue, 21 Jul 2020 10:58:26 -0700
Message-ID: <CAD9ie-sWn41XDiwyFMcTgV3a8MMESXqf36fNJcTaSYDKwU+LPg@mail.gmail.com>
To: Francis Pouatcha <fpo@adorsys.de>
Cc: txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e5fe0005aaf760ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/1o5giC-UalTxg61tCTCc0qfT6X4>
Subject: Re: [Txauth] Reviewing draft-hardt-xauth-protocol-11 - Dictionary
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 17:59:07 -0000
FYI: I consider the release of claims to be an "authorization" as well. IE, the user authorizes the GS to release a DOB claim to a Client. On Tue, Jul 21, 2020 at 10:42 AM Francis Pouatcha <fpo@adorsys.de> wrote: > > On Tue, Jul 21, 2020 at 12:00 PM Dick Hardt <dick.hardt@gmail.com> wrote: > >> Thanks for putting this together Francis. I like how you have put >> different aspects of a definition into separate points. It reinforces the >> multiple aspects. >> >> I don't see identity claims in your definitions. Was that intentional, or >> an oversight. >> > The extensive dictionary will surely include more terms. > > I limited the list to terms relevant to the abstract sequence for now. > Making an effort to keep the discussion focused on the abstract sequence. > > As we are talking authorization, identities are second class citizens, > focus shall be on Negotiating and Obtaining the AuthZ to access a Resource. > >> >> wrt. Registered Client / Dynamic Client - in my experience putting the >> definitions together helps a reader grasp all the various terms used. >> > Yes, this clarification belongs in the dictionary. Intentionally left it > out here to avoid diverging the discussion. > >> >> Curious why you include "party" in the definition. I would not have >> thought that had a definition unique to GNAP. >> > I derived this from your subsection "Parties". As all participants in the > abstract sequence are "parties", the word seems too heavy to be left > undefined. Also essential to know which words in the dictionary do not > refer to parties like Resource, Grant, AuthZ, ... > >> >> >> On Mon, Jul 20, 2020 at 6:01 PM Francis Pouatcha <fpo@adorsys.de> wrote: >> >>> Hello Dick, >>> >>> Here is (in a new thread) the promised attempt to define terms of >>> interest in the GNAP protocol. >>> >>> Party - represents a role in the GNAP protocol flow. A party can take >>> the form of a web service, an application installed on the user device and >>> acting autonomously or the form of a natural person (resp. of an autonomous >>> device) using an application to interact with other parties. >>> >>> Resource - a piece of data or web service >>> - controlled by a Resource Owner (RO), >>> - held and guarded by a Resource Server (RS) and >>> - serviced by the RS to a Client, if the Client provides a valid >>> Authorization. >>> >>> Resource Owner (RO) - the party that >>> - owns a Resource, >>> - relies on the services the GS to manage access to that Resource >>> and >>> - relies on the services of a RS to hold the Resource and guard >>> access to that Resource. >>> >>> Resource Server (RS) - the party that >>> - holds a resource and guards access to that resource on behalf of >>> the RO, >>> - services the Resource to the requesting Client, provided the >>> Client presents a valid Authorization. >>> The RS is generally deployed as a web service. >>> >>> Grant Server (GS) - the party that manages access to a Resource on >>> behalf of the RO. For each Resource access request, the GS might request >>> the consent of the RO and produce a corresponding Authorization that is >>> given to the requesting Client. >>> >>> Consent - act of an RO approving the release of a Resource he owns to a >>> Client. >>> >>> Grant - material form of an RO Consent. In order not to interact with >>> the RO on each Resource access request, the GS might store the RO Consent >>> in the form of a Grant for reuse. >>> >>> Authorization - externalized form of a Grant as known to the GS and the >>> RS. >>> - The GS converts a Grant into an Authorization for use in a >>> Resource access request. >>> - The RS evaluates an Authorization to decide on whether or not to >>> release the Resource to the Client. >>> >>> Client - the party that provides the infrastructure used by a User to >>> access a Resource. The client infrastructure is designed to: >>> - Receive the resource access request from the User, >>> - Interact with the RS to discover authorization requirements, >>> - Interact with the GS to obtain an Authorization to access the >>> Resource, >>> - Interact with the RS to access the Resource on behalf of the >>> User. >>> >>> User - the party using the infrastructure of the Client to gain access >>> to a Resource. >>> >>> This dictionary is supposed to be the base for further discussions that >>> will allow us to provide each term with just enough description to reduce >>> ambiguities and misunderstandings in further exchanges. I intentionally >>> omitted the specification of the type and nature of each party (For example >>> Client / Registered Client / Dynamic Client). Such elaborations belong IMO >>> in proper subsections. >>> >>> Comments are welcome. >>> >>> Best regards. >>> -- >>> Francis Pouatcha >>> Co-Founder and Technical Lead >>> adorsys GmbH & Co. KG >>> https://adorsys-platform.de/solutions/ >>> >> > > -- > Francis Pouatcha > Co-Founder and Technical Lead > adorsys GmbH & Co. KG > https://adorsys-platform.de/solutions/ >
- [Txauth] Reviewing draft-hardt-xauth-protocol-11 … Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Tom Jones
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Dick Hardt
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Dick Hardt
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Dick Hardt
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Tom Jones
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Fabien Imbault
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Justin Richer
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Dick Hardt
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Dick Hardt
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Tom Jones
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Tom Jones
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Tom Jones
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Tom Jones
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Francis Pouatcha
- Re: [Txauth] Reviewing draft-hardt-xauth-protocol… Yaron Sheffer
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Francis Pouatcha
- Re: [Txauth] Claims [was: - Dictionary] Tom Jones
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Francis Pouatcha
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Mike Jones
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt
- Re: [Txauth] Claims [was: - Dictionary] Justin Richer
- Re: [Txauth] Claims [was: - Dictionary] Dick Hardt