IETF Logo Mail Archive

[Txauth] alternative charter writeup

Dick Hardt <dick.hardt@gmail.com> Fri, 10 January 2020 17:05 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 904E9120A09 for <txauth@ietfa.amsl.com>; Fri, 10 Jan 2020 09:05:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.582
X-Spam-Level:
X-Spam-Status: No, score=-0.582 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qAJs8lCUIfpI for <txauth@ietfa.amsl.com>; Fri, 10 Jan 2020 09:05:04 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D3AC12091A for <txauth@ietf.org>; Fri, 10 Jan 2020 09:05:04 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id m30so2004996lfp.8 for <txauth@ietf.org>; Fri, 10 Jan 2020 09:05:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=SWkbcTPish2Hh0L3sfrtjFkY0davFMkKYp4vABUgqaY=; b=jg9s4Y+ng3LBQNUy1frTnXVMP8KpR7cSHCAuJuHz22sXV9UZF28rCEUBlsPxj7OI8v YIp4+kJJH0k4PfR72XPcFQB+ZXhx744l9Nv1Fi1Q3sBKrTWUrOnAvC7KCSHDtd7DDAsA YsVufuVFTcfvljcld1wN0fDYOVqIiNB/r6HqErxIPE5S8T0RneqjEipk/xtTK5nCjRqb ZBSzzrQZJ9yMItBWwloD30T1UaJiX9yXZOgfLSVmU/x8HVCvK5STf3KRi2r6m9/c5wvh D0NLqN4119Wtc1LyUGNAl2essQKKtXY2vaCTfTQbmzKkX942O8HydsLcbdN6JH6qWn7c 0gYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SWkbcTPish2Hh0L3sfrtjFkY0davFMkKYp4vABUgqaY=; b=gsxHGc8KQ240AMJqbzIOY06tfkGtOfIotl5wdYwlwTgvxPqGVztveRlBMDmMucvkLy tAxBZ0jasfwnuyqr1+guhlnwWmJZ7NzS+tJM+dYpN8vnX46+H7Qu4TqzpHv0ih1aQUcN HvY0Ld+InAYB7USJd99JhNfMDGnaTCq+PLcXaDK3Vwjfswb2AVFoKmoTs4YWo321BLRg ivACPuRjv6J2mvHtQ1iNvFrX7g43xOzs/b/AN4xksvU6EUbxm6TA2pmD4KMDvkcAlVu3 QURjtjMmWc+wlVmKz/mFSVmz38kQfwDWJCSdo5X179uG4DR0TCZeDKnloT5N7dG6mLYG UfCw==
X-Gm-Message-State: APjAAAVaKEqb6QZK/B8/qBhvjP9s3pGaS3cEWCeBPTKaMZvQt4JDM1BU f57fPx9Q9sUnTrGeh5KkOjeSTVYD8hEiWrHtwu8iphwid/0=
X-Google-Smtp-Source: APXvYqx9aY8YX0j71ahZupNCEMHI/tSnmr8EbTj+OGjVnMFAjvJzPFYYQ9VMjMwvNAkpD5ELDRiONLjri4GY9J+ku3c=
X-Received: by 2002:a19:cb54:: with SMTP id b81mr2961351lfg.188.1578675900555; Fri, 10 Jan 2020 09:05:00 -0800 (PST)
MIME-Version: 1.0
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 10 Jan 2020 09:04:49 -0800
Message-ID: <CAD9ie-sGfRGPFa4jBUeoVcG+CO=PvG-Ys-HrUMs7kVdt1zT3vA@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="00000000000044a6d1059bcc20e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/2TQoEQB9XRpaGb3L_eHpNIoAx8U>
Subject: [Txauth] alternative charter writeup
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 17:05:06 -0000

Hey

I've written an alternative charter that I hope captures some of the
feedback on Justin's charter.

I found it easier to rewrite the charter to broaden the marketplace of
ideas.

Key ideas:

- This work supports existing OAuth 2.0, and OpenID Connect use cases.

- The client interacts directly with the authorization server.

/Dick

----

This group is chartered to develop a delegated identity and authorization
protocol. The use cases supported by this protocol will include widely
deployed use cases currently supported by OAuth 2.0, and OpenID Connect. In
contrast to OAuth 2.0 and OpenID Connect, where the protocol is initiated
by redirecting the user's browser to an authorization server, this protocol
will be initiated by the client directly interacting with the authorization
server.

Additionally, the protocol will allow:
- fine-grained specification of resource access
- the user to approve requests for identity claims and access to multiple
resources in one interaction
- web, mobile, single-page, and other client applications
- taking advantage of optimization features in HTTP2 and HTTP3

The group will define extension points for this protocol to allow for
flexibility in areas including:

- discovery of the authorization server
- cryptographic agility for keys, message signatures, and proof of
possession
- user interaction mechanisms including web and non-web methods- token
presentation mechanisms and key bindings

Although the artifacts for this work are not intended or expected to be
backwards-compatible with OAuth 2.0 or OpenID Connect, they will attempt to
simplify porting from OAuth 2.0 and OpenID Connect, and strive to reuse
existing semantics such as client identifiers, OAuth 2.0 scopes and access
tokens, and OpenID Connect ID Tokens and claims.

While the initial work will focus on using HTTP for communication between
the client and the authorization server, the working group will strive to
enable simple mapping to other protocols such as COAP.


ᐧ

v2.23.0 | Report a Bug | By Email