IETF Logo Mail Archive

Re: [Txauth] alternative charter writeup

Dick Hardt <dick.hardt@gmail.com> Sat, 11 January 2020 02:56 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B69612002E for <txauth@ietfa.amsl.com>; Fri, 10 Jan 2020 18:56:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87J7n_423B7l for <txauth@ietfa.amsl.com>; Fri, 10 Jan 2020 18:56:29 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF607120018 for <txauth@ietf.org>; Fri, 10 Jan 2020 18:56:28 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id u1so4127918ljk.7 for <txauth@ietf.org>; Fri, 10 Jan 2020 18:56:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=itI5XUApbOsazEdEJjSwdSwTqig7Jz3uhgMOXIsXiB4=; b=Y6eJWZ5ohImxkCFTshwAvQVAeQRLlBYGY5lwpxwxvUYtKjIsiUmDp4fHrrcFZvOVuh BcHl8OjGUPpPG7TR8zvYHMiaxr7lrrY7cssQS78Xpc/+0KKqWlJh1/R0mcolb65tGsI9 794HQVPV2b/WRGbVlJ0LXAvKOuIeYDW3GYE1UYEl9r/a2l2xnobsHsxm1DxCTFyvw4gf aj9qyw0wjXQmNegEZquA8iQiKAkNpZK4iPZvJHu5DDyT750SVzx00ArJwOPcvjQylS7v yK7bsO1NqER23dGF428jfXmvw5S6wyiclN5e6OexERZRq28i9GyuDwOj+mhHB2Bz732p pceg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=itI5XUApbOsazEdEJjSwdSwTqig7Jz3uhgMOXIsXiB4=; b=eyoWoWAYHPQZY4aLI86Gq11JJhlZDI7kk65cCkCdZBShPpZ7JerlZguMWgv6QtlNXF dtvAZlXoxMhGvgt14Rs8vkSakuyLs7t6iZL8/p39cgMvhv2btDXNs59PdYqlqr0qyXbw XdVxPAH0OKsr1FLqdjBeycgcLlE5DAWXmcF07WbIcrTHfBGSuTEJTepC1CBfT5it1sGQ dg058S6NJegnJXrLt5/vZ6fglZ9r2ktrf8YoxQYMHjxJcB+VvKnEsnu/HyNU0mJax6Jg cRpTgi6wUVcx3w5PDkgiNCW2UEL43mtHAxdg02EYB0A18MZtNV4rpoLTIsW9lGObvrc9 VhfQ==
X-Gm-Message-State: APjAAAW6mYDg3sfWx3Wo1wwYrHDTJmJddveC1hFmTZ92vJsvRhjSgTcz 7uVbRyF9eN5moDXlzHU25SCRu2eQ2QhZqgteCQrU96Bv
X-Google-Smtp-Source: APXvYqzPGKG+vqWxyiJ8kIMunUAoUx+HhOMF3SqGm/MQSkxuBu1xLGPoHvKoLPtnuXLeaMnnN5uz8iyOhsGdJckA0ko=
X-Received: by 2002:a2e:7505:: with SMTP id q5mr4543614ljc.7.1578711386871; Fri, 10 Jan 2020 18:56:26 -0800 (PST)
MIME-Version: 1.0
References: <CAD9ie-sGfRGPFa4jBUeoVcG+CO=PvG-Ys-HrUMs7kVdt1zT3vA@mail.gmail.com> <FE8064D0-02CF-4BF1-AF25-0E52D9362D27@mit.edu>
In-Reply-To: <FE8064D0-02CF-4BF1-AF25-0E52D9362D27@mit.edu>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 10 Jan 2020 18:56:15 -0800
Message-ID: <CAD9ie-tAquhg=o1_cmKg_rO3mn9FeqCTDtY07XMqMOdhRWrD5Q@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: txauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006adda7059bd46345"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/4zZjOxNCK7_cm_zW-W40V7dpQy0>
Subject: Re: [Txauth] alternative charter writeup
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2020 02:56:32 -0000

This looks even better! Thanks Justin.

What do others think of the proposed charter now?
ᐧ

On Fri, Jan 10, 2020 at 12:43 PM Justin Richer <jricher@mit.edu> wrote:

> Thanks, Dick. I’ve been working on an updated charter based on everyone’s
> feedback, and I was aiming to have out today anyway, so this timing is
> helpful. So here’s my take on a new charter, incorporating some of your
> points below:
>
> This group is chartered to develop a delegation protocol for identity,
> authorization, and API access. This protocol will allow an authorizing
> party to delegate access to client software through an authorization
> server. The use cases supported by this protocol will include widely
> deployed use cases currently supported by OAuth 2.0 and OpenID Connect.
>
> The delegation process will be acted upon by multiple parties in the
> protocol, each performing a specific role. The protocol will be initiated
> by the client interacting directly with the authorization server (in
> contrast with OAuth 2 which is initiated by the client redirecting the
> user’s browser). The client will involve the authorizing party as necessary
> through interaction mechanisms indicated by the protocol.
>
> Additionally, the delegation process will allow for:
>
> - Fine-grained specification of resource access
> - Approval of identity claims and multiple resources in a single
> interaction
> - Delegation between multiple users
> - Web, mobile, single-page, and other types of client applications
>
> The group will define extension points for this protocol to allow for
> flexibility in areas including:
>
> - Cryptographic agility for keys, message signatures, and proof of
> possession
> - User interaction mechanisms including web and non-web methods
> - Mechanisms for providing user, software, organization, and other pieces
> of information used in authorization decisions
> - Token presentation mechanisms and key bindings
>
> Additionally, the group will provide mechanisms for management of the
> protocol lifecycle including:
>
> - Discovery of the authorization server
> - Revocation of active tokens
> - Query of token rights by resource servers
>
> Although the artifacts for this work are not intended or expected to be
> backwards-compatible with OAuth 2.0 or OpenID Connect, the group
> will attempt to simplify porting from OAuth 2.0 and OpenID Connect to the
> new protocol where possible.
>
> While the initial work will focus on using HTTP for communication between
> the client and the authorization server, the working group will seek to
> take advantage of optimization features of HTTP2 and HTTP3, and will strive
> to enable simple mapping to other protocols such as COAP.
>
> On Jan 10, 2020, at 12:04 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>
> Hey
>
> I've written an alternative charter that I hope captures some of the
> feedback on Justin's charter.
>
> I found it easier to rewrite the charter to broaden the marketplace of
> ideas.
>
> Key ideas:
>
> - This work supports existing OAuth 2.0, and OpenID Connect use cases.
>
> - The client interacts directly with the authorization server.
>
> /Dick
>
> ----
>
> This group is chartered to develop a delegated identity and authorization
> protocol. The use cases supported by this protocol will include widely
> deployed use cases currently supported by OAuth 2.0, and OpenID Connect. In
> contrast to OAuth 2.0 and OpenID Connect, where the protocol is initiated
> by redirecting the user's browser to an authorization server, this protocol
> will be initiated by the client directly interacting with the authorization
> server.
>
> Additionally, the protocol will allow:
> - fine-grained specification of resource access
> - the user to approve requests for identity claims and access to multiple
> resources in one interaction
> - web, mobile, single-page, and other client applications
> - taking advantage of optimization features in HTTP2 and HTTP3
>
> The group will define extension points for this protocol to allow for
> flexibility in areas including:
>
> - discovery of the authorization server
> - cryptographic agility for keys, message signatures, and proof of
> possession
> - user interaction mechanisms including web and non-web methods- token
> presentation mechanisms and key bindings
>
> Although the artifacts for this work are not intended or expected to be
> backwards-compatible with OAuth 2.0 or OpenID Connect, they will attempt to
> simplify porting from OAuth 2.0 and OpenID Connect, and strive to reuse
> existing semantics such as client identifiers, OAuth 2.0 scopes and access
> tokens, and OpenID Connect ID Tokens and claims.
>
> While the initial work will focus on using HTTP for communication between
> the client and the authorization server, the working group will strive to
> enable simple mapping to other protocols such as COAP.
>
>
> ᐧ
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
>
>

v2.23.0 | Report a Bug | By Email