Re: [Txauth] Call for WG name preferences

Dick Hardt <dick.hardt@gmail.com> Fri, 05 June 2020 17:26 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8E53A0A51 for <txauth@ietfa.amsl.com>; Fri, 5 Jun 2020 10:26:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5GZiV57JH9i for <txauth@ietfa.amsl.com>; Fri, 5 Jun 2020 10:25:58 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCAC83A0A4E for <txauth@ietf.org>; Fri, 5 Jun 2020 10:25:57 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id i27so1753838ljb.12 for <txauth@ietf.org>; Fri, 05 Jun 2020 10:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wzZ0T6jQKEJLw6HX9QJkcD+ted6M81f4mT5j321RXR4=; b=CsKZ4HdoZKil/J91H/2VEej7sjLUFzhrUtscIGodWbLnO8fMh5IPkT1YnFQ837K2Fa XwD5Ui9s5/44jtMHywjGeyp7YqmY0dqCgOY2ACBxFpvA+YXxqwl8UKUDkmGOF56P7YWF 9BOrA8afKAuDjCG98qY2IrgOdR8oFRjQSMEx1AcpKGLOghMeYjnSAC+b1h8WWUsRNI1n 70S8Qovr2Q1UF+IfCPhcqUw+F9bNLx0SRf5TPkI9aJnl1uyRJbTjdvoMfY5FnmBSgWFO NWRPrXLqi584IrDt117M099I4xzfzbA77gdat4qcT4WujvA2G2TdjWWvR4ih6x9z3rcw LMLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wzZ0T6jQKEJLw6HX9QJkcD+ted6M81f4mT5j321RXR4=; b=nYO8cn4KL8HDA8Zo/MHVjJshcjpG9PJNsX+CA9jMEiM5AFTOE88FZaxPPV4Bp8gtXw nKH1TmbxSpdWty1TW1ISuw+qiXN7qXT8eAJ0Qm74auDowFhtaMuyO6HzkXS5bzWUBbaz l+lxTaF6ZgUDv60os6VHnwt4fy3WIFBNEmAAuB695bEEL7Th0euuaNBNSZxUdXHwDxgm E+L0GvzYKaRyaioX+f7+NkwXf8EACWPo0qDU9DdfCr5zyaJNkBhPXSMQjKTFqJb3hfnj xbCrF/4skZl7uiOmDLti64ubvmZ8l5it3AxIo3nB7XW0/098H5eQ8HzpYCnY5Nm0LcE2 Glkg==
X-Gm-Message-State: AOAM53050lPycoP8H2+jO1jwaAmJWgzje/gj8gYtwYmEFpFsrdQ75q1l aihQqpIhb5/p5HuAqZT/ve8pDuDXA5vOcT3Lbzk=
X-Google-Smtp-Source: ABdhPJyRoa4KjVBbzYPlK41HDGeNyGIuC/kGbZ7mwWaWAgoInZ1JCEtdlBRg9H8KWE+Vf3qmInhtm06VyFsQlqiV72Q=
X-Received: by 2002:a05:651c:3cc:: with SMTP id f12mr5233360ljp.244.1591377955747; Fri, 05 Jun 2020 10:25:55 -0700 (PDT)
MIME-Version: 1.0
References: <9FD428B4-F3C1-426B-9677-611F5FEC85C8@gmail.com> <CH2PR00MB0678F2BD3C70191D28A639E5F5890@CH2PR00MB0678.namprd00.prod.outlook.com> <1E2C45F5-3879-47ED-BDAD-5C3271D70D78@mit.edu>
In-Reply-To: <1E2C45F5-3879-47ED-BDAD-5C3271D70D78@mit.edu>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 5 Jun 2020 10:25:29 -0700
Message-ID: <CAD9ie-uAG7GFoVqxqSBj8aaDLXyB93=M5c5Tpkbov9H+p_sVfw@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, Yaron Sheffer <yaronf.ietf@gmail.com>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c17d9e05a7598d5b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/53L_MzHPeM_1aExH33gzRb05X00>
Subject: Re: [Txauth] Call for WG name preferences
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 17:26:00 -0000

Thanks for posting Justin, speaking for myself, I appreciate the background
as I had not seen the term "intent" be used.

Can you share any history why "lodging intent" was the term selected vs
other choices? Why not "request"? Overused?

To me, an intent is an action ie. the client saying "I am going to do X",
whereas a request is asking for something, the client saying "I would like
X"

Or is the idea the client saying "I intend to request X"?

FWIW: I don't see the term "intent" used in PAR. It is a "request".

On Fri, Jun 5, 2020 at 7:59 AM Justin Richer <jricher@mit.edu> wrote:

> Since there seems to be some confusion by a few people about the term
> “Intent” and its inclusion here, I wanted to clarify that for people. There
> is a protocol feature is variously known as “intent registration” or
> “lodging intent”, where the party starting the process (the client) makes a
> statement about what it wants to do and is then given the tools to complete
> the next steps to do that. It’s a key feature of the pattern we’re looking
> to codify in this group’s work.
>
> The FAPI working group in the OIDF has done a lot of work around it, and
> you see this style in a bunch of different financial APIs dating back
> decades:
>
>
> https://bitbucket.org/openid/fapi/src/master/Financial_API_Lodging_Intent.md
>
> https://bitbucket.org/openid/fapi/issues/142/standardising-lodging-intent
>
>
> Torsten Lodderstedt has a great blog post that touches on it as well:
>
>
> https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948
>
> And it’s the basis behind OAuth 2.0’s Pushed Authorization Request (PAR)
> extension that’s happening now:
>
> https://tools.ietf.org/html/draft-ietf-oauth-par
>
>
> https://medium.com/oauth-2/pushed-authorization-requests-draft-adopted-by-oauth-working-group-a1060007150f
>
>
> To be clear, I’m not saying this is sufficient for it driving the name,
> but I do think it’s important that people be familiar with this terminology
> as its likely to come up again as the work progresses.
>
>  — Justin
>
> On Jun 4, 2020, at 7:25 PM, Mike Jones <
> Michael.Jones=40microsoft.com@dmarc.ietf.org> wrote:
>
> *Prefer:*
>     * GNAP    Grant Negotiation and Authorization Protocol – The focus on
> grants is correct.  And it’s a snappy name.
>     * GranPro    GRAnt Negotiation Protocol – The focus on grants is
> correct.  Pronounceable.
>     * NIRAD    Negotiation of Intent Registration and Authority Delegation
> – Cool sci-fi sounding name.
>     * PAuthZ    Protocol for Authorization – Accurate description.
>     * RefAuthZ    Refactored Authorization Protocol – Accurate description.
>     * ReAuthZ    Reimagined Authorization Protocol – Accurate description.
>     * WRAC (Web Resource Authorization Collaboration) - Pronounced like
> RACK – Cool name, with history going back to OAuth WRAP.
>     * XAuthZ    eXtensible authoriZation protocol – Accurate description.
>
> *Wouldn't object to:*
>     * AAuthZ    Alternative Authorization Protocol (AAuthZ)
>     * AZARP    AuthoriZed Access to Resources Protocol
>     * AZARAP    AuthoriZation And Resource Access Protocol
>     * BeBAuthZ    Back-end Based Authorization Protocol
>     * DAZARAP    Delegated AuthoriZation And Resource Access Protocol
>     * TINOA   This Is Not OAuth
>
> *Object to:*
>     * BYOAuthZ    Build-Your-Own Authorization Protocol – Too cheesy.
>     * CPAAP    Comprehensive Privileged Authentication Authorization
> Protocol – Too much like a medical device name.
>     * DIYAuthZ    Do-It-Yourself Authorization Protocol – Too cute.
>     * IDPAuthZ    Intent Driven Protocol for Authorization – IDP already
> means something else.
>     * TIAAP    Tokenized Identity and Access Protocol – I don’t know what
> “tokenized” is referring to here.
>     * TIDEAuth    Trust via Intent Driven Extension Auth – I don’t know
> what “intent” is referring to here.
>     * TIDYAuth    Trust via Intent Driven Yield Auth – I don’t know what
> “intent” is referring to here.
>     * TIEAuth    Trust via Intent Extension Auth – I don’t know what
> “intent” is referring to here.
>     * TXAuth    Testable eXtensible Authorization – I don’t know what
> “testable” is referring to here.
>     * TxAuth      Transmission of Authority – It’s delegation of authority
> – not transfer of authority.
>     * TXAuth      Truly eXtensible Authorization – Too cute.
>
>                                                        -- Mike
>
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
>
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
ᐧ