Re: [Txauth] Call for WG name preferences
Dick Hardt <dick.hardt@gmail.com> Fri, 05 June 2020 17:26 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8E53A0A51 for <txauth@ietfa.amsl.com>; Fri, 5 Jun 2020 10:26:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5GZiV57JH9i for <txauth@ietfa.amsl.com>; Fri, 5 Jun 2020 10:25:58 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCAC83A0A4E for <txauth@ietf.org>; Fri, 5 Jun 2020 10:25:57 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id i27so1753838ljb.12 for <txauth@ietf.org>; Fri, 05 Jun 2020 10:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wzZ0T6jQKEJLw6HX9QJkcD+ted6M81f4mT5j321RXR4=; b=CsKZ4HdoZKil/J91H/2VEej7sjLUFzhrUtscIGodWbLnO8fMh5IPkT1YnFQ837K2Fa XwD5Ui9s5/44jtMHywjGeyp7YqmY0dqCgOY2ACBxFpvA+YXxqwl8UKUDkmGOF56P7YWF 9BOrA8afKAuDjCG98qY2IrgOdR8oFRjQSMEx1AcpKGLOghMeYjnSAC+b1h8WWUsRNI1n 70S8Qovr2Q1UF+IfCPhcqUw+F9bNLx0SRf5TPkI9aJnl1uyRJbTjdvoMfY5FnmBSgWFO NWRPrXLqi584IrDt117M099I4xzfzbA77gdat4qcT4WujvA2G2TdjWWvR4ih6x9z3rcw LMLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wzZ0T6jQKEJLw6HX9QJkcD+ted6M81f4mT5j321RXR4=; b=nYO8cn4KL8HDA8Zo/MHVjJshcjpG9PJNsX+CA9jMEiM5AFTOE88FZaxPPV4Bp8gtXw nKH1TmbxSpdWty1TW1ISuw+qiXN7qXT8eAJ0Qm74auDowFhtaMuyO6HzkXS5bzWUBbaz l+lxTaF6ZgUDv60os6VHnwt4fy3WIFBNEmAAuB695bEEL7Th0euuaNBNSZxUdXHwDxgm E+L0GvzYKaRyaioX+f7+NkwXf8EACWPo0qDU9DdfCr5zyaJNkBhPXSMQjKTFqJb3hfnj xbCrF/4skZl7uiOmDLti64ubvmZ8l5it3AxIo3nB7XW0/098H5eQ8HzpYCnY5Nm0LcE2 Glkg==
X-Gm-Message-State: AOAM53050lPycoP8H2+jO1jwaAmJWgzje/gj8gYtwYmEFpFsrdQ75q1l aihQqpIhb5/p5HuAqZT/ve8pDuDXA5vOcT3Lbzk=
X-Google-Smtp-Source: ABdhPJyRoa4KjVBbzYPlK41HDGeNyGIuC/kGbZ7mwWaWAgoInZ1JCEtdlBRg9H8KWE+Vf3qmInhtm06VyFsQlqiV72Q=
X-Received: by 2002:a05:651c:3cc:: with SMTP id f12mr5233360ljp.244.1591377955747; Fri, 05 Jun 2020 10:25:55 -0700 (PDT)
MIME-Version: 1.0
References: <9FD428B4-F3C1-426B-9677-611F5FEC85C8@gmail.com> <CH2PR00MB0678F2BD3C70191D28A639E5F5890@CH2PR00MB0678.namprd00.prod.outlook.com> <1E2C45F5-3879-47ED-BDAD-5C3271D70D78@mit.edu>
In-Reply-To: <1E2C45F5-3879-47ED-BDAD-5C3271D70D78@mit.edu>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 05 Jun 2020 10:25:29 -0700
Message-ID: <CAD9ie-uAG7GFoVqxqSBj8aaDLXyB93=M5c5Tpkbov9H+p_sVfw@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, Yaron Sheffer <yaronf.ietf@gmail.com>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c17d9e05a7598d5b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/53L_MzHPeM_1aExH33gzRb05X00>
Subject: Re: [Txauth] Call for WG name preferences
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 17:26:00 -0000
Thanks for posting Justin, speaking for myself, I appreciate the background as I had not seen the term "intent" be used. Can you share any history why "lodging intent" was the term selected vs other choices? Why not "request"? Overused? To me, an intent is an action ie. the client saying "I am going to do X", whereas a request is asking for something, the client saying "I would like X" Or is the idea the client saying "I intend to request X"? FWIW: I don't see the term "intent" used in PAR. It is a "request". On Fri, Jun 5, 2020 at 7:59 AM Justin Richer <jricher@mit.edu> wrote: > Since there seems to be some confusion by a few people about the term > “Intent” and its inclusion here, I wanted to clarify that for people. There > is a protocol feature is variously known as “intent registration” or > “lodging intent”, where the party starting the process (the client) makes a > statement about what it wants to do and is then given the tools to complete > the next steps to do that. It’s a key feature of the pattern we’re looking > to codify in this group’s work. > > The FAPI working group in the OIDF has done a lot of work around it, and > you see this style in a bunch of different financial APIs dating back > decades: > > > https://bitbucket.org/openid/fapi/src/master/Financial_API_Lodging_Intent.md > > https://bitbucket.org/openid/fapi/issues/142/standardising-lodging-intent > > > Torsten Lodderstedt has a great blog post that touches on it as well: > > > https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948 > > And it’s the basis behind OAuth 2.0’s Pushed Authorization Request (PAR) > extension that’s happening now: > > https://tools.ietf.org/html/draft-ietf-oauth-par > > > https://medium.com/oauth-2/pushed-authorization-requests-draft-adopted-by-oauth-working-group-a1060007150f > > > To be clear, I’m not saying this is sufficient for it driving the name, > but I do think it’s important that people be familiar with this terminology > as its likely to come up again as the work progresses. > > — Justin > > On Jun 4, 2020, at 7:25 PM, Mike Jones < > Michael.Jones=40microsoft.com@dmarc.ietf.org> wrote: > > *Prefer:* > * GNAP Grant Negotiation and Authorization Protocol – The focus on > grants is correct. And it’s a snappy name. > * GranPro GRAnt Negotiation Protocol – The focus on grants is > correct. Pronounceable. > * NIRAD Negotiation of Intent Registration and Authority Delegation > – Cool sci-fi sounding name. > * PAuthZ Protocol for Authorization – Accurate description. > * RefAuthZ Refactored Authorization Protocol – Accurate description. > * ReAuthZ Reimagined Authorization Protocol – Accurate description. > * WRAC (Web Resource Authorization Collaboration) - Pronounced like > RACK – Cool name, with history going back to OAuth WRAP. > * XAuthZ eXtensible authoriZation protocol – Accurate description. > > *Wouldn't object to:* > * AAuthZ Alternative Authorization Protocol (AAuthZ) > * AZARP AuthoriZed Access to Resources Protocol > * AZARAP AuthoriZation And Resource Access Protocol > * BeBAuthZ Back-end Based Authorization Protocol > * DAZARAP Delegated AuthoriZation And Resource Access Protocol > * TINOA This Is Not OAuth > > *Object to:* > * BYOAuthZ Build-Your-Own Authorization Protocol – Too cheesy. > * CPAAP Comprehensive Privileged Authentication Authorization > Protocol – Too much like a medical device name. > * DIYAuthZ Do-It-Yourself Authorization Protocol – Too cute. > * IDPAuthZ Intent Driven Protocol for Authorization – IDP already > means something else. > * TIAAP Tokenized Identity and Access Protocol – I don’t know what > “tokenized” is referring to here. > * TIDEAuth Trust via Intent Driven Extension Auth – I don’t know > what “intent” is referring to here. > * TIDYAuth Trust via Intent Driven Yield Auth – I don’t know what > “intent” is referring to here. > * TIEAuth Trust via Intent Extension Auth – I don’t know what > “intent” is referring to here. > * TXAuth Testable eXtensible Authorization – I don’t know what > “testable” is referring to here. > * TxAuth Transmission of Authority – It’s delegation of authority > – not transfer of authority. > * TXAuth Truly eXtensible Authorization – Too cute. > > -- Mike > > -- > Txauth mailing list > Txauth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > > > -- > Txauth mailing list > Txauth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > ᐧ
- [Txauth] Call for WG name preferences Yaron Sheffer
- Re: [Txauth] Call for WG name preferences Mike Jones
- Re: [Txauth] Call for WG name preferences Yaron Sheffer
- Re: [Txauth] Call for WG name preferences Mike Jones
- Re: [Txauth] Call for WG name preferences Mike Jones
- Re: [Txauth] Call for WG name preferences David Skaife
- Re: [Txauth] Call for WG name preferences Yaron Sheffer
- Re: [Txauth] Call for WG name preferences Mike Jones
- Re: [Txauth] Call for WG name preferences Justin Richer
- Re: [Txauth] Call for WG name preferences Dick Hardt
- Re: [Txauth] Call for WG name preferences Justin Richer
- Re: [Txauth] Call for WG name preferences Dick Hardt