IETF Logo Mail Archive

Re: [Txauth] Possible Use Case for GNAP

David Pyke <david.pyke@readycomputing.com> Mon, 06 July 2020 14:34 UTC

Return-Path: <david.pyke@readycomputing.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C02723A1585 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 07:34:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=readycomputing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sx4nNJyyZUt5 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 07:34:17 -0700 (PDT)
Received: from mail-qv1-xf44.google.com (mail-qv1-xf44.google.com [IPv6:2607:f8b0:4864:20::f44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C5183A15CA for <txauth@ietf.org>; Mon, 6 Jul 2020 07:34:16 -0700 (PDT)
Received: by mail-qv1-xf44.google.com with SMTP id m9so17293790qvx.5 for <txauth@ietf.org>; Mon, 06 Jul 2020 07:34:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=readycomputing.com; s=google; h=from:subject:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=C1FGV0iwJ6+TNoTrj/fLNTA72TrbeZxuXkgBLeDAWto=; b=TLkGcUu27hGRr8SJE1rwMj6RU9lZbjxiAIFSjTMnUEZrZYfAepAQta8Qp2zbQdnFBD yHstliSuzNui/K9HmI8XOsaPGF82iht7aJHSXx06B5RVc5ljkRlFhJ+AD5CXpWOCKXW4 5pDHv+rCtc8WNyXZL9Sgk9F0MuAnoCDKQ4GgIbEctdquBEC0Q/eBzJRYlIFFtVWr1Oh6 tqMKalW06RCdOhKBGFMqrOapfFyOtbFEmYPxggB0jViluiZoqQM8LumJdykbv4zrBFj/ TF+RAktIOJN7SIrHoy+LExcDI2p4MDsURkuILxI5ue4QZ9uO8zBAUSQU4JlbxA2YzUNr DKOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=C1FGV0iwJ6+TNoTrj/fLNTA72TrbeZxuXkgBLeDAWto=; b=CurepcjbIESKsipwJfNAZA8Y04fKMi28JromSPzdRWHbgcIJ7t5O363o6//1Lgcd0e 12tAfqq4CZyOUdVgmPRd9bB5+BV4nccAIJnLssFbtACRun9/XFsWjo+F3IbtpduEj5Tr E5WOUq0aFHYaa5eImdeWQTFrQv/qxCV4kx+2MzMLh6Lvfsab4WytymJOCNSopom3W07a UtSaWHwZJXD9Nvpr2PBtVvO4u3aqC95ku0o8WeI/WhlE/qDSbRxWbQ70hK6/31WZ+FGJ 7dCod7Sd1k66YoR262EBfZ9H9BkX3sm53ugDDAZh9plndbh1UA5J2YC4FGoutqRblQbB 07hg==
X-Gm-Message-State: AOAM533YGQKuD0t7k1rVzXT4V6E3FBPMP3DLyQSVpapppshH4Dw89cZO sNLWuorARKqzdxLIehWdL6j2dHS1O72etpItRhIpURsEbL4KyZeuBEtSCV73h6F+L+kFtm3Flet 4NfT2Qnk7MBlQKNFladR0TtkjxJXOukSA/2PMfCv6i7K5y8etsRkcdFUq6BZmCMVCmvKlWSEqOw ==
X-Google-Smtp-Source: ABdhPJwYD5fqDXgZUGoqS7UI1fHt19X750SE7KT/7Dg1COGoVj3JTtf3gqRMHJfmiFbteABs7NPLtA==
X-Received: by 2002:a0c:ab55:: with SMTP id i21mr48324658qvb.139.1594046055597; Mon, 06 Jul 2020 07:34:15 -0700 (PDT)
Received: from ?IPv6:2607:fea8:aa20:59d:9ce4:29ad:3cfe:46ff? ([2607:fea8:aa20:59d:9ce4:29ad:3cfe:46ff]) by smtp.googlemail.com with ESMTPSA id r185sm20434423qkb.39.2020.07.06.07.34.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Jul 2020 07:34:14 -0700 (PDT)
From: David Pyke <david.pyke@readycomputing.com>
X-Google-Original-From: David Pyke <David.Pyke@readycomputing.com>
To: Justin Richer <jricher@mit.edu>, Tom Jones <thomasclinganjones@gmail.com>
Cc: txauth@ietf.org
References: <eb099963-98c3-2629-ef95-1b1aae2359b9@readycomputing.com> <CAK2Cwb7ZfDgBjU3920Nemug9ofYVfkDyw5V792cJnrO08ufc=g@mail.gmail.com> <3b8d3690-47e2-ff00-1065-29647d18555b@readycomputing.com> <CAK2Cwb7E2DQ+ykv2b+9-3csZ+z=QW2ahJkExvohsp8zy1EL0Ng@mail.gmail.com> <00827624-7361-4c5f-b34f-0edc8f7493dc@readycomputing.com> <CAK2Cwb6O3N7dZpZc7qehjgQRUaV-A_P8VWx4YwFiCjj6KFc98Q@mail.gmail.com> <5AA3C0D4-A250-4EFB-B3E9-F71E8BD959A6@mit.edu>
Message-ID: <7d8f8a78-01c9-ec27-b5d3-d03b7fb9a159@readycomputing.com>
Date: Mon, 06 Jul 2020 10:34:13 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <5AA3C0D4-A250-4EFB-B3E9-F71E8BD959A6@mit.edu>
Content-Type: multipart/alternative; boundary="------------DC301C5DBBAFD238E6E4F0EE"
Content-Language: en-CA
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/7LNRvNOsLMDpPVXcKR6gOGZMT68>
Subject: Re: [Txauth] Possible Use Case for GNAP
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 14:34:30 -0000

Those are exactly the issues I was facing.  While I can make the hops 
independent, they need to be chained so that everything is traceable.   
It's possible but ugly with OAuth.

On 2020-07-02 3:34 p.m., Justin Richer wrote:
> If we look at each hop as a separately authorized request, could we 
> define them in a way that they’re chained from each other down the 
> line? Maybe it would be possible for the root HIN to get a new token 
> for each of the downstream HINs, but this new token is in the context 
> of the first one
-- 

*David Pyke*

Manager, Strategic Consulting

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logo <http://www.readycomputing.com/>

LinkedIn icon <https://www.linkedin.com/company/ready-computing> Twitter 
icon <https://twitter.com/ready_computing?lang=en> Youtbue icon 
<https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ>

	

Office: +1 212 877 3307 x5001

_david.pyke@readycomputing.com <mailto:david.pyke@readycomputing.com>_

_www.readycomputing.com <http://www.readycomputing.com/>_

150 Beekman Street, Floor 3, New York, NY 10038


The information in this e-mail communication together with any 
attachments is intended only for the person or entity to which it is 
addressed and may contain confidential and/or privileged material. If 
you are not the intended recipient of this communication, please notify 
us immediately. Any views expressed in this communication are those of 
the sender, unless otherwise specifically stated. Ready Computing does 
not represent, warrant or guarantee that the integrity of this 
communication has been maintained or the communication is free of 
errors, virus or interference.


-- 
This is not a secure transmission. The information contained in this 

transmission is highly prohibited from containing privileged and 

confidential information, including patient information protected by 

federal and state privacy laws. It is intended only for the use of the 

person(s) named above. If you are not the intended recipient, you are 

hereby notified that any review, dissemination, distribution, or 

duplication of this communication is strictly prohibited. If you are not
 
the intended recipient, please contact the sender by reply email and 

destroy all copies of the original message.

v2.23.0 | Report a Bug | By Email