Re: [Txauth] Possible Use Case for GNAP
David Pyke <david.pyke@readycomputing.com> Mon, 06 July 2020 14:34 UTC
Return-Path: <david.pyke@readycomputing.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C02723A1585 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 07:34:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=readycomputing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sx4nNJyyZUt5 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 07:34:17 -0700 (PDT)
Received: from mail-qv1-xf44.google.com (mail-qv1-xf44.google.com [IPv6:2607:f8b0:4864:20::f44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C5183A15CA for <txauth@ietf.org>; Mon, 6 Jul 2020 07:34:16 -0700 (PDT)
Received: by mail-qv1-xf44.google.com with SMTP id m9so17293790qvx.5 for <txauth@ietf.org>; Mon, 06 Jul 2020 07:34:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=readycomputing.com; s=google; h=from:subject:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=C1FGV0iwJ6+TNoTrj/fLNTA72TrbeZxuXkgBLeDAWto=; b=TLkGcUu27hGRr8SJE1rwMj6RU9lZbjxiAIFSjTMnUEZrZYfAepAQta8Qp2zbQdnFBD yHstliSuzNui/K9HmI8XOsaPGF82iht7aJHSXx06B5RVc5ljkRlFhJ+AD5CXpWOCKXW4 5pDHv+rCtc8WNyXZL9Sgk9F0MuAnoCDKQ4GgIbEctdquBEC0Q/eBzJRYlIFFtVWr1Oh6 tqMKalW06RCdOhKBGFMqrOapfFyOtbFEmYPxggB0jViluiZoqQM8LumJdykbv4zrBFj/ TF+RAktIOJN7SIrHoy+LExcDI2p4MDsURkuILxI5ue4QZ9uO8zBAUSQU4JlbxA2YzUNr DKOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=C1FGV0iwJ6+TNoTrj/fLNTA72TrbeZxuXkgBLeDAWto=; b=CurepcjbIESKsipwJfNAZA8Y04fKMi28JromSPzdRWHbgcIJ7t5O363o6//1Lgcd0e 12tAfqq4CZyOUdVgmPRd9bB5+BV4nccAIJnLssFbtACRun9/XFsWjo+F3IbtpduEj5Tr E5WOUq0aFHYaa5eImdeWQTFrQv/qxCV4kx+2MzMLh6Lvfsab4WytymJOCNSopom3W07a UtSaWHwZJXD9Nvpr2PBtVvO4u3aqC95ku0o8WeI/WhlE/qDSbRxWbQ70hK6/31WZ+FGJ 7dCod7Sd1k66YoR262EBfZ9H9BkX3sm53ugDDAZh9plndbh1UA5J2YC4FGoutqRblQbB 07hg==
X-Gm-Message-State: AOAM533YGQKuD0t7k1rVzXT4V6E3FBPMP3DLyQSVpapppshH4Dw89cZO sNLWuorARKqzdxLIehWdL6j2dHS1O72etpItRhIpURsEbL4KyZeuBEtSCV73h6F+L+kFtm3Flet 4NfT2Qnk7MBlQKNFladR0TtkjxJXOukSA/2PMfCv6i7K5y8etsRkcdFUq6BZmCMVCmvKlWSEqOw ==
X-Google-Smtp-Source: ABdhPJwYD5fqDXgZUGoqS7UI1fHt19X750SE7KT/7Dg1COGoVj3JTtf3gqRMHJfmiFbteABs7NPLtA==
X-Received: by 2002:a0c:ab55:: with SMTP id i21mr48324658qvb.139.1594046055597; Mon, 06 Jul 2020 07:34:15 -0700 (PDT)
Received: from ?IPv6:2607:fea8:aa20:59d:9ce4:29ad:3cfe:46ff? ([2607:fea8:aa20:59d:9ce4:29ad:3cfe:46ff]) by smtp.googlemail.com with ESMTPSA id r185sm20434423qkb.39.2020.07.06.07.34.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 06 Jul 2020 07:34:14 -0700 (PDT)
From: David Pyke <david.pyke@readycomputing.com>
X-Google-Original-From: David Pyke <David.Pyke@readycomputing.com>
To: Justin Richer <jricher@mit.edu>, Tom Jones <thomasclinganjones@gmail.com>
Cc: txauth@ietf.org
References: <eb099963-98c3-2629-ef95-1b1aae2359b9@readycomputing.com> <CAK2Cwb7ZfDgBjU3920Nemug9ofYVfkDyw5V792cJnrO08ufc=g@mail.gmail.com> <3b8d3690-47e2-ff00-1065-29647d18555b@readycomputing.com> <CAK2Cwb7E2DQ+ykv2b+9-3csZ+z=QW2ahJkExvohsp8zy1EL0Ng@mail.gmail.com> <00827624-7361-4c5f-b34f-0edc8f7493dc@readycomputing.com> <CAK2Cwb6O3N7dZpZc7qehjgQRUaV-A_P8VWx4YwFiCjj6KFc98Q@mail.gmail.com> <5AA3C0D4-A250-4EFB-B3E9-F71E8BD959A6@mit.edu>
Message-ID: <7d8f8a78-01c9-ec27-b5d3-d03b7fb9a159@readycomputing.com>
Date: Mon, 06 Jul 2020 10:34:13 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <5AA3C0D4-A250-4EFB-B3E9-F71E8BD959A6@mit.edu>
Content-Type: multipart/alternative; boundary="------------DC301C5DBBAFD238E6E4F0EE"
Content-Language: en-CA
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/7LNRvNOsLMDpPVXcKR6gOGZMT68>
Subject: Re: [Txauth] Possible Use Case for GNAP
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 14:34:30 -0000
Those are exactly the issues I was facing. While I can make the hops independent, they need to be chained so that everything is traceable. It's possible but ugly with OAuth. On 2020-07-02 3:34 p.m., Justin Richer wrote: > If we look at each hop as a separately authorized request, could we > define them in a way that they’re chained from each other down the > line? Maybe it would be possible for the root HIN to get a new token > for each of the downstream HINs, but this new token is in the context > of the first one -- *David Pyke* Manager, Strategic Consulting ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logo <http://www.readycomputing.com/> LinkedIn icon <https://www.linkedin.com/company/ready-computing> Twitter icon <https://twitter.com/ready_computing?lang=en> Youtbue icon <https://www.youtube.com/channel/UCtA7SflMXNTkY0MWL-79LDQ> Office: +1 212 877 3307 x5001 _david.pyke@readycomputing.com <mailto:david.pyke@readycomputing.com>_ _www.readycomputing.com <http://www.readycomputing.com/>_ 150 Beekman Street, Floor 3, New York, NY 10038 The information in this e-mail communication together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this communication, please notify us immediately. Any views expressed in this communication are those of the sender, unless otherwise specifically stated. Ready Computing does not represent, warrant or guarantee that the integrity of this communication has been maintained or the communication is free of errors, virus or interference. -- This is not a secure transmission. The information contained in this transmission is highly prohibited from containing privileged and confidential information, including patient information protected by federal and state privacy laws. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
- [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Tom Jones
- Re: [Txauth] Possible Use Case for GNAP Justin Richer
- Re: [Txauth] Possible Use Case for GNAP David Pyke
- Re: [Txauth] Possible Use Case for GNAP Steinar Noem
- Re: [Txauth] Possible Use Case for GNAP Justin Richer