[Txauth] Reviewing draft-hardt-xauth-protocol-11 - Dictionary

Francis Pouatcha <fpo@adorsys.de> Tue, 21 July 2020 01:01 UTC

Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 883443A1254 for <txauth@ietfa.amsl.com>; Mon, 20 Jul 2020 18:01:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 7C3CJDeznTJO for <txauth@ietfa.amsl.com>; Mon, 20 Jul 2020 18:01:20 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D6103A1252 for <txauth@ietf.org>; Mon, 20 Jul 2020 18:01:20 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id r12so19425349wrj.13 for <txauth@ietf.org>; Mon, 20 Jul 2020 18:01:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:from:date:message-id:subject:to:cc; bh=FCTFSiGKLovDUk8FLoOgMX3xkBxNIm19DMIMYLNAPeU=; b=TrimfxJIWLk9TfU1Vw7L9DVlrU67TENxLTG1kkhlqHc/wyXSgCAGJw/0eBTwQ/cPkB jKpX0S/EPXHsQJTVmHoiIqLBCHeJX19552RRBJyx8CA8OpqLIjHsVqLv587b0I3poSMo u2W+sU1AYU9BKRLSD7nzkHJ1vebMLTjNy3jcU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=FCTFSiGKLovDUk8FLoOgMX3xkBxNIm19DMIMYLNAPeU=; b=nY3xZO/vkF4ZlA3dWt182cYv4CNy7gbYNgWEQNbf7zVldE3/lulvn0cLR3BzIKy/VA sX/WQ7vG+0TZThLtgagLP+2ktBvLPHAJtuLA6MIz0wMPKM2BQcjTJWscSUv3DQNt8/db xjtfajHaUw2U0Nr0S0NaKDaO8/wNCTnevfBbJaDNvk+yjiTGPngWNWmjSDYbkZPGV2S+ lsJ6oCrIKqtGp8/ia4pqgJM6rhu9dVyhvHltBsP/8psqVM6fklNuuT45giYOQfZRPvws VNaEQDLjD2aQ5MrCNjdIDc4/QE9mM1pWogbKdhSFNgbpdhmu36KO/WwEs3PEM5/UoVVB 8/jA==
X-Gm-Message-State: AOAM530qDr1A73pTojmxSDRuHxHmVllkfBoBh4e7PR0QsLsXhDaekRVo QwF3GviDzxyKVr+7h7MAnFdYBQKUijdXP+2NMjR786FrI+8=
X-Google-Smtp-Source: ABdhPJwQAHYrtosl0niL8L2kQ8d5fOP6SYxZLa4O2h4JmT3KFFkkbz38fgAFvYX25Ror2/yQwg2CIUZFXTYZ4iJNHHI=
X-Received: by 2002:a5d:51c3:: with SMTP id n3mr14979766wrv.104.1595293278317; Mon, 20 Jul 2020 18:01:18 -0700 (PDT)
MIME-Version: 1.0
From: Francis Pouatcha <fpo@adorsys.de>
Date: Mon, 20 Jul 2020 21:01:07 -0400
Message-ID: <CAOW4vyO2C1E3Sg58CrSVT81t0T3iCTY87tdAx+a8d2A+cNa3nA@mail.gmail.com>
To: txauth@ietf.org
Cc: Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000002ac94805aae9293e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/Eup78-qFlStHoA0RkFW-rvX8RLM>
Subject: [Txauth] Reviewing draft-hardt-xauth-protocol-11 - Dictionary
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 01:01:23 -0000

Hello Dick,

Here is (in a new thread) the promised attempt to define terms of interest
in the GNAP protocol.

Party - represents a role in the GNAP protocol flow. A party can take the
form of a web service, an application installed on the user device and
acting autonomously or the form of a natural person (resp. of an autonomous
device) using an application to interact with other parties.

Resource - a piece of data or web service
      - controlled by a Resource Owner (RO),
      - held and guarded by a Resource Server (RS) and
      - serviced by the RS to a Client, if the Client provides a valid

Resource Owner (RO) - the party that
      - owns a Resource,
      - relies on the services the GS to manage access to that Resource and
      - relies on the services of a RS to hold the Resource and guard
access to that Resource.

Resource Server (RS) - the party that
      - holds a resource and guards access to that resource on behalf of
the RO,
      - services the Resource to the requesting Client, provided the Client
presents a valid Authorization.
      The RS is generally deployed as a web service.

Grant Server (GS) - the party that manages access to a Resource on behalf
of the RO. For each Resource access request, the GS might request the
consent of the RO and produce a corresponding Authorization that is given
to the requesting Client.

Consent - act of an RO approving the release of a Resource he owns to a

Grant - material form of an RO Consent. In order not to interact with the
RO on each Resource access request, the GS might store the RO Consent in
the form of a Grant for reuse.

Authorization - externalized form of a Grant as known to the GS and the RS.
      - The GS converts a Grant into an Authorization for use in a Resource
access request.
      - The RS evaluates an Authorization to decide on whether or not to
release the Resource to the Client.

Client - the party that provides the infrastructure used by a User to
access a Resource. The client infrastructure is designed to:
      - Receive the resource access request from the User,
      - Interact with the RS to discover authorization requirements,
      - Interact with the GS to obtain an Authorization to access the
      - Interact with the RS to access the Resource on behalf of the User.

User - the party using the infrastructure of the Client to gain access to a

This dictionary is supposed to be the base for further discussions that
will allow us to provide each term with just enough description to reduce
ambiguities and misunderstandings in further exchanges. I intentionally
omitted the specification of the type and nature of each party (For example
Client / Registered Client / Dynamic Client). Such elaborations belong IMO
in proper subsections.

Comments are welcome.

Best regards.
Francis Pouatcha
Co-Founder and Technical Lead
adorsys GmbH & Co. KG