Re: [Txauth] Call for WG name preferences - process clarification

David Skaife <blue.ringed.octopus.guy@gmail.com> Thu, 28 May 2020 20:57 UTC

Return-Path: <blue.ringed.octopus.guy@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45CEC3A0EC3 for <txauth@ietfa.amsl.com>; Thu, 28 May 2020 13:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TjlffR_3oA8X for <txauth@ietfa.amsl.com>; Thu, 28 May 2020 13:57:20 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B9023A0EB0 for <txauth@ietf.org>; Thu, 28 May 2020 13:57:20 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id d24so1163741eds.11 for <txauth@ietf.org>; Thu, 28 May 2020 13:57:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BHhk0IMym7qQi3tA+BmmhC4sUDeXS2RqsKdDeVfnydg=; b=Cts1kVy0Zk6l0Zt8RlY5NzFMNm9/WuRiHqZXd3V64sF2gZxLFsbyA9qM1Z6JOJBywp 8DjgDxdAThNun+EbWtlvprPljNSdDOLEDEi0h0LasIj64HthHFXK5AMsPi4ORnmW1PN5 f8pl5+WJhHgP2/hZV72aZqFcPivIp2g/A0eCQPORqYJH+K87oSriJqRC8S1tkDSVlexk eFHJ2BLfdsfjff//CeBX354UyCJaaSdfSb2w8uvXJLOTfV/gN3Y3knOVLTD3b5uvZdTw yRHUsc/mKs3ajOcsTmTPL1ujvMhdE9Hl6wJXvc4M5/J+RkSss9Y4OkcOV20jODXqrJca woGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BHhk0IMym7qQi3tA+BmmhC4sUDeXS2RqsKdDeVfnydg=; b=sClWuLj1ADf5ZjcrJGrL7CX3x5jitTNnWLv9xskWXveb+eCCqBZQHAr4IPX/AsJyuI FGaRnWq1cqQjUFkPWhH012nm8CSRKF4+CZVZ6D4qkqas/4TvxKthZ4AtoLlNViywE8EX F5tWlawUqcv4M001XQn1vnBadzUWvKNzJliRvHVg4klhuOFS1wcUVnjbNQlWJ9tCidRl rE8cQkpZgrt+czHACsKxnNF9i1dnFF6rlw5s6gjmyWPosvq4voQ8okwhScnS3s9d04TQ VsXjdu7YZpPX9e2eSUT5e9cuvOVSip1vxGL1efd7PUbSX5k9b2pg/f5XXwld/9x2INxI ZWjg==
X-Gm-Message-State: AOAM530S3H2qtOGlrKVNPB05/T2H+IpPWI5NV3GD3bJnpmtfqumnw8pJ UIA6XX1KvtaZCMUmiSFnk2zno+ohLlYp6fchUUc=
X-Google-Smtp-Source: ABdhPJyZOFDx3zMo8QGNfRU5q/NIRtE6vnTqVyap+NWt0/EMjJT4FsCEQI1ArR3OsUHe6vrXZTdbaSmUzks+8nPgC+4=
X-Received: by 2002:a50:c906:: with SMTP id o6mr5064586edh.95.1590699438487; Thu, 28 May 2020 13:57:18 -0700 (PDT)
MIME-Version: 1.0
References: <785D1C5C-EE90-4A3F-9917-00F94F319863@gmail.com> <1FDCD86E-C52E-4C33-889C-20EC082F009D@gmail.com>
In-Reply-To: <1FDCD86E-C52E-4C33-889C-20EC082F009D@gmail.com>
From: David Skaife <blue.ringed.octopus.guy@gmail.com>
Date: Thu, 28 May 2020 21:56:55 +0100
Message-ID: <CAKiOsZu7vqynB=L=47L5sF8K=QPTD+Z=1Kcby60fhkTxhC8x2w@mail.gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f9bd8805a6bb9248"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/FSWdY6lbnvDlqxq0ESccxxDyGEY>
Subject: Re: [Txauth] Call for WG name preferences - process clarification
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 20:57:31 -0000

Hi,

Now that the deadline for new names has passed, I'll submit my lists of
which names I would and wouldn't object to (each list in alphabetical
order).

*Wouldn't object to:*
GATAR    Grant Authorization To Access Resources
GNAP    Grant Negotiation and Authorization Protocol
GranPro    GRAnt Negotiation Protocol
IDPAuthZ    Intent Driven Protocol for Authorization
NIRAD    Negotiation of Intent Registration and Authority Delegation
PAuthZ    Protocol for Authorization
TxAuth      Transmission of Authority


*Object to:*
AAuthZ    Alternative Authorization Protocol (AAuthZ)
Reasoning - I don't like the concept of using "alternative" (alternative to
what?), and the acronym looks like a typo.

AZARP    AuthoriZed Access to Resources Protocol
Reasoning - I don't like the acronym, it's a bit clunky.

AZARAP    AuthoriZation And Resource Access Protocol
Reasoning - I don't like the acronym, it's a bit clunky.

BeBAuthZ    Back-end Based Authorization Protocol
Reasoning - I don't agree that the protocol will be completely back-end
based as we will still have the client-side redirect optionality. Also it's
hard to pronounce the acronym.

BYOAuthZ    Build-Your-Own Authorization Protocol
Reasoning - I don't think we want people to be building their own, as this
suggests we're creating a framework rather than a protocol.

CPAAP    Comprehensive Privileged Authentication Authorization Protocol
Reasoning - Bad acronym and the expanded version doesn't make sense to
me..

DAZARAP    Delegated AuthoriZation And Resource Access Protocol
Reasoning - Awful acronym.

DIYAuthZ    Do-It-Yourself Authorization Protocol
Reasoning - I don't think we want people to be doing it for themselves, as
this suggests we're creating a framework rather than a protocol.

RefAuthZ    Refactored Authorization Protocol
Reasoning - Refactored from what? I don't like the concept.

ReAuthZ    Reimagined Authorization Protocol
Reasoning - What are we reimagining? I don't like the concept. Also
"Re-Auth" would be misinterpreted.

TIAAP    Tokenized Identity and Access Protocol
Reasoning - Too much focus on on identity (which is part of the charter but
not the core part of it), and a hard pronounce acronym.

TIDEAuth    Trust via Intent Driven Extension Auth
Reasoning - The expanded name is too clunky and doesn't make sense to me.

TIDYAuth    Trust via Intent Driven Yield Auth
Reasoning - I don't understand what is meant by "intent driven yield".

TIEAuth    Trust via Intent Extension Auth
Reasoning - "Trust via Intent Extension" sounds confusing to me and I don't
really know what it means.

TINOA   This Is Not OAuth
Reasoning - I don't like the concept of referring to OAuth in the name.

TXAuth    Testable eXtensible Authorization
Reasoning - I don't know why "testability" features so prominently in the
name, as that isn't something unique to what we're looking to create.

TXAuth      Truly eXtensible Authorization
Reasoning - I don't like the expanded name, "truly eXtensible" sounds lame
to me.

WRAC    Web Resource Authorization Collaboration
Reasoning - I believe this one was discounted already due to trademark
issues, but either way I don't like it. The inclusion of the word
"collaboration" doesn't make sense to me in this context.

XAuthZ    eXtensible authoriZation protocol
Reasoning - I don't think "extensibility" is enough of a defining/unique
characteristic of what we're looking to create here to justify this name.



Many thanks,
David Skaife

On Fri, May 22, 2020 at 11:32 AM Yaron Sheffer <yaronf.ietf@gmail.com>
wrote:

> Thank you David for pointing out the loophole in my previous mail. As a
> result, we have decided to limit the time when new names may be proposed.
> If you have new name ideas, please make sure to share them until 0800 UTC,
> Tuesday, May 26.
>
> All others, if you want to make sure you are commenting on the full name
> list, please hold off until after Monday.
>
> Apologies for the process confusion, we are building it as we go.
>
> Thanks,
>         Yaron
>
> On 5/21/20, 11:53, "Yaron Sheffer" <yaronf.ietf@gmail.com> wrote:
>
>     Thank you to those who contributed early replies!
>
>     As a refinement/clarification to the process below: we are now
> focusing on discussion and making sure there are no strong objections,
> rather than voting on people's favorite name.
>
>     With that in mind, we strongly encourage people to attach an
> explanation to each name they object to. Therefore for names that are on
> neither of your lists ("wouldn't object to" and "object to"), our default
> assumption is that you would NOT object to them.
>
>     With the process now finalized, please take a few minutes and provide
> us with your name lists. As a reminder, the deadline is 0800 UTC June 4,
> 2020.
>
>     Thanks,
>         Yaron
>
>
>     On 5/19/20, 23:34, "Yaron Sheffer" <yaronf.ietf@gmail.com> wrote:
>
>         Hi!
>
>         After reviewing the community feedback and discussions with the
> AD, we’d like to again launch a process to elicit feedback on naming.  Our
> proposal is below.  We’d appreciate any clarifying questions, proposed
> improvements or objections by 0800 UTC, Thursday, May 21st .
>
>         Thanks,
>                 Yaron and Dick
>
>         PS, I’m sharing the load with Dick and taking point on this
> consensus call -- Yaron
>
>         ----
>
>         Before we submit the draft charter [1] to the IESG, we wanted to
> explore the name of the group. During the chartering discussions, some
> people objected to the BoF name being the WG name.  We’d like to get
> consensus on what the WG name should be.  Our first attempt to elicit input
> [2] wasn’t successful, and this is a second attempt to get consensus from
> the community.
>
>         To get to consensus, we want to gather preferences on the
> currently known WG name candidates. Our goal is not to select the most
> popular name -- it is to select a name everyone can live with and ensure
> that we understand and weigh any objections there might be with that
> choice.  To that end, we’d like to elicit your name preferences in the
> following way:
>
>          (1) In previous discussions, the following candidate names have
> been voiced (we have listed only these names that received at least one
> vote previously):
>
>         * AAuthZ    Alternative Authorization Protocol (AAuthZ)
>         * AZARP    AuthoriZed Access to Resources Protocol
>         * AZARAP    AuthoriZation And Resource Access Protocol
>         * BeBAuthZ    Back-end Based Authorization Protocol
>         * BYOAuthZ    Build-Your-Own Authorization Protocol
>         * CPAAP    Comprehensive Privileged Authentication Authorization
> Protocol
>         * DAZARAP    Delegated AuthoriZation And Resource Access Protocol
>         * DIYAuthZ    Do-It-Yourself Authorization Protocol
>         * GNAP    Grant Negotiation and Authorization Protocol
>         * GranPro    GRAnt Negotiation Protocol
>         * IDPAuthZ    Intent Driven Protocol for Authorization
>         * NIRAD    Negotiation of Intent Registration and Authority
> Delegation
>         * PAuthZ    Protocol for Authorization
>         * RefAuthZ    Refactored Authorization Protocol
>         * ReAuthZ    Reimagined Authorization Protocol
>         * TIAAP    Tokenized Identity and Access Protocol
>         * TIDEAuth    Trust via Intent Driven Extension Auth
>         * TIDYAuth    Trust via Intent Driven Yield Auth
>         * TIEAuth    Trust via Intent Extension Auth
>         * TINOA   This Is Not OAuth
>         * TXAuth    Testable eXtensible Authorization
>         * TxAuth      Transmission of Authority
>         * TXAuth      Truly eXtensible Authorization
>         * XAuthZ    eXtensible authoriZation protocol
>
>         We would ask that you consider these names, and respond to the
> list with your selection of the following two categories:
>
>         * “Wouldn’t Object” -- this is not necessarily your preferred
> name, but you would be comfortable with it being the name of the WG (choose
> as many names as you want)
>         * “Object” -- you would be uncomfortable with the WG being named
> in this way (choose as many names as you want; please provide an
> explanation)
>
>         (2) If your preferred name isn’t in the list per (1), you can send
> a note to the mailing list stating that you’d like the WG to consider a new
> name.  Please ensure the name adheres to the previously discussed naming
> criteria at [3]. We still request that you provide your other preferences
> and objections.
>
>         (3) If you previously sent in your preferences, but a new name
> suggestion or someone’s objection changed your mind, then send another
> message to the mailing list with your revised preferences.  For the
> purposes of consensus, we’ll assume that everyone who hasn’t commented on a
> new name introduced per (2) “objects” to it (i.e., we want to hear positive
> confirmation of preference on new names).
>
>         (4) Please provide your input by 0800 UTC June 4, 2020.
>
>         With that input, our plan is to assess rough consensus in the
> following way:
>
>         (a) See if there is consensus for a name identified given the
> “wouldn’t object to being the WG name” preference and the level of “would
> object” feedback
>
>         (b) If there isn’t clear consensus with (a), but a significantly
> reduced set of candidates around which there is enthusiasm, the chairs will
> share the results and request feedback
>
>         (c) If rough consensus appears to be reached through steps (a) –
> (b), revisit the objections to this candidate name, elicit additional
> objections and see if they change the consensus.
>
>         Regards,
>                 Yaron and Dick
>
>         [1] https://datatracker.ietf.org/doc/charter-ietf-txauth/
>         [2]
> https://mailarchive.ietf.org/arch/msg/txauth/GnTUvD191MGMF63Oe3VTqkYi0Wg/
>         [3]
> https://mailarchive.ietf.org/arch/msg/txauth/lAe06IW4nihUzyTkWVDcq8rnUa8/
>
>
>
>
> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>