IETF Logo Mail Archive

Re: [GNAP] [Txauth] Three Client-Server use cases with several ASs built along "Privacy by Design" (PbD)

Fabien Imbault <fabien.imbault@gmail.com> Tue, 11 August 2020 06:17 UTC

Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1AC63A0CC4 for <txauth@ietfa.amsl.com>; Mon, 10 Aug 2020 23:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAsSygh4jM1Z for <txauth@ietfa.amsl.com>; Mon, 10 Aug 2020 23:17:27 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25C9C3A0CC3 for <txauth@ietf.org>; Mon, 10 Aug 2020 23:17:27 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id q75so11522033iod.1 for <txauth@ietf.org>; Mon, 10 Aug 2020 23:17:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XtfgAYocZ7B3hzIoOQe7u50jZh6iMtD5NDUdrnl8Pv4=; b=rIHqW6Q57UEMCWs2sk4bJP2gzKmO07rYLHX3+3/WNC6lOWL0fjtHuUT1uzAOgS9Bal sQPdfNyhIuGcKI9migvNk1VuuzdDUCiTobGGe4iBq7W5Ie+CiCmMiPNg7F4EV9MPuh20 TJ7J+CfRkYKfHtCm9YNTIt3ScEG5QI3POmdMxKvlAcIDEgLhMor8HFBc/JG0FqsmZpJa GCz5ZPKdVVhgmDpdtdILWD0mUuhBkFlg8v0J4vbJxjB3V1vocQqXOnjJMCfVKSS4U/S0 1Ufa7WNOtJGN7EgJlOs+PR9TV2mPcoRPPTCDbkcLTF5q/7aG1i9rsz2oTpJZMtYcEeEC LjOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XtfgAYocZ7B3hzIoOQe7u50jZh6iMtD5NDUdrnl8Pv4=; b=fY9uPNuopZyoESAYvxGIJFfF+Wwd77W8oMw7fT5smZIylxUKmabQ83oPoC1nyjYHNP M+X46bYLu0IjYywG3sbgkOJUjkPS/j7te3IhhVM5TyupTTtCSrbsBjv6sGP0sM5NuVgs PbDbxBf22RwgHjENER42trM8VaqeXqxwfnCfZB5RjWcSP0OiC9idw1KNzo187aBxRE7M L2qjQvgHU35vrpFEdJLJI6Z7jLIr6juFXDkCuJA9+lDmtirIlQJ+5tC7A9byZomNtnYJ 3dBtriomIrb8klR0kG60NFIqtVJoLQ+RxUsL8KoIhBsrjErMIQ+KZT7sLQIQ4swD2FxB 422g==
X-Gm-Message-State: AOAM530/hRYsfkgKOkXHT5vE+Au/kFXf5RC+1f4TpSDOT/SAO6KA2pKO 9cLdrAbHT02uz+BHAvmxTS7UY0KPAAK3oZGIDds=
X-Google-Smtp-Source: ABdhPJyh0LwkzJIyLV1YGnKRfqiJAX5aO67xKDdFXN8Ff/nTWGodZELE8ppzvEEEGuojaqJjCVkt0wkaUNswb+fnm3c=
X-Received: by 2002:a02:6c0d:: with SMTP id w13mr24449959jab.47.1597126645084; Mon, 10 Aug 2020 23:17:25 -0700 (PDT)
MIME-Version: 1.0
References: <d2ee5da2-8e88-15c8-8646-087860463d2c@free.fr> <CAOW4vyOwQTMoo2Nmb8KNcVM5hdOW69FzZTK5XQ2fRL9CC8+SUA@mail.gmail.com>
In-Reply-To: <CAOW4vyOwQTMoo2Nmb8KNcVM5hdOW69FzZTK5XQ2fRL9CC8+SUA@mail.gmail.com>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Tue, 11 Aug 2020 08:17:14 +0200
Message-ID: <CAM8feuT2K2xpF=VES11kihsqfGK4RCzdSCU=HCLijxLvnc=8LA@mail.gmail.com>
To: Francis Pouatcha <fpo=40adorsys.de@dmarc.ietf.org>
Cc: Denis <denis.ietf@free.fr>, GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005774fb05ac94066b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/IBt1Ry9-zfOsfWYH6RW3ku4hC-o>
Subject: Re: [GNAP] [Txauth] Three Client-Server use cases with several ASs built along "Privacy by Design" (PbD)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 06:17:29 -0000

Hi Francis,

I think Denis points to the fact that, in the current situation, the AS
receives the resource request from the Client and therefore knows what
tokens are asked. Then it also implements the consent interface (and
possibly the login too) and so it also knows who validates and what is
accepted or not.

I don't think the abstract flow deals with those privacy concerns.

Then I agree with you on the audience field of the token, if left empty it
simplifies part of the problem, although it removes a big part of the
control you may want from directed tokens. That's why I'm willing to better
develop the RS hiding idea.

Fabien

Le mar. 11 août 2020 à 05:58, Francis Pouatcha <fpo=
40adorsys.de@dmarc.ietf.org> a écrit :

> Hello Denis,
>
> what you describe in the use case seems to be the default behavior of the
> protocol. Let me map it with this abstract protocol flow:
>
> +-----------+      +--------------+  +-----------+  +----+
>  +---------------------+
> | Requestor |      | Orchestrator |  | RS        |  | GS |  | Resource
> Controller |
> | is UNIV-1 |      |  is UNIV-1   |  | is UNIV-0 |  | or |  |         is
>         |
> |   Staff   |      | Registr. App |  | Server    |  | AS |  |
>  Student       |
> +-----------+      +--------------+  +-----------+  +----+
>  +---------------------+
>   |(1) RegisterStudent    |                |           |                |
>   |---------------------->|                |           |                |
>   |                       |(2) RequestRecordIntent(RecordType,StudentId,
>   |                       |
>  OrchestratorId):AuthRequest[RecordType,StudentId]
>   |                       |<-------------->|           |                |
>   |                       |                |           |                |
>   |                       |(3)
> AuthZRequest(RecordType,StudentId,OrchestratorId)
>   |                       |--------------------------->|                |
>   |                       |                |           |(4)
> ConsentRequest(RecordType,
>   |                       |                |           |
>  OrchestratorId):Consent
>   |                       |                |           |<-------------->|
>   |                       |(5) AuthZ[RecordType,StudentId,OrchestratorId]
>   |                       |<---------------------------|                |
>   |                       |                |           |                |
>   |                       |(2)
> RequestRecord(RecordType,StudentId,OrchestratorId)
>   |                       |     :RecordOf[StudentId]   |                |
>   |                       |<-------------->|           |                |
>   |(7) Registered         |                |           |                |
>   |<----------------------|                |           |                |
>   +                       +                +           +                +
>
> we assume the authz request sent by "Client" to "AS" describes the
> protected resource without referring to the authz server. An AS can issue
> the authz to release the graduation record  of a student
> ((5) AuthZ[RecordType,StudentId,OrchestratorId]), without any reference to
> the target university.
>
> What matters for this authz object is:
> - StudentId: a reference to the student as known to the resource server.
> - RecordType: a reference to a resource of type graduation record as
> understandable  by the resource server.
> - OrchestratorId: reference to the Orchestrator. Can be used to bind authz
> to Orchestrator.
>
> But:
> - RS must trust AS issued token.
> - StudentId must be known to RS, AS and Orchestrator.
>
> Therefore, the AS does not need to know the RS. Keep the audience field
> empty.
>
> Same principle applies for the second use case.
>
> What privacy problem do you see here?
>
> Best regards.
> /Francis
>
> On Tue, Aug 4, 2020 at 5:08 AM Denis <denis.ietf@free.fr> wrote:
>
>> I tried my best twice to download three use cases in the Use cases
>> directory, but I failed.
>>
>> Rather than failing a third time, here is the direct link of the second
>> try:
>>
>>
>> https://github.com/ietf-wg-gnap/general/wiki/Three-Client-Server-use-cases-with-several-ASs-built-along-%22Privacy-by-Design%22-(PbD)
>>
>> Denis
>>
>>
>>
>>
>>
>>
>>
>> --
>> Txauth mailing list
>> Txauth@ietf.org
>> https://www.ietf.org/mailman/listinfo/txauth
>>
>
>
> --
> Francis Pouatcha
> Co-Founder and Technical Lead
> adorsys GmbH & Co. KG
> https://adorsys-platform.de/solutions/
> --
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email