IETF Logo Mail Archive

[GNAP] Review of draft-ietf-gnap-core-protocol-00

Francis Pouatcha <fpo@adorsys.de> Tue, 03 November 2020 22:00 UTC

Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 122C33A122C for <txauth@ietfa.amsl.com>; Tue, 3 Nov 2020 14:00:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrFP22edMMXb for <txauth@ietfa.amsl.com>; Tue, 3 Nov 2020 14:00:21 -0800 (PST)
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2111.outbound.protection.outlook.com [40.107.127.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3864D3A1229 for <txauth@ietf.org>; Tue, 3 Nov 2020 14:00:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T3R3kxndr7oQ18VucUPOYjYbJkMuOYwWockKC5EI6cZIfp4Uq0/0aee7ZI0SRpJ9ZO27fKHUtr8frRjrPQGTwg1JMiN0zhm4WiBNZknKqeWUXRjjSPRXzMfKSeshZn/LqNZiZNu/8zlj0V5P124Mtp6ZblIGZGT3Yb3B37cH0R9JY84dzcqjkZzWY6dLfXm7NwENTzzM7Y0jUbYjSWmA2zo8DVbNBSNlt5qUY4D8b4j2cSaCyVEHGQk5I+san0RM84hIMUGiTRTL1ON1oT5/BhvIBpK7fy1O5EJKPzJNgKPOdtZ8bJMwgfqBGRtHXe61VDXTu0C/L06j/VZokoQ+dQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j5i4Pyhp/KMaXjsaxYKTTfYtU6bnObTjy1rx7TAxwbc=; b=duTrU0W4FKqcB1Rty9dhMKlC72TZZFyOKmv2F6W3NXyNaODm2TcLq+Ln1a/y0Ty7WKtMjd2v1xTWBdUKS4C3GIwDb9Hp43SH1x4HUmSDRPVZWVGDXAtIGgIhfJz+MX1xV9A1ZU5mzSkabNzksOS22VJh/qSCq8BTrBRvB9F4YuarLzfETzSU2cO30iIUbgNmbbHhNt7X8/Ue0A+CKWYnTtb8tLH/2t4z0hiF1EO0rdi5AJlJbdjhkU6GnHNPKBV0WWolY4nOdhqRHlFVYdUkcEegKgHoGJTYDY/u9WrHSqPgwQAUlh2ESNfoJIxiLvkdrCdtvDzE8G2VlH+Mcz7RRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adorsys.de; dmarc=pass action=none header.from=adorsys.de; dkim=pass header.d=adorsys.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j5i4Pyhp/KMaXjsaxYKTTfYtU6bnObTjy1rx7TAxwbc=; b=RCImY/r8NQX/aVWlQ6i94cRh7quD3sMPrnCwUO3nUIIsTmPaj4GqTrXcszq3XMjE0RSj4BKGb2zpSnF0ii7/Je0hr90IKfIDhkkpLMJzh38k9SQt7A/asR4xWu0+T4ZWPTl4zPSU7Z4IbSGU19yWUigI0AfD7zXk20ihu/G3RW/YtJ02EStfOQv6jM0CL4Qo+oXsnS+Sq4Tj4KoBi28Y53woJ8jhIUrmFaV/MWTqjMdsjamVTWOp5/VS2zFr6MVn8ga4a1WhjexS8Cp8QsXpxofVtUev72bKXx+1xye66O+lIxiLuQJPQv484RITUWx2OQgXGFqbTXiwagmuskRrgw==
Received: from FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:11::11) by FR2P281MB0268.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:10::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.15; Tue, 3 Nov 2020 22:00:18 +0000
Received: from FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM ([fe80::b06b:117e:61f0:138b]) by FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM ([fe80::b06b:117e:61f0:138b%3]) with mapi id 15.20.3541.013; Tue, 3 Nov 2020 22:00:18 +0000
From: Francis Pouatcha <fpo@adorsys.de>
To: GNAP Mailing List <txauth@ietf.org>
Thread-Topic: [GNAP] Review of draft-ietf-gnap-core-protocol-00
Thread-Index: AQHWsiy3H8is1hHc2keFJtXpCHRvoA==
Date: Tue, 03 Nov 2020 22:00:18 +0000
Message-ID: <FR2P281MB01063C2EA739E892B549611D8D110@FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM>
References: <160433257633.23038.15047041472414640530@ietfa.amsl.com>, <AB11DC08-C6ED-4045-A8F5-872AD263035D@mit.edu>
In-Reply-To: <AB11DC08-C6ED-4045-A8F5-872AD263035D@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=adorsys.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [65.33.157.159]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 163dfce2-f937-4297-69f3-08d88043da46
x-ms-traffictypediagnostic: FR2P281MB0268:
x-microsoft-antispam-prvs: <FR2P281MB02687A7681438624301F725FCD110@FR2P281MB0268.DEUP281.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HUkTCSCkw7EVZtmu+2+VfjnSSuvQGOOkmyD3/Vm9KLY52J6oKLVTHoMQ7Zh7HmiUe8p2cL3RAWiAjpXTtcxFtOJ9QTHauKGhIBavYLNHOx/kpdZRiuoOPmPk4rPhpNl0Avg+FJUoCLzK6DIUt3UDEtv/c7I+WMKzlpNV77YOT0K3hTwpzGxQwdOOyf7LkOyPkQXIohZZ8TwpX3I2/5MOP/fzhMx3fctfQvGex2lpXutKhbRu+LcNbxNiO6muD8YgmKS+yDUbK7Xgpx8w+MPx8NQGsUQyvoTTG7vqJU0nfLAfl6QK2VWRzvO/93MX3wSnFUekQjaRQOA95jdjlsQioA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(136003)(396003)(39830400003)(346002)(6916009)(19627405001)(8936002)(316002)(8676002)(2906002)(86362001)(66476007)(66556008)(66446008)(64756008)(76116006)(91956017)(7696005)(186003)(83380400001)(26005)(6506007)(55016002)(5660300002)(478600001)(9686003)(52536014)(33656002)(71200400001)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: pM8J3V9TI5xgXeWJTV4czR3sJCkSgfQIrI5ae8+PhI1UetZW3N49EBvSJdspFpioWMZbOjInB/zLtVwcL1gWJS45fP8a2GHtyAfPWdpgwzsMbI8n8DxqrS4hJP0kksgMiy+K3+CVmg9+JAopcBvIGvITNGxpKLWU5EEtHT4Nnnx11hjVlrcdw5Rf+UpK7ujWHD97XeN7LG0BF1ku+OlkeHMqHz7HZ1vI8eQkLMnUxkRkBaWvXTisoz8zrQkK4aRyARdHaPXAlRtYxU9In99uqCNbgCMhP1w7cbAJyRYoQcvm08Xf2fLpIvIQqLJgNJjk0F6BqUX216uACnS5MjHEuhwKOqRT+sX4nc02H8jjAgo2UCLG4/aLS0ziDOKyB8TgXN7ZOyBpVy1g0GOvQT/kE7XI2ozANTGQGIznngzAoBw77uGShqudocdI/kDI0k/hTXtV6uAE6Ik8Qe0TC6ZIDB5/Mhv7dYXvCBjKaBCGkr500Db6XlXKAPSQVO2WyAbGbBYSXfkfcjrDfK0RXExgkG2xklVB7Y4wFSJofZrBl9Zh8qPoxGKtnnhIxv28D5FlNDSZfqkZMkE0nHdeosl5p/mo0TYPVGoWBesFSsqSeIBp/DtLLzfHBMfM6G/A0o7FaEIZCEY4HEregtHO3VRk6A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_FR2P281MB01063C2EA739E892B549611D8D110FR2P281MB0106DEUP_"
MIME-Version: 1.0
X-OriginatorOrg: adorsys.de
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 163dfce2-f937-4297-69f3-08d88043da46
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2020 22:00:18.5041 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5e2c5484-e522-479d-91ca-515d6e0ce228
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: seUwlpSJxvZjghdW++rvwChqt0xVMAWGU/a9nHYjANeaM5h8h/bku7CbyOtCSPSuv6dZKzES6wPFR0L3jdJMA4xWYT6BsP++/q73QYqMUxE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB0268
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/y_rYPEu9ChkFT8pHTyWP1mc91gk>
Subject: [GNAP] Review of draft-ietf-gnap-core-protocol-00
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2020 22:00:23 -0000

sort of late but find below are my initial remarks after the first thorough reading of the draft-ietf-gnap-core-protocol-00.


A) Structure of the document

Grant negotiation is of an importance that requires the draft document to have a clean and understandable structure. This is missing. An example Structure could be:

1- Introduction
2- Abstract Protocol Flow
3- Roles
    3.1- Role 1
        3.1.1 Definition
        3.1.2 Scenario
        3.1.3 Authentication
        3.1.4 Capabilities
    3.2- Role 2
4- Requests
   4.1 Resource Request
   4.2 Access Request
5- Elements
   5.1 Element 1
6. Interactions
   6.1- Interaction Type 1
        6.1.1 Protocol Flow
        6.1.2 Roles/Parties
        6.1.3 Elements
        6.1.4 Requests
   6.2- Interaction Type 2
        6.2.1 Protocol Flow
        6.2.2 Roles/Parties
        ....
   6.3- Interaction Type 3


B) Current Document

Roles description shall not hold any assumption on the physical structure of the party fulfilling the roles.

Roles:
-> grant endpoint of the AS: Why is this a post request? This eliminates the chance of having user device hosted AS (no server).
-> Resource Owner (RO) : Authorizes the request? Does it authorize the request or the access to a resource?


Missing Section Interactions:
--> This section shall introduce the notion of interaction before we start listing interaction types.

Interaction Types:
--> I prefer a classification with Redirect, Decoupled and Embedded is. In the draft, we have one redirect and 2 decouple interactions and nothing else.

Resource Access Request vs. Resource Request
--> Both are mixed up. No clarification of the context of each section.

Token Content Negotiation
--> Not expressed as such. This is central to GNAP and not represented enough  in the document.

Requesting "User" Information
we identify two types of users: RQ and RO. It will be better not to refer to a user in this draft, but either to a RQ or an RO.


Dealing with the RC. Here we need a clean structure:
  -> Identification
     --> Entity vs. Instance
     --> Display Information
  -> Key location, legitimation
     --> Authentication
  -> Capability representation

Dealing with Users? This belongs to two sections:

Handling RQ
  -> Identification
     --> Display Information
  -> Credentials
     --> Authentication

Handling RO
  -> Identification
     --> Display Information
  -> Credentials
     --> Authentication


Interaction Again
-> For each interaction type, we will have to describe the protocol flow and the nature and behavior of involved Roles (Parties), Elements, Requests.



Best regards
/Francis

v2.23.0 | Report a Bug | By Email