IETF Logo Mail Archive

Re: [GNAP] Design team

Dick Hardt <dick.hardt@gmail.com> Tue, 20 October 2020 03:26 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71D393A1097 for <txauth@ietfa.amsl.com>; Mon, 19 Oct 2020 20:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.096
X-Spam-Level:
X-Spam-Status: No, score=-1.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7aVOi8_Ed0HC for <txauth@ietfa.amsl.com>; Mon, 19 Oct 2020 20:26:56 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60E863A109D for <txauth@ietf.org>; Mon, 19 Oct 2020 20:26:56 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id j30so281092lfp.4 for <txauth@ietf.org>; Mon, 19 Oct 2020 20:26:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3dPfJXdnkxyBtNfgXM11B3tnRlWvXyoBjpz2GaMaVbw=; b=JEFojfz3qD1a9/O3gGkjM80WIzJ2pNZnv4ZumcZ1toQw0+6uOGjYq+YTnerSPiAZRY ecpCcRV3ZBgfgE62GD7QELlJeBcBhQTWaD6uEXSZKCpyeN4YWSLnvVaG0AhccTo6dRST m9yIu7YuSC5gQ8ABS8GZk90feLOGdAJSb3lRIeD/bSBddOpGJ2j4u+Vm3+Sav74+0d6N 8+kS2nspLYso33HDsRKsAMAOJAFPZFjzGpIJ8OPgpD2hjoaAHGO2fYMOHnG3RBC8Re/N ht45jgxLrnZnTURBhL3PiD2bWiaKcSZkzMNpNAkAca98eUolWbe87xlwmiS2fUYHnWvi on4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3dPfJXdnkxyBtNfgXM11B3tnRlWvXyoBjpz2GaMaVbw=; b=eHIanbslI7570iy7jSi5/8pZPoPll+l6ktCa+AVGFtxv66zynZpyv47dlrxhLPgEiv 96Hbd8V3t5tCgplnbxUbBd1HLjW34+8HvvKpPQr2OqfHl+ws9eB+apN1aFpK85Zpm9ji KCSOdheJxb4HktO7oPYsNnahWyVCAcDc11yU6wX34Y/g+EwIScCiVLoe97MhUdV8BPrv 2dsXH/SsL/8lWs09K25c6/flyOTziATX1lRQoWz2cBMwjTpxSG+9bT5YNNgC1h2kaTO7 hdmukFiEAsdGqUg+qOv1RZYQuqg0yhHSd6nz7cH2RT0mYYp6oxEd57YybsqLUK8qfPyp YcHg==
X-Gm-Message-State: AOAM531V5HWye0G6HTIgr4zHmw+gKlXG5gF/3Wc3JsPBHfl0Ir9JYGKr 5+dNSWCk5NU4x+nRMcUJVYZwvi2lhWIOaKvynFo=
X-Google-Smtp-Source: ABdhPJwCrdm5DQ/c9tDFQ/6iWVfMOvbrC/0n6xOF/+z0om+EW6ebAyQhqp1QOW2kzsUvC1DAdrGLH9VhlYvMIqfN/EU=
X-Received: by 2002:a05:6512:3137:: with SMTP id p23mr251921lfd.316.1603164414167; Mon, 19 Oct 2020 20:26:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-tasafnZJJAJ2oZS6VPbTYxYQ4p-=TKkcPjKg5VUQxPpg@mail.gmail.com> <E7E00B34-FACA-4D8D-9A6D-60DBDE6DC516@gmail.com>
In-Reply-To: <E7E00B34-FACA-4D8D-9A6D-60DBDE6DC516@gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Mon, 19 Oct 2020 20:26:18 -0700
Message-ID: <CAD9ie-u3V9Z2qvHJZGAkfhWGqNJT_kPhEcZYj3_bYDt_4SDcsg@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: Justin Richer <jricher@mit.edu>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006c4f5705b211cd12"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/Ix7P3AFQtW5y4GwqwWxACYUeh94>
Subject: Re: [GNAP] Design team
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 03:26:58 -0000

I don't see how your take is different in the process you chose to take, vs
the process I had suggested in the WG meeting, and the chairs had set as
the goals of the design team. Despite the WG not adopting your
recommendation to start with XYZ, you chose to ignore the WG and chairs and
start with the XYZ document.

wrt. RESTful design patterns, that was a design pattern that XAuth
introduced and that XYZ has adopted. The one comment about a suggestion I
made that was not RESTful -- I was asking for the parameters in JWS signing
to be moved from the JWS header to the JWS payload -- my suggestion was not
making it any less RESTful than it already was. Inaccurate representations
like this contributed to the tension in the meetings.

One of your criticisms of XAuth was the use of "non standard IETF language"
such as "sequence" -- a term that is now used numerous times in the draft.

I hope you had a RESTful vacation!







On Fri, Oct 9, 2020 at 6:34 PM Kathleen Moriarty <
kathleen.moriarty.ietf@gmail.com> wrote:

>
> My take is very different, Dick.  I am starting a 2 week vacation and will
> not be spending it arguing with you on the list.
>
> Multiple reviews pointed to Justin’s document as a better starting point,
> not just mine.  Your use case cases can be met and some of what you were
> asking for did not follow RESTful design patterns.  They really don’t map
> to a future protocol well.  You may need to write extension documents, but
> your goals can be met.
>
> Many calls were difficult as displayed in your message.  Justin did a
> great job handling the weekly tension and ensuring options were included
> for WG discussion when agreement was not met.  He’s completely amenable to
> following the WG and chairs decisions.  His document was also easier to
> follow and aligned better with numerous IETF documents.  Please do keep
> Justin on as an editor. As you can see from the draft, there are many areas
> where WG input on decision points are requested.
>
> Best regards,
> Kathleen
>
> Sent from my mobile device
>
> On Oct 9, 2020, at 8:26 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>
> 
> Tl;dr: Given where we are in the WG, I am not opposed to the WG adopting
> -14, but I propose someone other than Justin be the document editor.
>
> I was on the design team to work on the goals set out by the chairs [1]:
>
> "We expect the design team to decide on a solution outline that combines
> the best of both proposals, and present this outline by Sep. 15"
>
> Surprisingly, Kathleen convened the design team with her recommendation to
> start with the XYZ document with Justin as editor, and add in the diagrams
> from XAuth. The rest of the design team had an opportunity to express their
> concerns and Justin edited the document. In other words, I had to convince
> Justin to change the document, rather than the design team comparing and
> contrasting the proposals and selecting the best parts. I expressed my
> concerns with our AD, and decided to continue participating in the design
> team. We did make some progress on a number of issues thanks to the hard
> work of Fabien, Justin, and Mike -- but many issues have been punted to the
> WG.
>
> Justin has poured tons of energy into this project, and to his credit he
> was a good editor at times, but there are areas where he was unwilling to
> deviate from his vision.
>
> I am concerned about a repeat of what happened in OAuth 2.0: Erin had the
> pen and had strong views that often were not aligned with the rest of the
> WG. A good example was Erin's distaste for bearer tokens. He factored that
> out of the core document, which we are now adding back in with OAuth 2.1.
> Anyone that participated in the WG saw the issues this had.
>
> I'm not suggesting that Justin is Erin, but I think a more neutral editor
> of the core document will allow us to make progress more quickly.
>
> /Dick
>
> [1]
> https://mailarchive.ietf.org/arch/msg/txauth/By7tDkJBxhmHbP7vKwubC9eW38I/
> ᐧ
>
> On Fri, Oct 9, 2020 at 5:04 PM Justin Richer <jricher@mit.edu> wrote:
>
>> Thanks, Kathleen, and thanks to Dick, Mike, and Fabian for all their hard
>> work and discussion as well. This draft contains aspects of XYZ and Xauth,
>> and introduces some new elements and pieces as well. As you'll see, there
>> are many identified issues and decisions to be made, but even then I
>> believe it hangs together fairly cohesively already thanks to the good
>> engineering effort and discussion that's gone in so far.
>>
>> Nothing in the document is final, of course. To me, this document
>> represents a good starting point for working group discussion and
>> decisions, +1 for its adoption.
>>
>> - Justin
>> ________________________________________
>> From: TXAuth [txauth-bounces@ietf.org] on behalf of Kathleen Moriarty [
>> kathleen.moriarty.ietf@gmail.com]
>> Sent: Friday, October 9, 2020 6:55 PM
>> To: txauth@ietf.org
>> Subject: [GNAP] Design team
>>
>> Greetings!
>>
>> The design team has now come to a close.  While there were too many
>> issues to resolve to all design team member satisfaction, great effort was
>> put in to describe decision points for the WG to ease and hopefully speed
>> the working group process.  As such, I am requesting that the WG adopts
>> this version (14 of XYZ) and works together to fully develop a single
>> specification.
>>
>> https://datatracker.ietf.org/doc/draft-richer-transactional-authz/
>>
>> A tremendous thank you to each of the design team members for your hard
>> work and walking the fine line of when to put a stake in the ground (that
>> the WG can always change once adopted) and listing our options for decision
>> points to ease the WG process.
>>
>> Best regards,
>> Kathleen
>>
>> Sent from my mobile device
>>
>> --
>> TXAuth mailing list
>> TXAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/txauth
>>
>

v2.23.0 | Report a Bug | By Email