Re: [GNAP] Murray Kucherawy's No Objection on draft-ietf-gnap-core-protocol-18: (with COMMENT)
Justin Richer <jricher@mit.edu> Fri, 08 March 2024 17:00 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 823A2C14F6B0; Fri, 8 Mar 2024 09:00:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.758
X-Spam-Level:
X-Spam-Status: No, score=-5.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Odh9JJfr3di; Fri, 8 Mar 2024 09:00:01 -0800 (PST)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2091.outbound.protection.outlook.com [40.107.93.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B93BC14F703; Fri, 8 Mar 2024 09:00:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SQKwUkowlHiH30skbw9fpvhxad8nvm38iGNaYLA6BA8FG12wN7XGleEmEeiTES3cvq6jS2FfnwCwqytAB5lvSTerCOkRPIQsJYEebL0NV1WS3ptn4ujifbAdPTLW9N1OAQlPK+FbFH9ejSLcvtgkobDD2KCPRD/l4bgVJN3M0pAllEbFVhyxdyFhCsZhiaJYDRQHEQQQ1RBZ6ZzvUCkQTb4fWY59ylpRKaxRpJcsVLo3IsyQbDy4iMjG1NYJIca+fjzmORkALszypotHx9WJhY4HawDSGW6005cMM0gX/fY4mpMveMhho1LAgMONAL36JNu4tqtOkMPFdKBQYOUO3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K8kfy+60o6wp1AUdG60UgH/oiFYDvCKUE9QukA8N3hk=; b=DgUjlqMsR/yUV7sJmZVGL5f7Jvx9O9eC+mwwprNoz8/+3mq+xcnF831LotqZJAVRy8jgXHlqPL3jS0DNBHmc+aHB9eiE4rrLnb0ACwybBTD1LCwu57N0KpUvLekQHRwHK0IJ5MlIHVGD53VDur4EYyGgmK/1F/TIQBDa4F6St9WcTGeybtO3npgsjJUbQT0a3kwxxx8eusV3XITJ/42zm/Uo8BPU9O9W+EfF4c3v0sEItqwhG40d54lCO8zbWrZ+QrRHkTpU/D2hwO+GCO5HhhRvSllNoGLKCbMO4yelfN8EdtCTNGRT+EGywg5Z03Fpshk9si85lrP41Eos4M12lA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K8kfy+60o6wp1AUdG60UgH/oiFYDvCKUE9QukA8N3hk=; b=hjAXlStU+SQ3k9lQfnXgJxWso9C862iCmXNb1dyKYsoWWGMn4ff2ge3L51g85jkH35BzSaSbjYkvekJKYdu5IuQ3A2zDQPmHZYTqMacoHzxdDhhx3RiJg3CApzoaASMKI1PtZSd/XLpYi6uIGdbN81Qr+i9cCNIx4aXJgHt1Yag=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SA1PR01MB7261.prod.exchangelabs.com (2603:10b6:806:1f0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.27; Fri, 8 Mar 2024 16:59:59 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef%3]) with mapi id 15.20.7362.024; Fri, 8 Mar 2024 16:59:59 +0000
From: Justin Richer <jricher@mit.edu>
To: Murray Kucherawy <superuser@gmail.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-gnap-core-protocol@ietf.org" <draft-ietf-gnap-core-protocol@ietf.org>, "gnap-chairs@ietf.org" <gnap-chairs@ietf.org>, "txauth@ietf.org" <txauth@ietf.org>, "yaronf.ietf@gmail.com" <yaronf.ietf@gmail.com>
Thread-Topic: Murray Kucherawy's No Objection on draft-ietf-gnap-core-protocol-18: (with COMMENT)
Thread-Index: AQHacXoN8zMoYBsNr0OV8BqP57WQ8A==
Date: Fri, 08 Mar 2024 16:59:59 +0000
Message-ID: <DFBACC0A-6335-424E-BC78-9B6A002F6A60@mit.edu>
References: <170982516917.60817.16221027054744866316@ietfa.amsl.com>
In-Reply-To: <170982516917.60817.16221027054744866316@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SA1PR01MB7261:EE_
x-ms-office365-filtering-correlation-id: 0897806d-7942-48b0-d52b-08dc3f91302c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LcGUl+pgzHZiiQDDDaZinfN0huBzggfx6HJABoCFKaoUCg+7asrCw4xWoKUsn/typfM9Cdsa/IaB0lt3BOxctmwEgXzXhbvT5fxlJDL7yJtOW475AoZlbIggcecAn1h11buV7Alfcz8LaqnEdUILas//Gn5FCFBW1BK2P1GCL5ZHBNh4jmgwIzTZpOUlk7I6+Y+Ov7AsG3FjQ9Bd4D2aVSdn7iY0LZj472As7P9/GP9vzWbmlxyeWDAK/mSfWJLmVELXt+6nt/VrljUNP/3coDL6KsrAhDDD3YrXywZ6q6Sc5NP+tMpMmzGZeMXQ1BSINgFh1B+lFu/GtGrHtcUsWYqWAYGGmMpkf2/KLelio2ZLbn0CSSwAfWg1EKAOsZSRY4Frha7rqdBxGg7ZLnnxfO66HWrbTC8FqnWHTF4wJGPbUlICL0vSoIEEt5LUYgen5B3xlnXHrJZbc/ufR6lV3iwo9QqZiy8xQdwJJHbf+RE6/9HzJykpWo7IIMaM6CzFDa4ZIQyxrSaijozNCgII6z7Uxd0wkozyyr7pXHHJBD4VTo8u1VPUZ+Q1gulFlOROFkDG7bqce2JYroryDSNpRs2I+zX7OdoKiIdHm2UT8LOb7Nl6KmtW1iuNoU2516noo9MCZOPNp8aLHx7kwrqpGr3fZ7EA1uXxuAzJa0UbwP8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LV8PR01MB8677.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Na/iZc6QEjqiCYfRFJjiKozkDkoyq+uuA8iJLVFoLYEsy1OKehTxKf7K2YqmEhD6VRBOithdI+nK7O3ALTQXQjYD9+Sdc8bMpNkcJYhlf6hI6D5snuFGWTQ4XcDRi9xZ+d+N4rOuZgcrCnQYy9eLZHK8YfUL6Bj7w4q2KD+PAaNnTMDh+gbCZ+f+VIE9FmGOZqoARMRK3lnYkTndxE6tXP0bBYaoFIWW2gW11/uZVNKvk5V9eQunP7tpLT4FYiD1FbZdccCM9zvoHS/XQhxf8SjbNOyM9u0z3nShb5EFd8HsazmZXz9A4AyLeYqI+UCznavzAt8yM+1IVcclF6V8sSwEAW9ogJSYrTVn5EsSlxix/FmZ7MJqu9cxeO3Bscit34G24xTZb39oyWFmRmSqAurK/UQGao8gYJRCqHiQyqg0ZWEFqTEvGWR/yRZ4W0HLhVNH0QpebP1kDkAGuzF7dpA1P1/WkBBlDR5WL1V+acifz9zwdHF7na07XvkVQRcQdeGG7ZjGZjHpL3NwsuCRDk/JHXEFjTc/waRsbQp/oTreHO66HSGdeylo9boES4gQikDYL24SqGRANQ+2/NDDANFqQEhNaGmAIeLsqtc56n20M9lMSgZl2yJKYC8NeX7OTETALFumcfB81tN2TeZMWjVtWO/Zp0fFk1GPeP2R2Y/qLCgzUM3zpG02Ix+Dk7nnRJ5KepKHEK2Bfx9IZ2I+3cfkMcR8unQtzBjhJZVsa0TKq4t/cmJpBf61wld4SvOfb+p4DpiFny43kUkN9g22SB2Qr0DDX5a7IGZOXLXY7zAVm7EYdj4HzwfNAiDF6soY7ZM5yzvGhjVVr9m03e9HqTUcvaDvfrv5S3beph2b8Gmv2DQ9BGLtlOyUYdjTAxUFNt4Kn38xG5f+HuroZl+N/5znDcjmMez61mKDp0RV2o93ToXEy+zVedajoYp8nqlHSUdgLvKAKZOZUAW4lnO9Ari8QZH4g3qmpp38foZ2RMBMpiUALk/nZhGcXVybIQpnUzkOiwvJ0JUVQ3nPq9oez2YFgbWOIYGgnFWDCjslY9vwEwcezaj+GBfaJ99Fl1OX7MQ2SvxVEqlyz7w845tAHJ4a9xpISlrTwELWZJOGXYKEqBuOzW3SBYfDH4Kb4fPqInsV4wVEvrwFezcCdlrcoiwrtVzjm1S9XZXSTNnzw9KnsjjzK02zPjSJLJvF7QmJIwzXARAKPmDFpq1u2xOcNCQ80Lszn3meSY+/FecAxcvrDLKjChkTnDmmtJragsFd65ABDRsbrU8O0NDYv7h0cx9zUUpqQKJCnRinykPT3r2PN+TnRSuUkQTMf0miKo1qX0c16CZRG07F7e5idSmDRNuSzu39ijPPOlgTYjNKA4vECEE3Hvhcrw8gGU4xqdXr1JZiF+2I2e3I708QC0KjH8wh/EoJewfeaJpDvMA4gOzfrflKkRg/+NCItyzFxLJ7ZE0ZX7DOraK3OX3saBKTJMIs18Jr/mtnfyGENgKq0h00bgfEj2NBQ4dEPcVMtH/PrR7qe8stgm8oKkBh9CN28RUvmtr45VUXuyy3vFb3mv9XNoIehc8o5I8QdD4QSQ8J
Content-Type: multipart/alternative; boundary="_000_DFBACC0A6335424EBC789B6A002F6A60mitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0897806d-7942-48b0-d52b-08dc3f91302c
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2024 16:59:59.0463 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q4x/lzd4n44spbuKYQaCKYf+AWPD35LihJ33OwvLZi7xagKSHnEytcgha9wwohhO
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB7261
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/JgLiqEfhjVQ_TCuB0NHqU8JBM60>
Subject: Re: [GNAP] Murray Kucherawy's No Objection on draft-ietf-gnap-core-protocol-18: (with COMMENT)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2024 17:00:05 -0000
Thank you for the review. Comments inline below. — Justin On Mar 7, 2024, at 10:26 AM, Murray Kucherawy via Datatracker <noreply@ietf.org> wrote: Murray Kucherawy has entered the following ballot position for draft-ietf-gnap-core-protocol-18: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- === My own review isn't done yet, but forwarding some comments from Orie Steele, incoming ART Area Director: """ The AS is uniquely defined by the grant endpoint URI, which the absolute URI where grant requests are started by clients. """ Suggested change "which is the absolute URI" (missing is?). """ Grant: (verb): to permit an instance of client software to receive some attributes at a specific time and valid for a specific duration and/or to exercise some set of delegated rights to access a protected resource; (noun): the act of granting permission to a client instance. """ I wonder if these definitions can be shortened to the following without loss of generality? """ Grant: (verb): to permit an instance of client software to receive attributes or to access protected resources. (noun): an expression of attributes or permissions given to an instance of client software. """ ... """ Some promises can be conditional of some previous interactions (e.g. repeated requests). """ Suggested change: Some promises can be conditioned on previous interactions (e.g. repeated requests). """ In may cases, this happens through a front-channel interaction through the end user's browser. """ Suggested change: In many cases,... In section-2.1.1 """ A unique name chosen by the client instance to refer to the resulting access token. """ Is this meant to be a machine facing string, or a human facing one? Are there unicode consideration that apply to this field, similar to https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-sfbis-05#section-3.3.8 ? Put another way, is deceptive text a security consideration for this field? """ Each object is a subject identifier as defined by [[I-D.ietf-secevent-subject-identifiers](https://datatracker.ietf.org/doc/html/draft-ietf-secevent-subject-identifiers-18)]. """ Suggest to update reference to: https://datatracker.ietf.org/doc/html/rfc9493 """ If the identified end user does not match the RO present at the AS during an interaction step, and the AS is not explicitly allowing a cross-user authorization, the AS SHOULD reject the request with an unknown_user error. """ Why not MUST? Section 2.5.3.1 Indicate Desired Interaction Locales It would have been good to have gotten an i18n review based on this section. I recommend a reference to https://datatracker.ietf.org/doc/html/rfc5895 regarding international domain names, to ensure that language considerations in URLs are also addressed. In section 3, an informative or normative reference for DID should be provided. In section 3.4 """ value (string): The assertion value as the JSON string serialization of the assertion. REQUIRED. """ The example starts with "eyj...", is this value meant to also be base64url encoded? It seems like this might also be a JWT, in which case, its not a JSON string, its a string of base64url encoded JSON strings separated by periods. A less elided example might be helpful here. Section 4.1.2 rightly warns of deceptive / indistinguishable unicode, you might consider a citation to https://datatracker.ietf.org/doc/rfc8264/ Section 5.3 """ The AS SHOULD check that this presented user information is consistent with any user information previously presented by the client instance or otherwise associated with this grant request. """ What happens if this check is not performed or the information does not match? References to ietf-httpbis-message-signatures should be updated to https://datatracker.ietf.org/doc/html/rfc9421 In section 7.3.3 +jwsd is introduced, but there is no corrosponding registered Structured Syntax Suffixes in https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml or in the document. Similarly `typ: gnap-binding+...` implies a registered media type of `application/gnap-binding+...` `gnap-binding-rotation` is also present but not requested to be registered via IANA media types registry. In section 11, you may wish to comment on if expired drafts are acceptable references for specification required, so that experts have guidance on this topic. In 11, I wonder if it is truly necessary to request 16 registries from IANA, given the initial entries for some of the registries contain only a single reference.
- [GNAP] Murray Kucherawy's No Objection on draft-i… Murray Kucherawy via Datatracker
- Re: [GNAP] Murray Kucherawy's No Objection on dra… Justin Richer
- Re: [GNAP] Murray Kucherawy's No Objection on dra… Justin Richer