Re: [GNAP] A "privacy by design" delegation scheme
Denis <denis.ietf@free.fr> Fri, 19 March 2021 15:07 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 009533A1829 for <txauth@ietfa.amsl.com>; Fri, 19 Mar 2021 08:07:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.118
X-Spam-Level:
X-Spam-Status: No, score=-1.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBOycoNZZkO4 for <txauth@ietfa.amsl.com>; Fri, 19 Mar 2021 08:07:11 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp11.smtpout.orange.fr [80.12.242.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 258723A18CF for <txauth@ietf.org>; Fri, 19 Mar 2021 08:06:41 -0700 (PDT)
Received: from [192.168.1.11] ([90.79.53.231]) by mwinf5d46 with ME id iF6e2400U4zJUWJ03F6f4s; Fri, 19 Mar 2021 16:06:39 +0100
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Fri, 19 Mar 2021 16:06:39 +0100
X-ME-IP: 90.79.53.231
To: Stephen Moore <srmoore@gmail.com>
Cc: "txauth@ietf.org" <txauth@ietf.org>
References: <62619e0d-f4ad-bef8-d351-49943542409f@free.fr> <CAK5Vu_BX+qqgKVWzB-98CFGkbgbSoxwtrq7mtJ61e=Q08CrdNg@mail.gmail.com>
From: Denis <denis.ietf@free.fr>
Message-ID: <5472b905-fe3c-4d5d-5b05-f6f6a58f43ca@free.fr>
Date: Fri, 19 Mar 2021 16:06:40 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <CAK5Vu_BX+qqgKVWzB-98CFGkbgbSoxwtrq7mtJ61e=Q08CrdNg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------41826DD7A023B0FF9C0329E9"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/LMd9wZYjL2m1ut1nvMBRVELZ_G8>
Subject: Re: [GNAP] A "privacy by design" delegation scheme
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 15:07:14 -0000
Hi Steve, Thank you for your feedback. You wrote: "now I need to have multiple accounts on every RS I have data on it". Yes indeed, but you know that there exists or there will exist solutions for that, one of them being FIDO. With FIDO the RS cannot link their user accounts using the login name. FIDO has been thought with privacy in mind. About the last two bullets, I fear I don't understand your question. The end-user may pick the photos at the delivery service or someone else can pick these photos. An account is useful to avoid the retyping of a name and a home address each time, but is not necessary otherwise. You finally wrote: "I honestly don't see a difference between the two other than one service hosting the two components (RS and AS)". You only see the difference if you consider the trust relationships. In the general case, an AS is trusted by several RSs, but not in this situation. If you rely on the HTTPS protection on both segments, then no cryptography is even necessary: there is no signature needed from anyone. Denis > Denis, > All you are doing in that case is putting the AS into the photosharing > service. The photo sharing service still has an AS that it > explicitly trusts because it owns it, but now I need to have multiple > accounts on every RS I have data on it, rather than giving me the > option as a user to entrust an AS run by a reputable company that can > be trusted by many RS's. > The delivery information can be input at the Photo Printing service > with or without an account on the service, regardless of where the > token comes from. I don't see how your last two bullets matter in > differentiating the two takes. > > I honestly don't see a difference between the two other than one > service hosting the two components (RS and AS) > -steve > > On Fri, Mar 19, 2021 at 10:27 AM Denis <denis.ietf@free.fr > <mailto:denis.ietf@free.fr>> wrote: > > The text that follows is extracted from : > > * Page 5 from RFC 6749 (OAuth 2.0). October 2012, and > * Page 5 & 6 from draft-ietf-oauth-v2-1-01. February 2021 > > " For example, an end-user (resource owner) can grant a > printing service (client) access to her protected photos stored at > a photo sharing service (resource server), > without sharing her username and password with the > printing service.Instead, she authenticates directly /with a > server trusted by the photo-sharing service // > // (authorization server), which issues the printing > service delegation-specific credentials (access token)/." > > These two sentences are part of the foundations of OAuth 2.0 and > OAuth 2.1. > > The same delegation scheme can be supported without the need to > use an authorization server (AS). Here is the story: > > For example, an end-user can grant a printing service > access to her protected photos stored at a photo sharing service, > without sharing her username and password > with the printing service.Instead, she authenticates > directly to the photo sharing service and asks to that service to > deliver delegation-specific credentials (access token) > able to grant to its owner a read access to a subset of > her photos during some period of time. Once the access token has > been delivered by the photo sharing service, > she transmits it to the printing service. Then the > printing service presents that access token to the photo sharing > service which will deliver the subset of selected photos > to the printing service. > > _Requirement_ :_ > _ > The end-user must have an account on the photo sharing service. > > _Advantages_: , > > * Since there is no AS, the photo sharing service does not need > to trust any AS nor have a relationship with an AS. > * Since there is no AS, the printing service does not need to > trust any AS, nor have as relationship with an AS. > * Since there is no AS, no account is needed for the end-user at > an AS. > * Since there is no AS, no AS can know/spy what the end-user is > doing. > * The access token can be transmitted/communicated to anybody, > including herself. > * The end-user MAY have an account on the printing service, but > she is NOT REQUIRED to have one. > * The person that gets the photos printed will need to disclose > to the printing service a name and an address for the delivery > (not necessarily her name and her home address) /if she is not > working at a kiosk /and will need to pay for the printing > (/and postage/). > > Denis > > -- > TXAuth mailing list > TXAuth@ietf.org <mailto:TXAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/txauth > <https://www.ietf.org/mailman/listinfo/txauth> >
- [GNAP] A "privacy by design" delegation scheme Denis
- Re: [GNAP] A "privacy by design" delegation scheme Justin Richer
- Re: [GNAP] A "privacy by design" delegation scheme Justin Richer
- Re: [GNAP] A "privacy by design" delegation scheme Stephen Moore
- Re: [GNAP] A "privacy by design" delegation scheme Denis