Re: [GNAP] Interim Agenda
Denis <denis.ietf@free.fr> Tue, 15 June 2021 15:08 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 336153A334B for <txauth@ietfa.amsl.com>; Tue, 15 Jun 2021 08:08:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.118
X-Spam-Level:
X-Spam-Status: No, score=-1.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yHcx1RnpCNNM for <txauth@ietfa.amsl.com>; Tue, 15 Jun 2021 08:08:23 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp01.smtpout.orange.fr [80.12.242.123]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37F753A3347 for <txauth@ietf.org>; Tue, 15 Jun 2021 08:08:22 -0700 (PDT)
Received: from [192.168.1.11] ([90.79.65.81]) by mwinf5d77 with ME id HT8E250071lBGHW03T8ESM; Tue, 15 Jun 2021 17:08:20 +0200
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Tue, 15 Jun 2021 17:08:20 +0200
X-ME-IP: 90.79.65.81
To: txauth@ietf.org
References: <C3F63921-3FF9-4BFB-B1E2-C86AE575A390@mit.edu> <3E7A28D4-E2FF-4B98-9D71-2D0BDEB782E8@gmail.com>
From: Denis <denis.ietf@free.fr>
Message-ID: <065bbf3b-f656-f750-bfe3-2719d4bdb86c@free.fr>
Date: Tue, 15 Jun 2021 17:08:13 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <3E7A28D4-E2FF-4B98-9D71-2D0BDEB782E8@gmail.com>
Content-Type: multipart/alternative; boundary="------------6DC562C4984BF926ADF3654F"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/QmnIC-rWiPcP8BUEg_laX2MaDeo>
Subject: Re: [GNAP] Interim Agenda
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 15:08:27 -0000
*Important issues still need to be solved and have been left aside. * A time slot to address the items indicated in this email would be appreciated. If not at this session, then at the IETF session. A short list is below: *Trust relationships #214* https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/214 Three weeks after the opening of this thread, the very first comment unfortunately remains true. At the moment, there is no text in the draft to describe the relationships and/or the trust relationships between the various components of the system. /*Without a clear definition of these relationships, we might continue to argue for ever.*/ The last message was on April 2, 2021 * * *User choice and consent, and user notice **#215* https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/215 The *User choice and consent*, as well as the *user notice* should be made available in the preferred language of the end-user. /These two steps which are fundamental from a privacy point of view are currently unsupported/missing in the draft./ Still open. * * *Refactoring the internals of access request **#244**** ***https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/244 Denis: Switching the meaning of the words back and forth does not allow to progress. access token is defined as a data artifact representing a set of /*rights*/ and/or /*attributes */attribute is defined as characteristics related to a subject. It is the time now to define a data structure able to request attributes within an access token. An RS would be able to tell to a client that if needs one or more attributes types (and optionally values) /*and/or*/ some capability and /*if the end-user first accepts to request them to a given AS*/ and if AS is able to provide them, then the access token can be generated and is very likely to be accepted by the RS. No agreement between them would then be necessary. Last message was on May 15, 2021 * **Unlinkability **#241* https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/241 Denis: This topic falls under Privacy considerations but has consequences on the access token request protocol, hence it is opened as a separate thread. An end-user identifier present into an access token may be either: 1. a globally unique identifier (e.g. an email address, a social security number), or 2. an identifier locally unique to that AS for all the RSs, or 3. an identifier unique for every AS - RS pair, or 4. a temporary identifier for a single access (i.e. a large random identifier). Justin: Since access tokens are opaque to clients, clients do not have any input into the contents of the access token itself, including any inclusion or format of user identifiers. *Closed* by Justin on April 21 , 2021 *How can an AS determine "what is needed" to fulfill the request ? **#264**** ***https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/264 Denis : In section 1.4, the text states: ( 3) The AS processes the request and determines what is needed to fulfill the request. How can the AS "*/determine what is needed to fulfill the request/*" ? Shall the AS have established some prior relationship ? If yes, what such relationships consist of ? If no, can "other means" be used ? Up to now, there is no response from anyone. *What kind of control may a client have about the content of a returned access token ? **#265* https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/265 This issue has been opened on a Saturday and closed immediately the day after on a Sunday by Justin. It is questionable whether it is fair to close an issue during a week-end without allowing even _a single working day_ for other people to comment or respond. This issue has been *closed in less than 24 hours*, without any intermediary status like "*Pending Closed*". IMO, such a practice should be changed. Since then, you may have noticed that discussions with WG members are not taking place any more, except between the three editors. *The access token verifications to be performed by the RS should be described **#30**** ***https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/30 Denis: A key issue is whether the GNAP core is a *framework* or is able to define *at least one interoperable protocol*. The main reason of the existence of the IETF is to define *interoperable protocols* *Closed* by Justin on June 5 , 2021 Denis > The agenda, slides and a Meetecho link are available at > https://datatracker.ietf.org/meeting/interim-2021-gnap-04/session/gnap > <https://datatracker.ietf.org/meeting/interim-2021-gnap-04/session/gnap> > > See you there! > > Yaron > *From: *TXAuth <txauth-bounces@ietf.org> on behalf of Justin Richer > <jricher@mit.edu> > *Date: *Monday, June 14, 2021 at 21:58 > *To: *GNAP Mailing List <txauth@ietf.org> > *Subject: *[GNAP] Interim Agenda > Hi everyone, > As a reminder, we’ve got an interim meeting tomorrow afternoon. The > editors are planning on the following agenda for discussion: > > * Core draft update > > * Mix-up attack > > * Signature methods > > * What topics to focus on before IETF 111 > > — Justin > > -- TXAuth mailing list TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth >
- Re: [GNAP] Interim Agenda Yaron Sheffer
- [GNAP] Interim Agenda Justin Richer
- Re: [GNAP] Interim Agenda Denis