[GNAP] OAuth 2.0 Token Exchange profiles feedback request
"Dr. Kelley W Burgin" <kburgin@mitre.org> Wed, 04 August 2021 17:48 UTC
Return-Path: <kburgin@mitre.org>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 830603A0DC0 for <txauth@ietfa.amsl.com>; Wed, 4 Aug 2021 10:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3LZWP0-_lAUm for <txauth@ietfa.amsl.com>; Wed, 4 Aug 2021 10:47:56 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C3AD3A0DC4 for <txauth@ietf.org>; Wed, 4 Aug 2021 10:47:56 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 132C673C005 for <txauth@ietf.org>; Wed, 4 Aug 2021 13:47:54 -0400 (EDT)
Received: from smtprhmv1.mitre.org (unknown [10.20.200.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpvmsrv1.mitre.org (Postfix) with ESMTPS id A9BC06CC00F for <txauth@ietf.org>; Wed, 4 Aug 2021 13:47:53 -0400 (EDT)
Received: from mwfesmtp-mgt.mitre.org (mwfesmtp-in.mitre.org [192.52.194.235]) by smtprhmv1.mitre.org (Postfix) with ESMTP id 23E8C80D547 for <txauth@ietf.org>; Wed, 4 Aug 2021 13:47:53 -0400 (EDT)
Received: by mwfesmtp-mgt.mitre.org (Postfix, from userid 600) id 4GfzjP3R1Tz29psd; Wed, 4 Aug 2021 17:43:36 +0000 (UTC)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02lp2104.outbound.protection.outlook.com [104.47.64.104]) by mwfesmtp-mgt.mitre.org (Postfix) with ESMTPS id 4GfzcR1DQtz29psh for <txauth@ietf.org>; Wed, 4 Aug 2021 17:43:34 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EpoKlDy2e/y4m+dTfzlQx7ZgiY1Kt7cQ6H0CO1LG2f0pXu1lqizasHF8fSk6uTIJzTEolZ8qI5poOX5g5uHDKfKY/LjOwWRygwgkGXf4a+3MAWlHrzHzTzZMdV/CTvpOYaPjAp+DM8WX9M4yizem02UKSk3I7ekoEJNqz2xWx3bZUOIo3iBWNs0SALmvI1ZN5hvynUL1VOYJ4qcZ6pXBzD1BWLhlgGJiZxLohtlTBIkdk0dCiFB+CI6v4KsWG/0fUoTHi2nXUChOCD2UI7g9EApNI3f4W6VYjJgGLyLkMY8/H5ctIAxs81aSPRenMTTQCJdnCJ9mpISZ642zYfKQLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/JPaXlJYZJeh/Z8U1CSmtMkuiZY35WrWUqjNd+rHeiI=; b=RCmlPMQflBfLbAmfSRZ0AQFDgES0JaXz0sNGZB+Vex8k2R6bOrFXrx7tJCbE9KGVU7M7W8XuHcf/nH3ClYxNaBkbR+rOaEq0sfSHF4bJlHkJLoHJuSv2NwRh3UBPFzNzh0sofnw7g1hVN8a7Zih7cqxV/4pIPHdTKvmoIf5RFJNJM1Hc3UkzLlaZYHf4PEdzH4Mc/IsvUuU00yrqM1ul+O+qol5pha1nTbWiRIr+JNs4KLzIvS9bbTzZyV+SAi3RXPQ8M1mRjsDQG3RdDbKa3yzll1+jodxiE+l7UDokBzO6GRHUrxslhuC/Qgfpihz1QpTD+BcOFg4lRzfD/dI14Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mitre.org; dmarc=pass action=none header.from=mitre.org; dkim=pass header.d=mitre.org; arc=none
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB8544.namprd09.prod.outlook.com (2603:10b6:806:170::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15; Wed, 4 Aug 2021 17:43:33 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::153f:4e8c:eadd:935d]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::153f:4e8c:eadd:935d%7]) with mapi id 15.20.4373.027; Wed, 4 Aug 2021 17:43:33 +0000
From: "Dr. Kelley W Burgin" <kburgin@mitre.org>
To: "txauth@ietf.org" <txauth@ietf.org>
Thread-Topic: OAuth 2.0 Token Exchange profiles feedback request
Thread-Index: AQHXiVfJb87UEDW1QkiXUfBYpryPXA==
Date: Wed, 04 Aug 2021 17:43:32 +0000
Message-ID: <SA1PR09MB81426793F4B8F9A514AB4A7BA7F19@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=mitre.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ce14707c-58b7-4edb-47dc-08d9576f610d
x-ms-traffictypediagnostic: SA1PR09MB8544:
x-microsoft-antispam-prvs: <SA1PR09MB85441889BFA83F8E98602677A7F19@SA1PR09MB8544.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Qi3h9jt+OQj0jDWXI/34jnj7LwCf6ZSJVLk7Z6V6VS4lE+G6sv6hG3qFWjAeqztbpHyhGdllwEgblF/qB5U8NW7qTVJNCcHjjJojHivXm6CjCrWf05ssZuGs3+hF7tDB7EXbllkBQFAifAR8EtkqTq52FluQCnro/odb76S1kxml0DM8rvtJzM2unXdi9tyVqWCwdEu7LGNipC1gbYnVXkV7cntGtoblMB6kwMok/JDTWDvbWkgAWdWxJr0dorUUR8kOUCME0+jB7kSHyW2Toosk2pcolBCXF1s7v7lvcEbtMzDWjB9yTsWXUzxYO0RLmrZPKPvEi4e8PkckXrpmzQFEJyuvAud2QZOWbnARnk50jeadzUe6fgfzVfmKI7qkGrZE7coj8c2r76fsbXE3oyYlgsVk+k+UL+uw7iaEfJuQMmJTjuxd+WRX36mqNNI8bOw7p46CKfRkHWBr19DG3mLXpsjEurNLWNGZQWWUdQ2A1+Oz3m2oNrv80BPiUT+buyZdNkNsMh3o4K5ai63Ii+dk6UUG6zK6FTwenAS3KT1DoS53MHEHnV+cQj8cHP/5WoH1CcYh+q+nQ3EtLKVWV0yUULn0NkepH+sYebNKJa4/DuO74/8z6Udp2iMEGPSjAxKcjQnjR+cgx/NxxG9S2Hp7UlgDx4Q3LIRsX/HJJk7jSjoBYWDd1spQcA9jNCbdXphlt6egX052x7NAdpArBFN3ZLDV+OpA8Fah70rMsiXEXTpvxHORg4nepGELfNGATMWgRFZCFI96V9cInta3ZcoTCc+JHTY5fdryxmfrZ3tO9LEGtCHRsJ+nYDUAiPCBilvkzH42/Fvnmgt7/88Cig==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(376002)(396003)(136003)(39860400002)(346002)(55016002)(478600001)(316002)(38100700002)(166002)(38070700005)(122000001)(33656002)(91956017)(26005)(5660300002)(83380400001)(6506007)(66946007)(8936002)(64756008)(186003)(66556008)(52536014)(66476007)(66446008)(76116006)(6916009)(2906002)(71200400001)(9686003)(8676002)(86362001)(7696005)(73022008)(41612003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NFFBG4N4s9tuKJGM+kBzHq4WIOwd/KcjVv0TWikl33P0LMpJ7DY8MSvdjNn73X5l79gpF5Bo1jmJV7xoVGuvczWuoCZK+CixMRVqC/ZI7k6xBDMXygx8nywleXMlIc2xiehVw5Izp5MSV5hhcwx747NstF+erCivrJeUTp7y7HIzpswNIOXOF7F/AYmAiXTGnUD11OLS406iabK3nidZVQosOSK4GPQhq1/KeIavcjnKjsY9LVaof85Pls0jrxEs5Ng9ygWa7XbgSEFUByn+hsUSafhcK7jai73onguEQQZLuKZVYib/hVZJnrBXxFdw+e0hzkDOVx7AeYwUc+oDl4VAW+PgRqHheX5hJ91pdbFTYUuJmYPQVvJTtPwYFcqebUlSQE7mHNVT8e1TXdyFS9plwY2AgBhEoFVE15yNzUyrTrilDd0y7GCRIiUhl5PiYJOi/M/qpFsvlTHZ1KvvQ1SNPoSslAQ2lIGG35lUr8B6qUAp0jPep76bQ1RfDh5L8MeFfbDMaJqA0/D36+BWoFc8lNwUk1ngIkEh2c7Xxxjki/8VkFyUwqu4aMfVHsnsduMPmPsPdbp8RSHgQDalg2u7NA2iwmzNcWaEHE/EoiIk9RjmIzV+QyHn3FRBEfSgQMD95VZPwXhfvnQxvIawYDpg1biAWxpFfrSAJ+RTOcaTOoO6psRCDmBPyGUmoQno5ny2/Wq4NAVizbsdJzhYEerfP2d0JmzuTC+X/uceQFhBQbD6E9EGwoUbQl+y/0xBNMXRR3nMM+2pnnvQoKKuXvefTbnp9BZS45rUcGAMC3Yyhw4lCZYd0lYTfyeMeW7G2s/vTo0P9bJL3gP4+Zkt8Kgy7Rx3ecGSr18SqfOM2XJJNVzA/F9p8MgpWiyz5bPkxo9j9RAIlrkb2WWPoJ14QY0eMT3PUpROyfMEBvse2o0YxWSqPd2JWaG5e2ER7tFAgkxqntMwbE4tXJ10i2QIhHMlUus/5xb2tOLhkB3hW26rxfhBhkScBF5wObEBMGCjEd2rZWa7bYZdVw+bYjIuxLTq5EjyCIblfFCkIxFBpSzyEkn4x82p50YvU4+XTORewEUj4eUpbdAoNNOz5sggnKwof3qpVmVE+8uv94FShW7YdIGwotVNZKuqNPVnMJh4wzrSlv635EAETH7TGkHkqNWZv6Uh+QjDcHbKUOuGLFsJJzOOV8PB+5dZtAbbVsdlV3Sjl+mnSaUdPPncyb/AZYAa6Upgycx9JFxa4u8lPGtBg+Avk5Tbfwgs64MPl425Di/HbblXm1w/SIDkGQZTtFhVzMXyu4CgBdppBFhUXLtqs8B8jPcxpZbUpgjGy1X7JgVJt/iSoq7WAT7lW5OnMg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SA1PR09MB81426793F4B8F9A514AB4A7BA7F19SA1PR09MB8142namp_"
MIME-Version: 1.0
X-OriginatorOrg: mitre.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce14707c-58b7-4edb-47dc-08d9576f610d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2021 17:43:32.9807 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB8544
X-MITRE: 8GQsMWxq66rxk57w
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:to:subject:date:message-id:content-type:mime-version; s=BTxNELhf; bh=/JPaXlJYZJeh/Z8U1CSmtMkuiZY35WrWUqjNd+rHeiI=; b=Uz5Ruvtfbgn0ibukFX6r6rRCpMGRoV/NjVcTJIeSbov6ieE+wtcRcJ+z5qA5HSwOFkZNrXAyvaqWHfhO4qv8Q6udEvvvmIA3bAMoi5yOX3ghhSsJDqb1dBeLWxk099BfmgqepwPrf/nv2C/0/B+Ply5u9sBCamWsghaDP+O9CTI=
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/T1MfjXHAzcobs1eK2yFv4sgyJ-0>
Subject: [GNAP] OAuth 2.0 Token Exchange profiles feedback request
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2021 17:48:02 -0000
All, MITRE, in support of the U.S. Government, has developed tailored OAuth 2.0 Token Exchange profiles for use in an enterprise environment. These documents build on the OAuth 2.0 profile<https://www.mitre.org/publications/technical-papers/enterprise-mission-tailored-oauth-20-and-openid-connect-profiles> MITRE released whose requirements have been incorporated into OAuth 2.1. The documents enable “identity chaining” by ensuring that the identities of the user, client, and protected resources are propagated in the issued access tokens to make appropriate access decisions. Token and Identity Chaining between Protected Resources in a Single ICAM Ecosytem using OAuth Token Exchange<https://www.mitre.org/publications/technical-papers/token-and-identity-chaining-between-protected-resources-in-a-single-icam-ecosystem-using-oauth-token-exchange> Token and Identity Chaining between Protected Resources in a Multiple ICAM Ecosytem using OAuth Token Exchange<https://www.mitre.org/publications/technical-papers/token-and-identity-chaining-between-protected-resources-in-a-multiple-icam-ecosystem-using-oauth-token-exchange> Please note, we will be working with the standards bodies to move these concepts forward. These current profiles and this email should be considered as informational as we seek additional feedback from Subject Matter Experts throughout the Community. We welcome your comments and suggestions at OAuthOIDCProfiles@groups.mitre.org<mailto:OAuthOIDCProfiles@groups.mitre.org> . Regards, Kelley _________________________ Kelley Burgin, Ph.D. Cybersecurity Engineer The MITRE Corporation (865) 255 - 6699
- [GNAP] OAuth 2.0 Token Exchange profiles feedback… Dr. Kelley W Burgin