Re: [GNAP] A "privacy by design" delegation scheme
Justin Richer <jricher@mit.edu> Fri, 19 March 2021 14:31 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D2353A16C8 for <txauth@ietfa.amsl.com>; Fri, 19 Mar 2021 07:31:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.918
X-Spam-Level:
X-Spam-Status: No, score=-6.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kopbNKl9-yKT for <txauth@ietfa.amsl.com>; Fri, 19 Mar 2021 07:31:46 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE1BB3A1940 for <txauth@ietf.org>; Fri, 19 Mar 2021 07:31:09 -0700 (PDT)
Received: from [192.168.1.22] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 12JEV5cU030705 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Mar 2021 10:31:06 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <C766FFFA-C52D-4AF6-A09B-0E1D2FF4EA39@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_230C00EF-F639-4EF8-AB22-264A74EB9828"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 19 Mar 2021 10:31:05 -0400
In-Reply-To: <62619e0d-f4ad-bef8-d351-49943542409f@free.fr>
Cc: "txauth@ietf.org" <txauth@ietf.org>
To: Denis <denis.ietf@free.fr>
References: <62619e0d-f4ad-bef8-d351-49943542409f@free.fr>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/Ta-j22XQPkljfNIymvIkKKJfwu0>
Subject: Re: [GNAP] A "privacy by design" delegation scheme
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 14:31:48 -0000
Hi Denis, The abstraction of the authorization server is fundamental to the approach in both OAuth and GNAP. I would personally encourage you to start a BoF and eventually a working group here in the IETF to pursue such a design as you are proposing. — Justin > On Mar 19, 2021, at 10:27 AM, Denis <denis.ietf@free.fr> wrote: > > The text that follows is extracted from : > > Page 5 from RFC 6749 (OAuth 2.0). October 2012, and > Page 5 & 6 from draft-ietf-oauth-v2-1-01. February 2021 > " For example, an end-user (resource owner) can grant a printing service (client) access to her protected photos stored at a photo sharing service (resource server), > without sharing her username and password with the printing service. Instead, she authenticates directly with a server trusted by the photo-sharing service > (authorization server), which issues the printing service delegation-specific credentials (access token)." > > These two sentences are part of the foundations of OAuth 2.0 and OAuth 2.1. > > The same delegation scheme can be supported without the need to use an authorization server (AS). Here is the story: > > For example, an end-user can grant a printing service access to her protected photos stored at a photo sharing service, without sharing her username and password > with the printing service. Instead, she authenticates directly to the photo sharing service and asks to that service to deliver delegation-specific credentials (access token) > able to grant to its owner a read access to a subset of her photos during some period of time. Once the access token has been delivered by the photo sharing service, > she transmits it to the printing service. Then the printing service presents that access token to the photo sharing service which will deliver the subset of selected photos > to the printing service. > > Requirement : > > The end-user must have an account on the photo sharing service. > > Advantages: , > > Since there is no AS, the photo sharing service does not need to trust any AS nor have a relationship with an AS. > Since there is no AS, the printing service does not need to trust any AS, nor have as relationship with an AS. > Since there is no AS, no account is needed for the end-user at an AS. > Since there is no AS, no AS can know/spy what the end-user is doing. > The access token can be transmitted/communicated to anybody, including herself. > The end-user MAY have an account on the printing service, but she is NOT REQUIRED to have one. > The person that gets the photos printed will need to disclose to the printing service a name and an address for the delivery > (not necessarily her name and her home address) if she is not working at a kiosk and will need to pay for the printing (and postage). > Denis > > > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth
- [GNAP] A "privacy by design" delegation scheme Denis
- Re: [GNAP] A "privacy by design" delegation scheme Justin Richer
- Re: [GNAP] A "privacy by design" delegation scheme Justin Richer
- Re: [GNAP] A "privacy by design" delegation scheme Stephen Moore
- Re: [GNAP] A "privacy by design" delegation scheme Denis