Re: [GNAP] Design team
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 20 October 2020 10:16 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE44A3A1118 for <txauth@ietfa.amsl.com>; Tue, 20 Oct 2020 03:16:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nfEsUAMJBbde for <txauth@ietfa.amsl.com>; Tue, 20 Oct 2020 03:16:24 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB54D3A1110 for <txauth@ietf.org>; Tue, 20 Oct 2020 03:16:24 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id u19so2349395ion.3 for <txauth@ietf.org>; Tue, 20 Oct 2020 03:16:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=oYi9/wgTryh5QcQNBA59+m+WRGgVn17BduVIfShOdC8=; b=A/WnRyUYU1Ty+rQaUaHZLDVoPay7LqDKwL4D4JP3dVFwOt1iCi+9X9ERSomn9TwSaF RP6t/0YUKcilN029YR72bXV8GOE2Ef0QsLYJODnl3RaYozPLuXjrG73CLYUoFjQghhDf pX1pA5KskWqT3wZsfiHHkHncua2AJdJV8iDvTQ83Ac5rqJGsY0ss9ZT3Tt9XS2+Z72QW Ggs/gQwuYnBXQ68kIcK9imZphCNvXLpnHt5onR3j4CZqXDGcEsDDaGdkvYzjq6/klo30 yEB8wO7hPxw2E57VxDBc9Ri5mXFTfvVZHR51HAgd/Zu4yOThJaaLPcs7324XCl1NFLFe ujyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=oYi9/wgTryh5QcQNBA59+m+WRGgVn17BduVIfShOdC8=; b=ngxhEgTeI77enq/Rfo0AESVLsxeE1JCsUbGyF4WbTUUCSsz8n73fr5W1fzw1405Q2s j1GICv0x1YWY9ELuN/mNQEh37UgPbJ2kK0j4+2FMDHmzzZnsK6msi0+v/W/QeT4pDL5o jHisxvO4x8DmF4dTxnP+8T7wEmv7VgS7PUWoqU5wz3seA7kxInOJTK35ZQbiWAAi/O09 aSsPq+yWb6oG1XP46sSq0U0C378mPeQEWh+kOHTSlOK0PkFKZIf4AQFfZUZyyoqzfSIW ckMNuf7ueCQpVPmNfW+Ynxoiotz1tz2Q2HbHjAR5NB9fF+im36lkGL9R6lO1rnv+J5Ov n1pw==
X-Gm-Message-State: AOAM531CUgmJqJXquzwANNcH3VEEJ6vuCo2BjDiY2mn51dUhvc8rs2lF HGrHJvaFpLbOGN8eIKBJWzs=
X-Google-Smtp-Source: ABdhPJzLvYur77EmWuAz9fj3UHqIZdRd6GH7UNYoUNknE6Y+blrGbUxx29jomr3rr7e3NAyVs7H2Jg==
X-Received: by 2002:a6b:fd08:: with SMTP id c8mr1533547ioi.16.1603188983735; Tue, 20 Oct 2020 03:16:23 -0700 (PDT)
Received: from [192.168.86.20] (146-115-101-80.s7246.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.101.80]) by smtp.gmail.com with ESMTPSA id d6sm1474611ilf.19.2020.10.20.03.16.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Oct 2020 03:16:22 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-F7C2B859-DFFE-4605-8361-DE32631936EB"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 20 Oct 2020 06:12:57 -0400
Message-Id: <C991BD99-9FE3-46E6-8257-93DE1EB4FA95@gmail.com>
References: <CAD9ie-u3V9Z2qvHJZGAkfhWGqNJT_kPhEcZYj3_bYDt_4SDcsg@mail.gmail.com>
Cc: Justin Richer <jricher@mit.edu>, "txauth@ietf.org" <txauth@ietf.org>
In-Reply-To: <CAD9ie-u3V9Z2qvHJZGAkfhWGqNJT_kPhEcZYj3_bYDt_4SDcsg@mail.gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
X-Mailer: iPhone Mail (17H35)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/VWAFPVtorAa-gbDGbnS03bZrMV0>
Subject: Re: [GNAP] Design team
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 10:16:29 -0000
Your interpretation of events is in contrast to mine. I’m not going to argue further with you as there’s no point unless you get your way. There were 2 detailed reviews from the design team that preferred Justin’s document as a starting point, none with yours. His was preferred for several reasons including ease of understanding and aligned better with IETF protocol specs for cross area review. Best regards, Kathleen Sent from my mobile device > On Oct 19, 2020, at 11:26 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > > > I don't see how your take is different in the process you chose to take, vs the process I had suggested in the WG meeting, and the chairs had set as the goals of the design team. Despite the WG not adopting your recommendation to start with XYZ, you chose to ignore the WG and chairs and start with the XYZ document. > > wrt. RESTful design patterns, that was a design pattern that XAuth introduced and that XYZ has adopted. The one comment about a suggestion I made that was not RESTful -- I was asking for the parameters in JWS signing to be moved from the JWS header to the JWS payload -- my suggestion was not making it any less RESTful than it already was. Inaccurate representations like this contributed to the tension in the meetings. > > One of your criticisms of XAuth was the use of "non standard IETF language" such as "sequence" -- a term that is now used numerous times in the draft. > > I hope you had a RESTful vacation! > > > > > > > >> On Fri, Oct 9, 2020 at 6:34 PM Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: >> >> My take is very different, Dick. I am starting a 2 week vacation and will not be spending it arguing with you on the list. >> >> Multiple reviews pointed to Justin’s document as a better starting point, not just mine. Your use case cases can be met and some of what you were asking for did not follow RESTful design patterns. They really don’t map to a future protocol well. You may need to write extension documents, but your goals can be met. >> >> Many calls were difficult as displayed in your message. Justin did a great job handling the weekly tension and ensuring options were included for WG discussion when agreement was not met. He’s completely amenable to following the WG and chairs decisions. His document was also easier to follow and aligned better with numerous IETF documents. Please do keep Justin on as an editor. As you can see from the draft, there are many areas where WG input on decision points are requested. >> >> Best regards, >> Kathleen >> >> Sent from my mobile device >> >>>> On Oct 9, 2020, at 8:26 PM, Dick Hardt <dick.hardt@gmail.com> wrote: >>>> >>> >>> Tl;dr: Given where we are in the WG, I am not opposed to the WG adopting -14, but I propose someone other than Justin be the document editor. >>> >>> I was on the design team to work on the goals set out by the chairs [1]: >>> >>> "We expect the design team to decide on a solution outline that combines the best of both proposals, and present this outline by Sep. 15" >>> >>> Surprisingly, Kathleen convened the design team with her recommendation to start with the XYZ document with Justin as editor, and add in the diagrams from XAuth. The rest of the design team had an opportunity to express their concerns and Justin edited the document. In other words, I had to convince Justin to change the document, rather than the design team comparing and contrasting the proposals and selecting the best parts. I expressed my concerns with our AD, and decided to continue participating in the design team. We did make some progress on a number of issues thanks to the hard work of Fabien, Justin, and Mike -- but many issues have been punted to the WG. >>> >>> Justin has poured tons of energy into this project, and to his credit he was a good editor at times, but there are areas where he was unwilling to deviate from his vision. >>> >>> I am concerned about a repeat of what happened in OAuth 2.0: Erin had the pen and had strong views that often were not aligned with the rest of the WG. A good example was Erin's distaste for bearer tokens. He factored that out of the core document, which we are now adding back in with OAuth 2.1. Anyone that participated in the WG saw the issues this had. >>> >>> I'm not suggesting that Justin is Erin, but I think a more neutral editor of the core document will allow us to make progress more quickly. >>> >>> /Dick >>> >>> [1] https://mailarchive.ietf.org/arch/msg/txauth/By7tDkJBxhmHbP7vKwubC9eW38I/ >>> ᐧ >>> >>>> On Fri, Oct 9, 2020 at 5:04 PM Justin Richer <jricher@mit.edu> wrote: >>>> Thanks, Kathleen, and thanks to Dick, Mike, and Fabian for all their hard work and discussion as well. This draft contains aspects of XYZ and Xauth, and introduces some new elements and pieces as well. As you'll see, there are many identified issues and decisions to be made, but even then I believe it hangs together fairly cohesively already thanks to the good engineering effort and discussion that's gone in so far. >>>> >>>> Nothing in the document is final, of course. To me, this document represents a good starting point for working group discussion and decisions, +1 for its adoption. >>>> >>>> - Justin >>>> ________________________________________ >>>> From: TXAuth [txauth-bounces@ietf.org] on behalf of Kathleen Moriarty [kathleen.moriarty.ietf@gmail.com] >>>> Sent: Friday, October 9, 2020 6:55 PM >>>> To: txauth@ietf.org >>>> Subject: [GNAP] Design team >>>> >>>> Greetings! >>>> >>>> The design team has now come to a close. While there were too many issues to resolve to all design team member satisfaction, great effort was put in to describe decision points for the WG to ease and hopefully speed the working group process. As such, I am requesting that the WG adopts this version (14 of XYZ) and works together to fully develop a single specification. >>>> >>>> https://datatracker.ietf.org/doc/draft-richer-transactional-authz/ >>>> >>>> A tremendous thank you to each of the design team members for your hard work and walking the fine line of when to put a stake in the ground (that the WG can always change once adopted) and listing our options for decision points to ease the WG process. >>>> >>>> Best regards, >>>> Kathleen >>>> >>>> Sent from my mobile device >>>> >>>> -- >>>> TXAuth mailing list >>>> TXAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/txauth
- [GNAP] Design team Kathleen Moriarty
- Re: [GNAP] Design team Justin Richer
- Re: [GNAP] Design team Dick Hardt
- Re: [GNAP] Design team Kathleen Moriarty
- Re: [GNAP] Design team Fabien Imbault
- Re: [GNAP] Design team Dmitri Zagidulin
- Re: [GNAP] Design team Dick Hardt
- Re: [GNAP] Design team Kathleen Moriarty
- Re: [GNAP] Design team Dick Hardt