Re: [Txauth] Turning polymorphism up to 11 (P11)
Dick Hardt <dick.hardt@gmail.com> Mon, 13 July 2020 00:55 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFE0F3A0062 for <txauth@ietfa.amsl.com>; Sun, 12 Jul 2020 17:55:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gr2VKj7xzl3V for <txauth@ietfa.amsl.com>; Sun, 12 Jul 2020 17:55:58 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C87903A0044 for <txauth@ietf.org>; Sun, 12 Jul 2020 17:55:57 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id t74so7216169lff.2 for <txauth@ietf.org>; Sun, 12 Jul 2020 17:55:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=rnEa/7tYthKI/y5f4/oWMWE+M+ydvc40htHC8TetAck=; b=qFLS5dEoYF0ltHkreYmHqZevGD7KPxVC4U4RWylg+RkP5zhTkV22aCcWdEr7A6O+iZ xCgIOx9IFJWxS3zWM/96SObaV7glirTAoGCjl2W+ET7DuJyNIc3e/RkfD65jYZvsDSXi y2hcK+Fbc9Tm6aVSi7MhMmlHNx5w+7xuooLS5flacT9StuJ7R9UYe09vS6q1tH4VByfj kAQX/dNVFuVApgYlbXcRspmfPIl+duPqF6NPXJzI2FK9oa/271vmQ5x8rcUwsga5cuiW yqHIIwQIIOviufbEuW68CMEDGy3RSuszqL15Ho+Ix/OAf6rVDCO3gWM7atFIbYZIHVEx PatQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=rnEa/7tYthKI/y5f4/oWMWE+M+ydvc40htHC8TetAck=; b=nMBW9x7b9oCVtY8NMe8MepH4U836acxUtcAN8YUxWEchPosoOgMgNfDSstuQfkz2Sy Qi1dhSyDkUA1oKZeTFBGao9c96/MHqCy797T8gXDxHKEK5ikc/2LxeL83XnUevCDHBP8 BmiKCuATozqfqZIOWmiAy5dABrnVK/y+NO+dWy0TWhHLv2miYltpdW21WSMs/GisEu67 yTvO9LP+FRg+ltp6SeyW0COyaf5jh404NCU6VUfKNJDyhcytP1rA3cjjSHjv3M1J9OFT A0Z43jt2/6bNRTwNIbLPdA8RyFyZVb3snIrRNV+TC/kFU6oQ1CcG7Q+Fa6Ot5TItTnm9 q63w==
X-Gm-Message-State: AOAM53325LQeHyA3xiiuRd1Dbq72CHrL4m9QFMbTUAg5yZCLJH/aiMyM gCDaMOyxGyViyt1ZMgqgFpfFlul+MaJUH+7kpIKIsfsa9LE=
X-Google-Smtp-Source: ABdhPJygS+YM7AlmrH3dkbErceHiQcaQvQKmKZkJNzs0h1+i8TPPfmTO1fIqSZBxT0gqJ3+m+Dw6lcYMv8/rkEoOrLc=
X-Received: by 2002:a19:c8a:: with SMTP id 132mr50932528lfm.23.1594601755522; Sun, 12 Jul 2020 17:55:55 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-tLwzoqv08dVC+iZme9wRTF6HZh2MVuorLRCr986A=LFw@mail.gmail.com>
In-Reply-To: <CAD9ie-tLwzoqv08dVC+iZme9wRTF6HZh2MVuorLRCr986A=LFw@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Sun, 12 Jul 2020 17:55:19 -0700
Message-ID: <CAD9ie-tuenNGRzggE4=1friK-7mXKPvwDM9BzPo4prYS77voew@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000323c4b05aa4827ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/W_BB5h-RgDz_N3v_2AhBb6rRZVY>
Subject: Re: [Txauth] Turning polymorphism up to 11 (P11)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 00:56:00 -0000
For those not familiar with "turning up to 11" https://en.wikipedia.org/wiki/Up_to_eleven A counter argument to all of this polymorphism is that the AS is sending back the granted authorization. While pushing type detection to the AS to provide a simpler interface for the Client, it seems counterproductive if the Client has to do the same. A consistent response from the AS will be simpler for the Client, but would then also be different then what the Client originally requested from the GS. On Fri, Jul 10, 2020 at 6:01 PM Dick Hardt <dick.hardt@gmail.com> wrote: > Taking Justin's model of strings being shortened versions of OAuth scopes, > adding in the "type" property from RAR, and defining a default type, we > *could* add a bunch of polymorphism. (I have not implemented the code > below, but it looks doable assuming I have not overloaded a type in the > same context) > > /Dick > > > Let's start with a request for 2 authorizations using OAuth scopes, one > for writing and the other for reading: > > (1) > { > "authorizations": { > "writer": [ > { > "type": "oauth_scope", > "scope": ["create","update","delete"] > } > ], > "reader": [ > { > "type": "oauth_scope", > "scope": ["read","list"] > } > ] > } > } > > We can ask for just one token with all the same capabilities: > (2) > { > "authorizations": [ > { > "type": "oauth_scope", > "scope": ["create","update","delete"] > }, > { > "type": "oauth_scope", > "scope": ["read","list"] > } > ] > } > > Of course (2) can be simplified as: > (3) > { > "authorizations": [ > { > "type": "oauth_scope", > "scope": ["create","update","delete","read","list"] > } > ] > } > > Now let's say that in "oauth_scope", the array of scopes can also be a > space separated string. So the following is equivalent: > (4) > { > "authorizations": [ > { > "type": "oauth_scope", > "scope": "create update delete read list" > } > ] > } > > Now let's say that the "oauth_scope" type is the default, so we can > express it as: > (5) > { > "authorizations": ["create","update","delete","read","list"] > } > > Or use a space separated string instead of an array: > (6) > { > "authorizations": "create update delete read list" > } > > In summary, (2) - (6) will give the exact same result. > > Let's add another authorization type to the request, > "customer_information": > (7) > { > "authorizations": [ > "create update delete read list", > { > "type": "customer_information", > "locations": [ > "https://example.com/customers", > ], > "actions": [ > "read" > ], > "datatypes": [ > "contacts", > "photos" > ] > } > ] > } > > And the space separated strings can be turned into individual strings and > we have the equivalent request: > (8) > { > "authorizations": [ > "create", > "update", > "delete", > "read", > "list", > { > "type": "customer_information", > "locations": [ > "https://example.com/customers", > ], > "actions": [ > "read" > ], > "datatypes": [ > "contacts", > "photos" > ] > } > ] > } > > Let's go back to our first example, and ask for 3 separate tokens: > (9) > { > "authorizations": { > "writer": "create update delete", > "reader": "read list", > "customer": [ > { > "type": "customer_information", > "locations": [ > "https://example.com/customers", > ], > "actions": [ > "read" > ], > "datatypes": [ > "contacts", > "photos" > ] > } > ] > } > } > > In a multi token request, if there is only one item in the array, we can > shorten (9) to the following: > (10) > { > "authorizations": { > "writer": "create update delete", > "reader": "read list", > "customer": { > "type": "customer_information", > "locations": [ > "https://example.com/customers", > ], > "actions": [ > "read" > ], > "datatypes": [ > "contacts", > "photos" > ] > } > } > } >
- [Txauth] Turning polymorphism up to 11 (P11) Dick Hardt
- Re: [Txauth] Turning polymorphism up to 11 (P11) Dick Hardt
- Re: [Txauth] Turning polymorphism up to 11 (P11) Yaron Sheffer
- Re: [Txauth] Turning polymorphism up to 11 (P11) Justin Richer