IETF Logo Mail Archive

Re: [Txauth] alternative charter writeup

Adrian Hope-Bailie <adrian@hopebailie.com> Sat, 11 January 2020 07:11 UTC

Return-Path: <adrian@hopebailie.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71ED7120124 for <txauth@ietfa.amsl.com>; Fri, 10 Jan 2020 23:11:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopebailie.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lwnURMmWWgPh for <txauth@ietfa.amsl.com>; Fri, 10 Jan 2020 23:11:22 -0800 (PST)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85EAE12004F for <txauth@ietf.org>; Fri, 10 Jan 2020 23:11:22 -0800 (PST)
Received: by mail-ot1-x32c.google.com with SMTP id 19so4272293otz.3 for <txauth@ietf.org>; Fri, 10 Jan 2020 23:11:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopebailie.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2MGFImrdPk0dmKaAx3eM6313Vr7zEqickd7p9vRR5Ig=; b=Gbvp837lqHcc/+/9VxGF7g0VVDWmE3xCEJm7rEqPQOhTzabg/Al9drO3KYSBucVvvo rtRsLailAVdQXwN8WekOawSzbyFUYejIKvjnzigxh1vKuWiEr1p/hmHt9bJBdo5u8Rs5 ssuSNtXPjBkhU2dYiCr4BDmU5VyyKTmhoRweA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2MGFImrdPk0dmKaAx3eM6313Vr7zEqickd7p9vRR5Ig=; b=rYj5iZ2q5pL29ksLLUZcTfSBfr6cAxPuWhvvLhHmg3LXVHtzVL5hh5Nut5eb6HKFa5 OVXS55HJyIQVvAbe/sUBbWjG2cJwpBM/N4A2UQ0afKnIsZIpiWFFHIPvS1MJrlyQaMHG RewmjcSkvHnXKtBz/qJRaHshTe9oHowMzssqS19xnjzj6EMJEC4ywcujGtD+F0xwHu7/ rbytjI48WJlf5M7LLySmslyZShFgkWI05d/qIk++eQSnK9dxsGRBk1qDGAeO88QtBaK4 DwTLUKjypYf/LXYe3VSdm2s6mSgz0C4iU9EmWEIzce9hV4ggJ7WwAnDYC7cnBdJtuJaF 3SUw==
X-Gm-Message-State: APjAAAXu40i5+WdlXerDz4udm00/tQSe5g5aQDOD8wbsnp4oGzWMgxpm SsGsruIRV6sdxsFGKQIfQKaSPU0YHRO1ioLK0bTX5w==
X-Google-Smtp-Source: APXvYqwRjeX/REwlQMMFE3MSC2r6AhpzRfLY0go2UyXoGHWlP8znWG9EQHJcpCDTCdoMOmT/5jZD+EaYtCpTM+6S7rY=
X-Received: by 2002:a9d:7cd9:: with SMTP id r25mr5495341otn.326.1578726681564; Fri, 10 Jan 2020 23:11:21 -0800 (PST)
MIME-Version: 1.0
References: <CAD9ie-sGfRGPFa4jBUeoVcG+CO=PvG-Ys-HrUMs7kVdt1zT3vA@mail.gmail.com> <FE8064D0-02CF-4BF1-AF25-0E52D9362D27@mit.edu> <CAD9ie-tAquhg=o1_cmKg_rO3mn9FeqCTDtY07XMqMOdhRWrD5Q@mail.gmail.com>
In-Reply-To: <CAD9ie-tAquhg=o1_cmKg_rO3mn9FeqCTDtY07XMqMOdhRWrD5Q@mail.gmail.com>
From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Sat, 11 Jan 2020 09:11:10 +0200
Message-ID: <CA+eFz_JTNJG=Lav8dxzq4c8565QDG=uqAPsnL1rfqTVN-WoLQQ@mail.gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
Cc: Justin Richer <jricher@mit.edu>, txauth@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000d6be9059bd7f3d4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/Ya_6NbyMCbgQFV6UFwjZ6JimBrU>
Subject: Re: [Txauth] alternative charter writeup
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2020 07:11:26 -0000

+1

On Sat, Jan 11, 2020 at 04:56 Dick Hardt <dick.hardt@gmail.com> wrote:

> This looks even better! Thanks Justin.
>
> What do others think of the proposed charter now?
> ᐧ
>
> On Fri, Jan 10, 2020 at 12:43 PM Justin Richer <jricher@mit.edu> wrote:
>
>> Thanks, Dick. I’ve been working on an updated charter based on everyone’s
>> feedback, and I was aiming to have out today anyway, so this timing is
>> helpful. So here’s my take on a new charter, incorporating some of your
>> points below:
>>
>> This group is chartered to develop a delegation protocol for identity,
>> authorization, and API access. This protocol will allow an authorizing
>> party to delegate access to client software through an authorization
>> server. The use cases supported by this protocol will include widely
>> deployed use cases currently supported by OAuth 2.0 and OpenID Connect.
>>
>> The delegation process will be acted upon by multiple parties in the
>> protocol, each performing a specific role. The protocol will be initiated
>> by the client interacting directly with the authorization server (in
>> contrast with OAuth 2 which is initiated by the client redirecting the
>> user’s browser). The client will involve the authorizing party as necessary
>> through interaction mechanisms indicated by the protocol.
>>
>> Additionally, the delegation process will allow for:
>>
>> - Fine-grained specification of resource access
>> - Approval of identity claims and multiple resources in a single
>> interaction
>> - Delegation between multiple users
>> - Web, mobile, single-page, and other types of client applications
>>
>> The group will define extension points for this protocol to allow for
>> flexibility in areas including:
>>
>> - Cryptographic agility for keys, message signatures, and proof of
>> possession
>> - User interaction mechanisms including web and non-web methods
>> - Mechanisms for providing user, software, organization, and other pieces
>> of information used in authorization decisions
>> - Token presentation mechanisms and key bindings
>>
>> Additionally, the group will provide mechanisms for management of the
>> protocol lifecycle including:
>>
>> - Discovery of the authorization server
>> - Revocation of active tokens
>> - Query of token rights by resource servers
>>
>> Although the artifacts for this work are not intended or expected to be
>> backwards-compatible with OAuth 2.0 or OpenID Connect, the group
>> will attempt to simplify porting from OAuth 2.0 and OpenID Connect to the
>> new protocol where possible.
>>
>> While the initial work will focus on using HTTP for communication between
>> the client and the authorization server, the working group will seek to
>> take advantage of optimization features of HTTP2 and HTTP3, and will strive
>> to enable simple mapping to other protocols such as COAP.
>>
>> On Jan 10, 2020, at 12:04 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
>>
>> Hey
>>
>> I've written an alternative charter that I hope captures some of the
>> feedback on Justin's charter.
>>
>> I found it easier to rewrite the charter to broaden the marketplace of
>> ideas.
>>
>> Key ideas:
>>
>> - This work supports existing OAuth 2.0, and OpenID Connect use cases.
>>
>> - The client interacts directly with the authorization server.
>>
>> /Dick
>>
>> ----
>>
>> This group is chartered to develop a delegated identity and authorization
>> protocol.. The use cases supported by this protocol will include widely
>> deployed use cases currently supported by OAuth 2.0, and OpenID Connect. In
>> contrast to OAuth 2.0 and OpenID Connect, where the protocol is initiated
>> by redirecting the user's browser to an authorization server, this protocol
>> will be initiated by the client directly interacting with the authorization
>> server..
>>
>>
>> Additionally, the protocol will allow:
>> - fine-grained specification of resource access
>> - the user to approve requests for identity claims and access to multiple
>> resources in one interaction
>> - web, mobile, single-page, and other client applications
>> - taking advantage of optimization features in HTTP2 and HTTP3
>>
>> The group will define extension points for this protocol to allow for
>> flexibility in areas including:
>>
>> - discovery of the authorization server
>> - cryptographic agility for keys, message signatures, and proof of
>> possession
>> - user interaction mechanisms including web and non-web methods- token
>> presentation mechanisms and key bindings
>>
>> Although the artifacts for this work are not intended or expected to be
>> backwards-compatible with OAuth 2.0 or OpenID Connect, they will attempt to
>> simplify porting from OAuth 2.0 and OpenID Connect, and strive to reuse
>> existing semantics such as client identifiers, OAuth 2.0 scopes and access
>> tokens, and OpenID Connect ID Tokens and claims.
>>
>> While the initial work will focus on using HTTP for communication between
>> the client and the authorization server, the working group will strive to
>> enable simple mapping to other protocols such as COAP.
>>
>>
>> ᐧ
>> --
>> Txauth mailing list
>> Txauth@ietf.org
>> https://www.ietf.org/mailman/listinfo/txauth
>>
>>
>> --
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
-- 
Sent from a mobile device, please excuse any typos

v2.23.0 | Report a Bug | By Email