IETF Logo Mail Archive

Re: [Txauth] Call for charter consensus - TxAuth WG

Amanjeev Sethi <aj@amanjeev.com> Sat, 07 March 2020 15:06 UTC

Return-Path: <aj@amanjeev.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F6A3A149E for <txauth@ietfa.amsl.com>; Sat, 7 Mar 2020 07:06:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=amanjeev.com header.b=KM64DFlF; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=2ngBgfVc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtSARiubgqro for <txauth@ietfa.amsl.com>; Sat, 7 Mar 2020 07:06:52 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 908773A14A2 for <txauth@ietf.org>; Sat, 7 Mar 2020 07:06:52 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id B100F21FE9 for <txauth@ietf.org>; Sat, 7 Mar 2020 10:06:51 -0500 (EST)
Received: from imap8 ([10.202.2.58]) by compute2.internal (MEProxy); Sat, 07 Mar 2020 10:06:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amanjeev.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm1; bh=JUW1t kDj70928+UeKvtx4Ix7lxX4ZaJ4qUh7RIP5GBQ=; b=KM64DFlFESl6mT5U5Bx3G yV8tnsv3xVLOfrAmaiCp3EFu1fnSnOJz29VV1VxItvzu0IudmJ4q2E7ir9uJy7/v 04PPohw2J7odg8NbXWrAiGeoP8M+j6VIxTw7spwlqcxvvQZamIE2Y32K4GHw2LeT 5O9aL5AUOZ6dEg55Mb6D7Ps42sDfEmYdTNbJ9D2hUpIhvpPZl7as9kT8NPBeZ34B M5g1hEQW21Q4GRJZRKvFm89NBLTBgndeYtRrgOOWsgoHbLQbOKCy6ZKJQV4D2jXP Tlg/khNjRhCVXIDUR1SMoMYE6aQqux6rPykrvuP4essqBsaAFjufsHV63p7CUTI0 A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=JUW1tkDj70928+UeKvtx4Ix7lxX4ZaJ4qUh7RIP5G BQ=; b=2ngBgfVcUdpTHU5qc0BvBioi1Tz8gzfd/UqA++f395VlHC75NBnMxtx6f EBTl3bJdQfc+k+/7pJ69XYRcFywoe4KPI0Ip05gJvk4JxBT17Pq04qdCoXDRlEki lpLgGRXUuxmaglFK7dYdMzFEUx9V9SK80rystapc2HoMdujQlz5QFzn5XmrZGuMa i+f8MSPCtKyLTn4VCYYEWMFKeWh0JrdIiyhbir2LXJCXBX4xmOSz7mp/I+CKuFJa /j7Fh/uG1Lcm6IL5x2fEAfuGyjTymB5k5UWn6z/38UB1ZX7iCXT21nIODIPOq6Sb iba3QbCqeylBvQXv5dWTuO1IFU55g==
X-ME-Sender: <xms:i7hjXnEjCY3fYPp-JuhL5_cSxy6RNOff3YWT5-75Sc3OSMDjJMAaZg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddugedgjeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepfdetmhgrnhhjvggvvhcuufgvthhhihdfuceorghjsegr mhgrnhhjvggvvhdrtghomheqnecuffhomhgrihhnpehivghtfhdrohhrghenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrjhesrghmrghnjhgv vghvrdgtohhm
X-ME-Proxy: <xmx:i7hjXgSzFGbRoLBGtJT0ckJ3NWJiufY6K1SaoyLkO6WRNigvtvUtiQ> <xmx:i7hjXsPt5iwgWH5FPeH6LFnToxrL7rHd_eBuHuBElJGtL10JR-qSig> <xmx:i7hjXgcehBEyCCFs8jKBi84StZxBa3dd4tictA8-jMZsT4bBHSsqeg> <xmx:i7hjXkVSw3vZ1tY67bI3ltK4hSJQ3hRAGpHFVR0tDotISE4O4YI2LA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 01F92520093; Sat, 7 Mar 2020 10:06:51 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-991-g5a577d3-fmstable-20200305v3
Mime-Version: 1.0
Message-Id: <7cd5726f-cda5-4a2c-adc7-d854e0e81a34@www.fastmail.com>
In-Reply-To: <A01F5301-54DF-41D4-8ABE-8B070180F6FE@gmail.com>
References: <A01F5301-54DF-41D4-8ABE-8B070180F6FE@gmail.com>
Date: Sat, 07 Mar 2020 10:06:29 -0500
From: Amanjeev Sethi <aj@amanjeev.com>
To: txauth@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/_thPwUf1wZr5wvAKVnBgAxTFu6M>
Subject: Re: [Txauth] Call for charter consensus - TxAuth WG
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2020 15:06:55 -0000
X-List-Received-Date: Sat, 07 Mar 2020 15:06:55 -0000

Hello Everyone,

I am relatively new here and in fact only been reading OIDC spec for past 6-8 months. I am still trying to grasp the TxAuth by watching Justin's talks and posts. I am here to mostly see and hopefully participate in some corners of this spec. 


> 1.  Do you support the charter text provided at the end of this email?  
> Or do you have major objections, blocking concerns or feedback (if so 
> please elaborate)?

Yes.

> 2.  Are you willing to author or participate in the development of the 
> drafts of this WG?

Yes

> 3.  Are you willing to help review the drafts of this WG?

Yes

> 4.  Are you interested in implementing drafts of this WG?

Yes


On Fri, Mar 6, 2020, at 11:44 AM, Yaron Sheffer wrote:
> Hi Everyone,
>  
> It appears that momentum is forming around the proposed formation of a 
> TxAuth working group.  We’d like to more formally gauge interest in 
> proceeding with this work.  Please do so by responding to the following 
> questions:
>  
> 1.  Do you support the charter text provided at the end of this email?  
> Or do you have major objections, blocking concerns or feedback (if so 
> please elaborate)?
>  
> 2.  Are you willing to author or participate in the development of the 
> drafts of this WG?
>  
> 3.  Are you willing to help review the drafts of this WG?
>  
> 4.  Are you interested in implementing drafts of this WG?
>  
> The call will run for two weeks, until March 21. If you think that the 
> charter should be amended In a significant way, please reply on a 
> separate thread.
>  
> The feedback provided here will help the IESG come to a decision on the 
> formation of a new WG. Given the constraints of the chartering process, 
> regardless of the outcome of this consensus call, we will be meeting in 
> Vancouver as a BoF.
>  
> Thanks,
> Yaron and Dick
>  
> --- Charter Text Follows ---
> 
> This group is chartered to develop a fine-grained delegation protocol 
> for authorization, identity, and API access. This protocol will allow 
> an authorizing party to delegate access to client software through an 
> authorization server. It will expand upon the uses cases currently 
> supported by OAuth 2.0 and OpenID Connect (itself an extension of OAuth 
> 2.0) to support authorizations scoped as narrowly as a single 
> transaction, provide a clear framework for interaction among all 
> parties involved in the protocol flow, and remove unnecessary 
> dependence on a browser or user-agent for coordinating interactions. 
> 
> The delegation process will be acted upon by multiple parties in the 
> protocol, each performing a specific role. The protocol will decouple 
> the interaction channels, such as the end user’s browser, from the 
> delegation channel, which happens directly between the client and the 
> authorization server (in contrast with OAuth 2.0 which is initiated by 
> the client redirecting the user’s browser). The client and AS will 
> involve a user to make an authorization decision as necessary through 
> interaction mechanisms indicated by the protocol. This decoupling 
> avoids many of the security concerns and technical challenges of OAuth 
> 2.0 and provides a non-invasive path for supporting future types of 
> clients and interaction channels.
> 
> Additionally, the delegation process will allow for:
> 
> - Fine-grained specification of access
> - Approval of AS attestation to identity claims
> - Approval of access to multiple resources and APIs in a single 
> interaction
> - Separation between the party authorizing access and the party 
> operating the client requesting access
> - A variety of client applications, including Web, mobile, single-page, 
> and interaction-constrained applications
> 
> The group will define extension points for this protocol to allow for 
> flexibility in areas including:
> 
> - Cryptographic agility for keys, message signatures, and proof of 
> possession 
> - User interaction mechanisms including web and non-web methods
> - Mechanisms for conveying user, software, organization, and other 
> pieces of information used in authorization decisions
> - Mechanisms for presenting tokens to resource servers and binding 
> resource requests to tokens and associated cryptographic keys
> - Optimized inclusion of additional information through the delegation 
> process (including identity)
> 
> Additionally, the group will provide mechanisms for management of the 
> protocol lifecycle including:
> 
> - Discovery of the authorization server
> - Revocation of active tokens
> - Query of token rights by resource servers
> 
> Although the artifacts for this work are not intended or expected to be 
> backwards-compatible with OAuth 2.0 or OpenID Connect, the group will 
> attempt to simplify migrating from OAuth 2.0 and OpenID Connect to the 
> new protocol where possible.
> 
> This group is not chartered to develop extensions to OAuth 2.0, and as 
> such will focus on new technological solutions not necessarily 
> compatible with OAuth 2.0. Functionality that builds directly on OAuth 
> 2.0 will be developed in the OAuth Working Group, including 
> functionality back-ported from the protocol developed here to OAuth 2.0.
> 
> The group is chartered to develop mechanisms for applying cryptographic 
> methods, such as JOSE and COSE, to the delegation process. This group 
> is not chartered to develop new cryptographic methods. 
> 
> The initial work will focus on using HTTP for communication between the 
> client and the authorization server, taking advantage of optimization 
> features of HTTP2 and HTTP3 where possible, and will strive to enable 
> simple mapping to other protocols such as COAP when doing so does not 
> conflict with the primary focus.
> 
> Milestones to include:
>  - Core delegation protocol
>  - Key presentation mechanism bindings to the core protocol for TLS, 
> detached HTTP signature, and embedded HTTP signatures
>  - Identity and authentication conveyance mechanisms
>  - Guidelines for use of protocol extension points
> 
> 
> -- 
> Txauth mailing list
> Txauth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email