[Txauth] Fwd: New Version Notification for draft-hardt-xauth-protocol-13.txt

Dick Hardt <dick.hardt@gmail.com> Mon, 13 July 2020 20:17 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B86553A0845 for <txauth@ietfa.amsl.com>; Mon, 13 Jul 2020 13:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6T5473MvJVDI for <txauth@ietfa.amsl.com>; Mon, 13 Jul 2020 13:17:16 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA1283A082A for <txauth@ietf.org>; Mon, 13 Jul 2020 13:17:15 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id d21so9896836lfb.6 for <txauth@ietf.org>; Mon, 13 Jul 2020 13:17:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=P3mPDRJJxJSADqcfFkZ9XspZlD05gfrvR66CJf/Rw9U=; b=a8eKWRV0DgIYWbNWYKvnOLJLDpVC8GTiQ5jmbgl5NjUXvtccj7+cCdWdl74J144G9e KFrQBvKU3jWrdALJZ8814o/jj4cKivd4KR47vO5Wt5VUXE0wjLcXS/2zzN5R9y/nFGS/ WEXcIJqFfWzCpI9RvbuY3GcA+926hh12TyGEpfCoKhhUtwzRu3wKgKnWrRjJnounTw+x w2tXR94by66ma3zirpORjmKde3p/vno5G6y31WJ7cpPyLDPWoy2M3P8GjVsYaQL/vWUl /1Kz/K36cgBDCWKyGi+ttRXy0ILhXJ1f7txzYlj59XZXlA0SIVAnwjMgey6zvXSPoi4c iq/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=P3mPDRJJxJSADqcfFkZ9XspZlD05gfrvR66CJf/Rw9U=; b=FPar7e/9Cpq632HFM5awyhwXIoYqot+IkVEQ1pp4mWiUKK/J7k22x/rFjCcV9quvl1 54jycTd8wDHHXmiUQWcv2M9eRCwgoAPkH2uwkvCNY6R91CAhxS9bSpB6Z9XDJL8XlxeN 3op0DvcjFyct6265JdD9qvIQvC9OjgtBboJzpGRJ5msrpFeyYkoZk4EurDQueQsueyGB PJAVvHoOh0Dzep8lnwawdR71oRCqarq+klaY7pdJQAPRpUGwOavFiAkUuuiqw91EwkrR hlaroCADu0hi8vuMpvJ2oOzBPuZ41zqApXschoj8hi8ZR+amYyrl5jppPNyhQsb++/Op fkiQ==
X-Gm-Message-State: AOAM533seIc3TFvdkEE7jLd7+2NFgPrAdR2EG1CGRs3bo9KXY1cwkod4 qXLF6BIlTeCZmLoAMj0fyfLuOajpnTg4jPw75H/JOLf7
X-Google-Smtp-Source: ABdhPJyFy37qTGVIT1dNQYU9JvobaLYggw0Z+Pt4Kh0SbInalRrOMnZZ9DtDAbPvfArWPSW691c0CNrG4n3eri4/WpY=
X-Received: by 2002:a19:ac03:: with SMTP id g3mr416067lfc.164.1594671433315; Mon, 13 Jul 2020 13:17:13 -0700 (PDT)
MIME-Version: 1.0
References: <159467045136.14799.4677302347817656998@ietfa.amsl.com>
In-Reply-To: <159467045136.14799.4677302347817656998@ietfa.amsl.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Mon, 13 Jul 2020 13:16:36 -0700
Message-ID: <CAD9ie-sCA=ctCXn+rOsKXn+Bz+vtA3hcDM6Wr4S=HzGwHpgPaA@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="00000000000050fa6805aa586074"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/dxXie7ohUAxWiT8F1tX659j1qrU>
Subject: [Txauth] Fwd: New Version Notification for draft-hardt-xauth-protocol-13.txt
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 20:17:18 -0000

Clarified when a User is also an RO, per Francis suggestion.

The major normative change is making all authorization requests a RAR
request, presuming that there is a RAR type for OAuth scopes,( or there is
a decision that the default type is a JSON string of type OAuth scope)

This version still restricts an authorization request to one type

{
    "authorizations": {
        "writer": {
            "type": "oauth_scope",
            "scope": ["create","update","delete"]
        },
        "reader": {
                "type": "oauth_scope",
                "scope": ["read","list"]
        }
    }
}


Versus the slightly more verbose syntax in XYZ using an array, or object of
arrays per below. I'm leaning towards the slightly more verbose version,
which also aligns with RAR, and will make that change once I have updated
my implementation.

Multiple tokens

{
    "authorizations": {
        "writer": [
            {
                "type": "oauth_scope",
                "scope": ["create","update","delete"]
            }
        ],
        "reader": [
            {
                "type": "oauth_scope",
                "scope": ["read","list"]
            }
        ]
    }
}


Single token

{
    "authorizations": [
        {
            "type": "oauth_scope",
            "scope": ["create","update","delete"]
        },
        {
            "type": "oauth_scope",
            "scope": ["read","list"]
        }
    ]
}



---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Mon, Jul 13, 2020 at 1:01 PM
Subject: New Version Notification for draft-hardt-xauth-protocol-13.txt
To: Dick Hardt <dick.hardt@gmail.com>



A new version of I-D, draft-hardt-xauth-protocol-13.txt
has been successfully submitted by Dick Hardt and posted to the
IETF repository.

Name:           draft-hardt-xauth-protocol
Revision:       13
Title:          The Grant Negotiation and Authorization Protocol
Document date:  2020-07-13
Group:          Individual Submission
Pages:          39
URL:
https://www.ietf.org/internet-drafts/draft-hardt-xauth-protocol-13.txt
Status:         https://datatracker.ietf.org/doc/draft-hardt-xauth-protocol/
Htmlized:       https://tools.ietf.org/html/draft-hardt-xauth-protocol-13
Htmlized:
https://datatracker.ietf.org/doc/html/draft-hardt-xauth-protocol
Diff:
https://www.ietf.org/rfcdiff?url2=draft-hardt-xauth-protocol-13

Abstract:
   Client software often desires resources or identity claims that are
   independent of the client.  This protocol allows a user and/or
   resource owner to delegate resource authorization and/or release of
   identity claims to a server.  Client software can then request access
   to resources and/or identity claims by calling the server.  The
   server acquires consent and authorization from the user and/or
   resource owner if required, and then returns to the client software
   the authorization and identity claims that were approved.  This
   protocol may be extended to support alternative authorizations,
   claims, interactions, and client authentication mechanisms.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


ᐧ