IETF Logo Mail Archive

Re: [GNAP] [Txauth] Three Client-Server use cases with several ASs built along "Privacy by Design" (PbD)

Tom Jones <thomasclinganjones@gmail.com> Tue, 11 August 2020 22:27 UTC

Return-Path: <thomasclinganjones@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 791843A0DA6 for <txauth@ietfa.amsl.com>; Tue, 11 Aug 2020 15:27:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id auPs86WuVkah for <txauth@ietfa.amsl.com>; Tue, 11 Aug 2020 15:27:26 -0700 (PDT)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BFA13A0DBE for <txauth@ietf.org>; Tue, 11 Aug 2020 15:27:26 -0700 (PDT)
Received: by mail-ot1-x32a.google.com with SMTP id k12so436198otr.1 for <txauth@ietf.org>; Tue, 11 Aug 2020 15:27:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZvIndcmeRy/HfupP41qhxap70B+Lpv+Cz04sR8v+b48=; b=LqalrW99mZwwh/IFcI+JNeH7SP7AaM7O7BVBgTdThAw0T8TfSj5Gc/nMUiJ6j2Akl2 /Ya1xK5gGiOFnl/drwbldWhvR51qGrhfTAtsx1I8sxg9AaGFSUl6yGve8PpSsfh+rwI+ fliXNR7cSh3S0vznOBLaAz4XHNbV9QzO+RQRAhhDj+rvPLraBER4HcYSU+JE4NIjWkM9 moeEylj/mOFhRjsZwtP3KOQQyx9RtAYgFwtEV7xJUIDxZzJoMq+qFrYK2qWKgUjRt3r0 8Zz52lU0wVwy/lak7S2t2cqhqGg02EtygWTGJ74SaDjTEDNOLgHD3FkGTjNQimFW2Giz Ocaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZvIndcmeRy/HfupP41qhxap70B+Lpv+Cz04sR8v+b48=; b=py7BPGa5lF3cLZltKjMYRf9C0VJGxRwqYkzdSf1nBQtqZVlzavgGvyg+UXrNk38PRy tyYaK29rUi/7FrHlpGcp/xw4JKxW8eK2otMKZgcapCdgEjcm94hgH8a8+0mq1YsKOsRC jpOhouWbojQXjqiyycHMTw0uMg8X5XXyu+IYC5kHVq2/1zUpl9z1UQgmoLTlmFfEFUYd Kyr6DzG5aK2qZd58fe/Elkzr9BoZVQi+brrGSgv0JOs7eMO9PahzOh7et6IKzKC9RKBl y8KSAxHNctn7YTjlTO/BtCf76+OnCYlr0LU84RsyiuKkBvtPvvoLAGfr+1xBIQSEmE4+ fK6A==
X-Gm-Message-State: AOAM532c/0mojk+BZKgKpj/X6TMHAt6UqJbxmqcWKrkHhKYVFwrcOHWU hRnTYT92yim89XlBflBzR5gEFFo0dH3cXrt5io0=
X-Google-Smtp-Source: ABdhPJzAmLEZ+bhZc/IDOXUfdFWHCuJWNxAP3Pf2pfHvhqpRtjeSfWhTeBkAMKBf2obyJkpGt+aBp8EPHXd9kDXrLfU=
X-Received: by 2002:a9d:3e49:: with SMTP id h9mr6633710otg.87.1597184845186; Tue, 11 Aug 2020 15:27:25 -0700 (PDT)
MIME-Version: 1.0
References: <d2ee5da2-8e88-15c8-8646-087860463d2c@free.fr> <CAOW4vyOwQTMoo2Nmb8KNcVM5hdOW69FzZTK5XQ2fRL9CC8+SUA@mail.gmail.com> <CAM8feuT2K2xpF=VES11kihsqfGK4RCzdSCU=HCLijxLvnc=8LA@mail.gmail.com> <CAOW4vyM0jkw9qTzohzGaNwvvT6JGqcUbdqXnJFq9ahqnRPnuGQ@mail.gmail.com>
In-Reply-To: <CAOW4vyM0jkw9qTzohzGaNwvvT6JGqcUbdqXnJFq9ahqnRPnuGQ@mail.gmail.com>
From: Tom Jones <thomasclinganjones@gmail.com>
Date: Tue, 11 Aug 2020 15:27:13 -0700
Message-ID: <CAK2Cwb65cdpoX=B5e4cE6fk2-8fNA_KQhJ-tA2FVZ6mFA2N7-w@mail.gmail.com>
To: Francis Pouatcha <fpo=40adorsys.de@dmarc.ietf.org>
Cc: Fabien Imbault <fabien.imbault@gmail.com>, Denis <denis.ietf@free.fr>, GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005688b405aca19383"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/enTmebFkclua4v-5GZBz7SGWQLc>
Subject: Re: [GNAP] [Txauth] Three Client-Server use cases with several ASs built along "Privacy by Design" (PbD)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 22:27:35 -0000

"The token request must not mention any reference of the RS."
this cannot be an absolute rule. I have cases were the client needs to tell
the user which they are coming back for additional grants.
The reason is typically because a request by the client for data/access
from the rs was rejected. The reason for the rejection is important for the
client to make the case to the user for additional permissions.
Peace ..tom



On Tue, Aug 11, 2020 at 2:27 PM Francis Pouatcha <fpo=
40adorsys.de@dmarc.ietf.org> wrote:

> Hello Fabian,
>
> On Tue, Aug 11, 2020 at 2:17 AM Fabien Imbault <fabien.imbault@gmail.com>
> wrote:
>
>> Hi Francis,
>>
>> I think Denis points to the fact that, in the current situation, the AS
>> receives the resource request from the Client and therefore knows what
>> tokens are asked.
>>
> The token request must not mention any reference of the RS.
>
>
>> Then it also implements the consent interface (and possibly the login
>> too) and so it also knows who validates and what is accepted or not.
>>
> Decoupling this does not change the privacy context, as the AS issues the
> Token. AS needs to add a reference to the RC in the token. SO AS can
> correlate on StudentId anyway.
>
>
>> I don't think the abstract flow deals with those privacy concerns.
>>
> To solve the privacy problem addressed in this thread, we need to go the
> (SSI/DiD/VC) way. Then UNIV-0 (in his role of RS) will have to issue a VC
> (Verifiable Credential) to the Student (in his role of RC). The Student
> will then present this claim to UNIV-1 during his registration. In this
> case we need no Grant negotiation and no AS.
>
> Best regards.
> /Francis
>
>>
>
>>
>> Then I agree with you on the audience field of the token, if left empty
>> it simplifies part of the problem, although it removes a big part of the
>> control you may want from directed tokens. That's why I'm willing to better
>> develop the RS hiding idea.
>>
>> Fabien
>>
>> Le mar. 11 août 2020 à 05:58, Francis Pouatcha <fpo=
>> 40adorsys.de@dmarc.ietf.org> a écrit :
>>
>>> Hello Denis,
>>>
>>> what you describe in the use case seems to be the default behavior of
>>> the protocol. Let me map it with this abstract protocol flow:
>>>
>>> +-----------+      +--------------+  +-----------+  +----+
>>>  +---------------------+
>>> | Requestor |      | Orchestrator |  | RS        |  | GS |  | Resource
>>> Controller |
>>> | is UNIV-1 |      |  is UNIV-1   |  | is UNIV-0 |  | or |  |
>>>  is          |
>>> |   Staff   |      | Registr. App |  | Server    |  | AS |  |
>>>  Student       |
>>> +-----------+      +--------------+  +-----------+  +----+
>>>  +---------------------+
>>>   |(1) RegisterStudent    |                |           |                |
>>>   |---------------------->|                |           |                |
>>>   |                       |(2) RequestRecordIntent(RecordType,StudentId,
>>>   |                       |
>>>  OrchestratorId):AuthRequest[RecordType,StudentId]
>>>   |                       |<-------------->|           |                |
>>>   |                       |                |           |                |
>>>   |                       |(3)
>>> AuthZRequest(RecordType,StudentId,OrchestratorId)
>>>   |                       |--------------------------->|                |
>>>   |                       |                |           |(4)
>>> ConsentRequest(RecordType,
>>>   |                       |                |           |
>>>  OrchestratorId):Consent
>>>   |                       |                |           |<-------------->|
>>>   |                       |(5) AuthZ[RecordType,StudentId,OrchestratorId]
>>>   |                       |<---------------------------|                |
>>>   |                       |                |           |                |
>>>   |                       |(2)
>>> RequestRecord(RecordType,StudentId,OrchestratorId)
>>>   |                       |     :RecordOf[StudentId]   |                |
>>>   |                       |<-------------->|           |                |
>>>   |(7) Registered         |                |           |                |
>>>   |<----------------------|                |           |                |
>>>   +                       +                +           +                +
>>>
>>> we assume the authz request sent by "Client" to "AS" describes the
>>> protected resource without referring to the authz server. An AS can issue
>>> the authz to release the graduation record  of a student
>>> ((5) AuthZ[RecordType,StudentId,OrchestratorId]), without any reference to
>>> the target university.
>>>
>>> What matters for this authz object is:
>>> - StudentId: a reference to the student as known to the resource server.
>>> - RecordType: a reference to a resource of type graduation record as
>>> understandable  by the resource server.
>>> - OrchestratorId: reference to the Orchestrator. Can be used to bind
>>> authz to Orchestrator.
>>>
>>> But:
>>> - RS must trust AS issued token.
>>> - StudentId must be known to RS, AS and Orchestrator.
>>>
>>> Therefore, the AS does not need to know the RS. Keep the audience field
>>> empty.
>>>
>>> Same principle applies for the second use case.
>>>
>>> What privacy problem do you see here?
>>>
>>> Best regards.
>>> /Francis
>>>
>>> On Tue, Aug 4, 2020 at 5:08 AM Denis <denis.ietf@free.fr> wrote:
>>>
>>>> I tried my best twice to download three use cases in the Use cases
>>>> directory, but I failed.
>>>>
>>>> Rather than failing a third time, here is the direct link of the second
>>>> try:
>>>>
>>>>
>>>> https://github.com/ietf-wg-gnap/general/wiki/Three-Client-Server-use-cases-with-several-ASs-built-along-%22Privacy-by-Design%22-(PbD)
>>>>
>>>> Denis
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Txauth mailing list
>>>> Txauth@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/txauth
>>>>
>>>
>>>
>>> --
>>> Francis Pouatcha
>>> Co-Founder and Technical Lead
>>> adorsys GmbH & Co. KG
>>> https://adorsys-platform.de/solutions/
>>> --
>>> TXAuth mailing list
>>> TXAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/txauth
>>>
>>
>
> --
> Francis Pouatcha
> Co-Founder and Technical Lead
> adorsys GmbH & Co. KG
> https://adorsys-platform.de/solutions/
> --
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email