[Txauth] Turning polymorphism up to 11 (P11)

Dick Hardt <dick.hardt@gmail.com> Sat, 11 July 2020 01:01 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5656D3A09BD for <txauth@ietfa.amsl.com>; Fri, 10 Jul 2020 18:01:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mUq6l4mJyfNn for <txauth@ietfa.amsl.com>; Fri, 10 Jul 2020 18:01:56 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A33D3A09B8 for <txauth@ietf.org>; Fri, 10 Jul 2020 18:01:56 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id q7so8417700ljm.1 for <txauth@ietf.org>; Fri, 10 Jul 2020 18:01:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=WvSceiRDau3zUkowMcYP7iYxjUn9H8uOosSf8em46cI=; b=KVmZnnLlUNgyUu3t4zB2UFyzavA+uxgCRONxrUc0zUvvHmjyg8PXmfNS2wEd4hmALj /RQ8cLrakidsreFzuHKNALY8IFb1ESIVlcJ713msBMJIxoKNEXBgZNHiUNRPiJn+ACqm mDMKaNK/A3pELCVe4zj9Sjqj4C1tn19hcacfTbkxWKaZjjWUUQT3MmWKgzZs/RGsW9Oa LsPeR7GQvxmlw6UpamL/XtRmidJHZ/hkyT2kBUf37dGFGTgf8tG/nSdmEdYF6uGbNsd5 FOzt9ucVwm8gPPjhD38ZaGrGMvVsgCGH/71/w27LhwUiWLC+gFM/Ax51wrncCWsTyKcj 67fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WvSceiRDau3zUkowMcYP7iYxjUn9H8uOosSf8em46cI=; b=OjChfbD6xZWETDbalPrQhmNnpa8JHMGzkguf2l3FmA/A+zxj8H03dSnBQs5MVVGgcr 0/dib4ThFpK9XD9YNIRrFH3LdT4vA6hKtDKInT6ro0tVAqjqJj0CyImA1wlsik5R3mGC MS1B0sdYNhNTxmNyoWffpMc9IFCYYeZ0zyXPVHtwUGd68JPaJmFJRtBCuabkpj2uo8a6 UKSgIGqd0ELZMfh8nnbD4+o2yig94r0sZyROYY3xQ6vrTem2A4ifPtOquYYg0ZQ+lPEt STX/FKMSQI/rxksEGd9mrEDF1jFLQgcyl5NYka/oKum56alvoiwap8d6yjeFpZWr1XtV FEQA==
X-Gm-Message-State: AOAM531Op5m5+dVbf3D9QaMVQ8tpXAz4iIfiBTaAhkBUOWOD0s5p+o83 QI0L9Z88S0dCi93STIWpIlpbuUjrnujhrBmd90NBvMDpoxw=
X-Google-Smtp-Source: ABdhPJxOw+UZkDTFPa/MIKEvKa86F3U+2shdEXhckkJH9PvBfYygRdJ1s4dEmrE6JEzTlKFH0DkN5Pg3q7dtlckNZk8=
X-Received: by 2002:a2e:b607:: with SMTP id r7mr36865255ljn.5.1594429313802; Fri, 10 Jul 2020 18:01:53 -0700 (PDT)
MIME-Version: 1.0
From: Dick Hardt <dick.hardt@gmail.com>
Date: Fri, 10 Jul 2020 18:01:17 -0700
Message-ID: <CAD9ie-tLwzoqv08dVC+iZme9wRTF6HZh2MVuorLRCr986A=LFw@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000de6aa705aa2000a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/hLeEMv9KblNxckqibJ1sIISE0cc>
Subject: [Txauth] Turning polymorphism up to 11 (P11)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2020 01:01:58 -0000

Taking Justin's model of strings being shortened versions of OAuth scopes,
adding in the "type" property from RAR, and defining a default type, we
*could* add a bunch of polymorphism. (I have not implemented the code
below, but it looks doable assuming I have not overloaded a type in the
same context)

/Dick


Let's start with a request for 2 authorizations using OAuth scopes, one for
writing and the other for reading:

(1)
{
    "authorizations": {
        "writer": [
            {
                "type": "oauth_scope",
                "scope": ["create","update","delete"]
            }
        ],
        "reader": [
            {
                "type": "oauth_scope",
                "scope": ["read","list"]
            }
        ]
    }
}

We can ask for just one token with all the same capabilities:
(2)
{
    "authorizations": [
        {
            "type": "oauth_scope",
            "scope": ["create","update","delete"]
        },
        {
            "type": "oauth_scope",
            "scope": ["read","list"]
        }
    ]
}

Of course (2) can be simplified as:
(3)
{
    "authorizations": [
        {
            "type": "oauth_scope",
            "scope": ["create","update","delete","read","list"]
        }
    ]
}

Now let's say that in "oauth_scope", the array of scopes can also be a
space separated string. So the following is equivalent:
(4)
{
    "authorizations": [
        {
            "type": "oauth_scope",
            "scope": "create update delete read list"
        }
    ]
}

Now let's say that the "oauth_scope" type is the default, so we can express
it as:
(5)
{
    "authorizations": ["create","update","delete","read","list"]
}

Or use a space separated string instead of an array:
(6)
{
    "authorizations": "create update delete read list"
}

In summary, (2) - (6) will give the exact same result.

Let's add another authorization type to the request, "customer_information":
(7)
{
    "authorizations": [
        "create update delete read list",
        {
            "type": "customer_information",
            "locations": [
                "https://example.com/customers",
            ],
            "actions": [
                "read"
            ],
            "datatypes": [
                "contacts",
                "photos"
            ]
        }
    ]
}

And the space separated strings can be turned into individual strings and
we have the equivalent request:
(8)
{
    "authorizations": [
        "create",
        "update",
        "delete",
        "read",
        "list",
        {
            "type": "customer_information",
            "locations": [
                "https://example.com/customers",
            ],
            "actions": [
                "read"
            ],
            "datatypes": [
                "contacts",
                "photos"
            ]
        }
    ]
}

Let's go back to our first example, and ask for 3 separate tokens:
(9)
{
    "authorizations": {
        "writer": "create update delete",
        "reader": "read list",
        "customer": [
            {
                "type": "customer_information",
                "locations": [
                    "https://example.com/customers",
                ],
                "actions": [
                    "read"
                ],
                "datatypes": [
                    "contacts",
                    "photos"
                ]
            }
        ]
    }
}

In a multi token request, if there is only one item in the array, we can
shorten (9) to the following:
(10)
{
    "authorizations": {
        "writer": "create update delete",
        "reader": "read list",
        "customer": {
            "type": "customer_information",
            "locations": [
                "https://example.com/customers",
            ],
            "actions": [
                "read"
            ],
            "datatypes": [
                "contacts",
                "photos"
            ]
        }
    }
}