Re: [GNAP] Design team
Dick Hardt <dick.hardt@gmail.com> Tue, 20 October 2020 17:06 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4604A3A11B0 for <txauth@ietfa.amsl.com>; Tue, 20 Oct 2020 10:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.096
X-Spam-Level:
X-Spam-Status: No, score=-1.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zy-bcUeP7VlF for <txauth@ietfa.amsl.com>; Tue, 20 Oct 2020 10:06:55 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A859A3A11A9 for <txauth@ietf.org>; Tue, 20 Oct 2020 10:06:54 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id h20so2820034lji.9 for <txauth@ietf.org>; Tue, 20 Oct 2020 10:06:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rrYOMpgzuy2fksQVmnPBbDkkrb2KarnlfuKBJnJuZTA=; b=jB4Lyc13mHn8HKlaRaN5W8ieE3LiuPNcsr4AxQ8qQ1P1uQKtipDU8Bqk+3dWniaG0a +ewfWwRKSL0nrrMOSmD7eztqElH7uRcpL/8yisVfXu+8CkWM1/w+g+a1zj821lWreLnE dmZ8sZ2ogRKH/5Xbp2LPR2FyH3+qo/iZrbveffIsQMNxTDpgeB/U4/Fn8+NnJA936zpI Q0hs9RrreR28DR9Nzk+RMF9VWhyb+3FUdM71XFXitFHgdophwj0LbljZssqGgP33b/cE B6XpaMxM5OxevRKjxrfCr69G5zbkzu0YI6hEDqr3i+pyNTVJ3k8a6TQHE2omsjHulojx ffHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rrYOMpgzuy2fksQVmnPBbDkkrb2KarnlfuKBJnJuZTA=; b=Jvyij90UwEIF3PuSKzjxGuVVEbso7HSVhvcfJ/aVopVaMNbT8JGGKlaHgbqFvULDrn wxpE4tDdy6fhzD4zsNGnwnblVapTdeZ7mQhK3fNBpvlcEaFuBDRG29oRu8reYaWfJn/g lsj9DhpgFZEqCQ6wIQzBRxr2HlLzv/QuVZEGME13vV+oxEeZcUW6JJpCHdbkUFKXIqjU +s4o2T65XrKFrqdjvcmYgbTxVZ+4+ZDBs/kR6pYBgwnpnJsMhvlNN6CieJH8m3WxKbRJ r20vHXwRPTNhj266MMIkpdmLTALlmVD2dJ268H1yyjDYWLO3TQfUVKCQzdK+sjETeFIV 2PuQ==
X-Gm-Message-State: AOAM533c8jjTEz6YkOMNOPYC+tTlNv6wYSq1XafA0xlzkg06uiZiUgSh fGrDyuCl9doHxL/SB3V4asTT24oB/16NN9TQOXA=
X-Google-Smtp-Source: ABdhPJwY5rTA6ZP2rf6thAFPj5t+vzoAgAZ6Wa251BZMIEf7rWLGBDLFIobX4Q11xQnZmffMfZ8/mw1/Xd7BTLT20lI=
X-Received: by 2002:a2e:9a43:: with SMTP id k3mr1696296ljj.69.1603213612592; Tue, 20 Oct 2020 10:06:52 -0700 (PDT)
MIME-Version: 1.0
References: <CAD9ie-u3V9Z2qvHJZGAkfhWGqNJT_kPhEcZYj3_bYDt_4SDcsg@mail.gmail.com> <C991BD99-9FE3-46E6-8257-93DE1EB4FA95@gmail.com>
In-Reply-To: <C991BD99-9FE3-46E6-8257-93DE1EB4FA95@gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Tue, 20 Oct 2020 10:06:15 -0700
Message-ID: <CAD9ie-vps-WdPvm6YR4fAYvOUNY9UDcqGKt-4wqz9fNNhBpsgA@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: Justin Richer <jricher@mit.edu>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e0b29705b21d41e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/hQ74qJWDKYrltaSsfl4QOoacJ3A>
Subject: Re: [GNAP] Design team
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2020 17:06:57 -0000
Kathleeen, you keep talking about why we started with XYZ, I'm stating that the goal of the design team was NOT to choose a starting document, but to select the best ideas and create an outline. "We expect the design team to decide on a solution outline that combines > the best of both proposals, and present this outline by Sep. 15"[1] > > [1] https://mailarchive.ietf.org/arch/msg/txauth/By7tDkJBxhmHbP7vKwubC9eW38I/ I find your comment on me "getting my way" is dismissive of having a civil conversation. ᐧ On Tue, Oct 20, 2020 at 3:16 AM Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > Your interpretation of events is in contrast to mine. I’m not going to > argue further with you as there’s no point unless you get your way. There > were 2 detailed reviews from the design team that preferred Justin’s > document as a starting point, none with yours. His was preferred for > several reasons including ease of understanding and aligned better with > IETF protocol specs for cross area review. > > Best regards, > Kathleen > > Sent from my mobile device > > On Oct 19, 2020, at 11:26 PM, Dick Hardt <dick.hardt@gmail.com> wrote: > > > I don't see how your take is different in the process you chose to take, > vs the process I had suggested in the WG meeting, and the chairs had set as > the goals of the design team. Despite the WG not adopting your > recommendation to start with XYZ, you chose to ignore the WG and chairs and > start with the XYZ document. > > wrt. RESTful design patterns, that was a design pattern that XAuth > introduced and that XYZ has adopted. The one comment about a suggestion I > made that was not RESTful -- I was asking for the parameters in JWS signing > to be moved from the JWS header to the JWS payload -- my suggestion was not > making it any less RESTful than it already was. Inaccurate representations > like this contributed to the tension in the meetings. > > One of your criticisms of XAuth was the use of "non standard IETF > language" such as "sequence" -- a term that is now used numerous times in > the draft. > > I hope you had a RESTful vacation! > > > > > > > > On Fri, Oct 9, 2020 at 6:34 PM Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > >> >> My take is very different, Dick. I am starting a 2 week vacation and >> will not be spending it arguing with you on the list. >> >> Multiple reviews pointed to Justin’s document as a better starting point, >> not just mine. Your use case cases can be met and some of what you were >> asking for did not follow RESTful design patterns. They really don’t map >> to a future protocol well. You may need to write extension documents, but >> your goals can be met. >> >> Many calls were difficult as displayed in your message. Justin did a >> great job handling the weekly tension and ensuring options were included >> for WG discussion when agreement was not met. He’s completely amenable to >> following the WG and chairs decisions. His document was also easier to >> follow and aligned better with numerous IETF documents. Please do keep >> Justin on as an editor. As you can see from the draft, there are many areas >> where WG input on decision points are requested. >> >> Best regards, >> Kathleen >> >> Sent from my mobile device >> >> On Oct 9, 2020, at 8:26 PM, Dick Hardt <dick.hardt@gmail.com> wrote: >> >> >> Tl;dr: Given where we are in the WG, I am not opposed to the WG adopting >> -14, but I propose someone other than Justin be the document editor. >> >> I was on the design team to work on the goals set out by the chairs [1]: >> >> "We expect the design team to decide on a solution outline that combines >> the best of both proposals, and present this outline by Sep. 15" >> >> Surprisingly, Kathleen convened the design team with her recommendation >> to start with the XYZ document with Justin as editor, and add in the >> diagrams from XAuth. The rest of the design team had an opportunity to >> express their concerns and Justin edited the document. In other words, I >> had to convince Justin to change the document, rather than the design team >> comparing and contrasting the proposals and selecting the best parts. I >> expressed my concerns with our AD, and decided to continue participating in >> the design team. We did make some progress on a number of issues thanks to >> the hard work of Fabien, Justin, and Mike -- but many issues have been >> punted to the WG. >> >> Justin has poured tons of energy into this project, and to his credit he >> was a good editor at times, but there are areas where he was unwilling to >> deviate from his vision. >> >> I am concerned about a repeat of what happened in OAuth 2.0: Erin had the >> pen and had strong views that often were not aligned with the rest of the >> WG. A good example was Erin's distaste for bearer tokens. He factored that >> out of the core document, which we are now adding back in with OAuth 2.1. >> Anyone that participated in the WG saw the issues this had. >> >> I'm not suggesting that Justin is Erin, but I think a more neutral editor >> of the core document will allow us to make progress more quickly. >> >> /Dick >> >> [1] >> https://mailarchive.ietf.org/arch/msg/txauth/By7tDkJBxhmHbP7vKwubC9eW38I/ >> ᐧ >> >> On Fri, Oct 9, 2020 at 5:04 PM Justin Richer <jricher@mit.edu> wrote: >> >>> Thanks, Kathleen, and thanks to Dick, Mike, and Fabian for all their >>> hard work and discussion as well. This draft contains aspects of XYZ and >>> Xauth, and introduces some new elements and pieces as well. As you'll see, >>> there are many identified issues and decisions to be made, but even then I >>> believe it hangs together fairly cohesively already thanks to the good >>> engineering effort and discussion that's gone in so far. >>> >>> Nothing in the document is final, of course. To me, this document >>> represents a good starting point for working group discussion and >>> decisions, +1 for its adoption. >>> >>> - Justin >>> ________________________________________ >>> From: TXAuth [txauth-bounces@ietf.org] on behalf of Kathleen Moriarty [ >>> kathleen.moriarty.ietf@gmail.com] >>> Sent: Friday, October 9, 2020 6:55 PM >>> To: txauth@ietf.org >>> Subject: [GNAP] Design team >>> >>> Greetings! >>> >>> The design team has now come to a close. While there were too many >>> issues to resolve to all design team member satisfaction, great effort was >>> put in to describe decision points for the WG to ease and hopefully speed >>> the working group process. As such, I am requesting that the WG adopts >>> this version (14 of XYZ) and works together to fully develop a single >>> specification. >>> >>> https://datatracker.ietf.org/doc/draft-richer-transactional-authz/ >>> >>> A tremendous thank you to each of the design team members for your hard >>> work and walking the fine line of when to put a stake in the ground (that >>> the WG can always change once adopted) and listing our options for decision >>> points to ease the WG process. >>> >>> Best regards, >>> Kathleen >>> >>> Sent from my mobile device >>> >>> -- >>> TXAuth mailing list >>> TXAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/txauth >>> >>
- [GNAP] Design team Kathleen Moriarty
- Re: [GNAP] Design team Justin Richer
- Re: [GNAP] Design team Dick Hardt
- Re: [GNAP] Design team Kathleen Moriarty
- Re: [GNAP] Design team Fabien Imbault
- Re: [GNAP] Design team Dmitri Zagidulin
- Re: [GNAP] Design team Dick Hardt
- Re: [GNAP] Design team Kathleen Moriarty
- Re: [GNAP] Design team Dick Hardt