Re: [GNAP] generic HTTP resource type
Jamey Sharp <jamey@minilop.net> Wed, 28 July 2021 01:06 UTC
Return-Path: <jamey@minilop.net>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23DB3A145C for <txauth@ietfa.amsl.com>; Tue, 27 Jul 2021 18:06:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=minilop.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZGUGYTok3sS for <txauth@ietfa.amsl.com>; Tue, 27 Jul 2021 18:06:18 -0700 (PDT)
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 729B13A145A for <txauth@ietf.org>; Tue, 27 Jul 2021 18:06:18 -0700 (PDT)
Received: by mail-pj1-x1032.google.com with SMTP id m1so2671790pjv.2 for <txauth@ietf.org>; Tue, 27 Jul 2021 18:06:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=minilop.net; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=Lpho3Fwvd/ps+B4TJmw207oSuGAzSY0yxEC21bzbV4g=; b=UkfC21bw9e5xTCLtYLWBY2+ldTSBtxbkzc3pO3p6udfy6R3dUcmIj8QDgZCACn0GxE t8qkUSc8TUs8G4JBqq7+keCQJR1IrCMiHh+oabtT6LAdUAIk2UYqmHct84NX3Z9pQnVC zFF+r+KA/7XijvKaqWpNoYzbnZEcKfJk/8y7o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=Lpho3Fwvd/ps+B4TJmw207oSuGAzSY0yxEC21bzbV4g=; b=EnLSZte5ULMq1quVoQGiaaDMs2dggof6lr2CTdDie6/eUMDp4dZ1JrjNeUxW4362Qd yw/Al48UFpUma/VGwJBvoPy2FDYUUND6DnTfuukLLhCVNt0d9C2POdakYdBRkdUeeUXI mjoOfQrtYKrfqfM99t6Pzrj9X3ZKJVsKRmoFhqs9cv64XlyS2zS4msK78h1XFR7NM2nQ lUJJ/OerpWtme+x0FpICnFQmaVYd7MfoC+2ZKMye4ZVh4veBVaPIS0DyJ+vWzTd9giJg 9y8q+xo3cmuvgDG9md2V/4afiQ/l6VYpGrJaAsEEfhBl5ID4YlYrFcwR80lNL77rUqhC rn8Q==
X-Gm-Message-State: AOAM533ptqITxFArsAcTXJQiobVTNtsaxHrc6QMSTvn7dadzpNWwwu2g qKUoXE/0/OHdAcOa2PM2tvDqgVyRgkOxTyd7
X-Google-Smtp-Source: ABdhPJwAE0Cn5pMDnUTb3WE8sxPUWuvbWnl+sG5fsLqRSvTxaWNZmQcjrXgZqkgqLO07KK3I8GBzTA==
X-Received: by 2002:a17:90a:24c:: with SMTP id t12mr24699370pje.64.1627434377329; Tue, 27 Jul 2021 18:06:17 -0700 (PDT)
Received: from eh (63-230-166-62.ptld.qwest.net. [63.230.166.62]) by smtp.gmail.com with ESMTPSA id e2sm5541239pgh.5.2021.07.27.18.06.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jul 2021 18:06:16 -0700 (PDT)
Received: by eh (sSMTP sendmail emulation); Tue, 27 Jul 2021 18:06:15 -0700
Date: Tue, 27 Jul 2021 18:06:15 -0700
From: Jamey Sharp <jamey@minilop.net>
To: Adrian Gropper <agropper@healthurl.com>
Cc: GNAP Mailing List <txauth@ietf.org>
Message-ID: <YQCthymMrDwqqxVC@eh>
References: <YP9bhNFEs3YPw1AD@eh> <CANYRo8ghbuR8uEnaU8nZpV0RNNeevXmJtkbCy8=23qGtAUgueQ@mail.gmail.com> <CAJi=jadfd5C87h6t0cXSRJ_2Ua2gVp3eRCspqQBDRSOyxeKygw@mail.gmail.com> <CANYRo8g_rHq+zhSzdvVNbZKTqvt0dJepNHMgqPp_gvM=M67KyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CANYRo8g_rHq+zhSzdvVNbZKTqvt0dJepNHMgqPp_gvM=M67KyA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/hwlTMpUoDKk8il3sKSig2n67LvA>
Subject: Re: [GNAP] generic HTTP resource type
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2021 01:06:24 -0000
On Tue, Jul 27, 2021 at 06:54:31PM -0400, Adrian Gropper wrote: > Hi Jamey, > I'm grateful for your conversation because you are helping me tease > out which aspects of GNAP are essential for my (fairly common) > use-case. I'm glad it's helping! Just keep in mind that I read the GNAP draft for the first time yesterday. 🤣 I think I have a better understanding of your concern now. I was somewhat confused because if the resources in question are electronic health records, then the RO is the party that needs protection the most, while in the cases I usually think about, it's the end-user's privacy that is most at risk. I don't believe anything I'm proposing affects your use case, because I'm only proposing a resource rights type and possibly some end-user behavior. As far as I can tell, - GNAP's privacy and security promises should not depend on the specifics of any rights type; - your application wouldn't use this rights type and so would not be affected regardless; - and any protections which GNAP offers an RO should apply regardless of the behavior of any end-user. Jamey
- [GNAP] generic HTTP resource type Jamey Sharp
- Re: [GNAP] generic HTTP resource type Adrian Gropper
- Re: [GNAP] generic HTTP resource type Jamey Sharp
- Re: [GNAP] generic HTTP resource type Adrian Gropper
- Re: [GNAP] generic HTTP resource type Justin Richer
- Re: [GNAP] generic HTTP resource type Jamey Sharp
- Re: [GNAP] generic HTTP resource type Fabien Imbault
- Re: [GNAP] generic HTTP resource type Jamey Sharp
- Re: [GNAP] generic HTTP resource type Justin Richer