IETF Logo Mail Archive

Re: [GNAP] A "privacy by design" delegation scheme

Justin Richer <jricher@mit.edu> Fri, 19 March 2021 14:37 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4004B3A16CE for <txauth@ietfa.amsl.com>; Fri, 19 Mar 2021 07:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7-JGRvhgfpO for <txauth@ietfa.amsl.com>; Fri, 19 Mar 2021 07:37:51 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5FFD3A16CD for <txauth@ietf.org>; Fri, 19 Mar 2021 07:37:50 -0700 (PDT)
Received: from [192.168.1.22] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 12JEblBA001064 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Mar 2021 10:37:48 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <0E07D733-532A-4F87-A534-4519CE0052E3@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_DA1C5B51-1246-4514-83D8-85267E81F728"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 19 Mar 2021 10:37:47 -0400
In-Reply-To: <C766FFFA-C52D-4AF6-A09B-0E1D2FF4EA39@mit.edu>
Cc: "txauth@ietf.org" <txauth@ietf.org>
To: Denis <denis.ietf@free.fr>
References: <62619e0d-f4ad-bef8-d351-49943542409f@free.fr> <C766FFFA-C52D-4AF6-A09B-0E1D2FF4EA39@mit.edu>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/jAu11ZW1t0JiQLL8S2aXJTnK5zk>
Subject: Re: [GNAP] A "privacy by design" delegation scheme
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 14:37:53 -0000

Also, I want to point out that in your description below, the photo sharing service is the AS and the RS. It’s fulfilling both roles. This isn’t “without an AS” this is simply saying that one party runs both components in a closely-knit manner. 

 — Justin

> On Mar 19, 2021, at 10:31 AM, Justin Richer <jricher@mit.edu> wrote:
> 
> Hi Denis,
> 
> The abstraction of the authorization server is fundamental to the approach in both OAuth and GNAP.
> 
> I would personally encourage you to start a BoF and eventually a working group here in the IETF to pursue such a design as you are proposing.
> 
>  — Justin
> 
>> On Mar 19, 2021, at 10:27 AM, Denis <denis.ietf@free.fr <mailto:denis.ietf@free.fr>> wrote:
>> 
>> The text that follows is extracted from :
>> 
>> Page 5 from RFC 6749 (OAuth 2.0). October 2012, and
>> Page 5 & 6 from draft-ietf-oauth-v2-1-01. February 2021
>>           " For example, an end-user (resource owner) can grant a printing service (client) access to her protected photos stored at a photo sharing service (resource server), 
>>           without sharing her username and password with the printing service.  Instead, she authenticates directly with a server trusted by the photo-sharing service 
>>           (authorization server), which issues the printing service delegation-specific credentials (access token)."
>> 
>> These two sentences are part of the foundations of OAuth 2.0 and OAuth 2.1.
>> 
>> The same delegation scheme can be supported without the need to use an authorization server (AS). Here is the story:
>> 
>>            For example, an end-user can grant a printing service access to her protected photos stored at a photo sharing service, without sharing her username and password 
>>            with the printing service.  Instead, she authenticates directly to the photo sharing service and asks to that service to deliver delegation-specific credentials (access token) 
>>            able to grant to its owner a read access to a subset of her photos during some period of time. Once the access token has been delivered by the photo sharing service, 
>>            she transmits it to the printing service. Then the printing service presents that access token to the photo sharing service which will deliver the subset of selected photos 
>>            to the printing service. 
>> 
>> Requirement :
>> 
>> The end-user must have an account on the photo sharing service.
>> 
>> Advantages: ,
>> 
>> Since there is no AS, the photo sharing service does not need to trust any AS nor have a relationship with an AS.
>> Since there is no AS, the printing service does not need to trust any AS, nor have as relationship with an AS.
>> Since there is no AS, no account is needed for the end-user at an AS.
>> Since there is no AS, no AS can know/spy what the end-user is doing.
>> The access token can be transmitted/communicated to anybody, including herself.
>> The end-user MAY have an account on the printing service, but she is NOT REQUIRED to have one.
>> The person that gets the photos printed will need to disclose to the printing service a name and an address for the delivery 
>> (not necessarily her name and her home address) if she is not working at a kiosk and will need to pay for the printing (and postage).
>> Denis
>> 
>> 
>> -- 
>> TXAuth mailing list
>> TXAuth@ietf.org <mailto:TXAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/txauth
> 
> -- 
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth

v2.23.0 | Report a Bug | By Email