From nobody Thu Jan 13 06:32:35 2022
Return-Path: <denis.ietf@free.fr>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id E4D803A124F
 for <txauth@ietfa.amsl.com>; Thu, 13 Jan 2022 06:32:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.893
X-Spam-Level: 
X-Spam-Status: No, score=0.893 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, FILL_THIS_FORM=0.001, FILL_THIS_FORM_LONG=2,
 FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779,
 T_FILL_THIS_FORM_FRAUD_PHISH=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id QIZYvSHFe-6w for <txauth@ietfa.amsl.com>;
 Thu, 13 Jan 2022 06:32:30 -0800 (PST)
Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr
 [80.12.242.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id C0F973A1209
 for <txauth@ietf.org>; Thu, 13 Jan 2022 06:32:29 -0800 (PST)
Received: from [192.168.1.11] ([82.121.144.115]) by smtp.orange.fr with ESMTPA
 id 819OnddvXSDrI819OnngbC; Thu, 13 Jan 2022 15:32:27 +0100
X-ME-Helo: [192.168.1.11]
X-ME-Auth: OWU3ZmVkYWM0M2UwZWM1YifxM2Q3ZDk1YiUzNWJiZTM2MiliMTI0N2YxZmQ=
X-ME-Date: Thu, 13 Jan 2022 15:32:27 +0100
X-ME-IP: 82.121.144.115
Content-Type: multipart/alternative;
 boundary="------------RAMoPFLYfgYSZ0FWsJFiGn6o"
Message-ID: <4429563c-0967-ceb7-a9fa-0c3e74c755e3@free.fr>
Date: Thu, 13 Jan 2022 15:32:31 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.4.1
Content-Language: en-GB
From: Denis <denis.ietf@free.fr>
To: "txauth@ietf.org" <txauth@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/jwwBQEWAsYQfxujRJmE_QU48BrA>
Subject: [GNAP] Eight issues for discussion before and at the next WG
 virtual meeting
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>,
 <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>,
 <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2022 14:32:34 -0000

This is a multi-part message in MIME format.
--------------RAMoPFLYfgYSZ0FWsJFiGn6o
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hello every one,

Most of the following observations have already been advertised in 
previous virtual GNAP meetings as well at the last OAuth workshop 
virtual meeting.
However, time has been lacking to discuss them. Since a GNAP virtual 
meeting is scheduled next week, I have transformed these observations 
into issues,
so that that can be individually discussed in GitHub before the meeting 
and then at the meeting.

I publish the content of eight new posted issues below, so that every 
one can get an overview of all of them and, if interested, can directly 
point to each
of them with a single click.

I have a specific request to the editors: please, do not close any of 
these issues before the next virtual GNAP meeting.

*1.****Trust relationships are still left undefined in GNAP draft-08
*

https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/368

**Section 1.4 of draft-08 is supposed to be about “/trust 
relationships/”, but it is not. It is based on “Promise Theory” document 
(302 pages)
where “ /A //promise is a stated intention /”. “ /Each agent defines its 
own valuation function of promises given or received /”.

On page 108 (!), there is a first attempt to define what Trust means:

/Proposal /1 (Trust). An agent’s expectation that a promise will be kept.
It may be assigned a value lying between0 and1, in the manner of a 
_Bayesian probability_/./

Such an approach is confusing : it is mixing trust relationships with 
security threats.

In the IT community, trust is a binary condition (0 or1): either you 
trust something or you don’t. *It is not a Bayesian probability*.

A trust relationship is rather simple and is composed of three parts :

An entity A … is trusting an entity B … for some kind of behavior C.
/…being aware that some conditions “out of control” might happen/

Section 1.4 of draft-08 is failing to indicate the trust relationships 
that may exist between:

- Client instances and end-users,
- End-users and ASs,
- Client instances and ASs,

Trust relationships need to be clear and understandable. Without them, 
it will not be possible to demonstrate the security of the architecture.

In draft-08, the following questions have no answer:

How may a client instance be associated with an end-user ? This is left 
undefined.

How may an AS be confident that a legitimate user is using a given 
client instance ? This is left undefined.

*2. The Authentication of end-users by an AS is currently not required*

https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/369

Extract from the Introduction on page 5 of draft-08:

This protocol allows a piece of software, the client instance, to 
request delegated authorization to resource servers and to request 
direct information.(…)
The end-useroperating the software mayinteract with the authorization 
server to authenticate, provide consent, and authorize the request.

Hence, the authentication of end-users by an AS is not required. Does it 
mean that the authentication of the "piece of software" used by an 
end-user SHALL be mandatory ?
If so, how this "piece of software" should associated with end-user is 
left undefined.

Considerations about an end-user for changing that "piece of software" 
or using several pieces of software at the same instant of time are not 
mentioned.

How an AS may associate some rights or attributes with an end-user is 
left undefined.

Note that the EU Payments Services Directive (PSD2) /mandates the use of 
MFA (Multi Factor Authentication) with the AS/.

Why a strong authentication of end-users by an AS would not be 
sufficient, hence avoiding the authentication of "pieces of software" ?


*3.* *R**ights and attributes **SHOULD be equally supported**

*https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/370

The core draft defines:

_Privilege_:right *or attribute *associated with a subject
_Access Token_:a data artifact representing a set of rights *and/or 
attributes*

However, the core draft does not allow a RS to distinguish between 
rights and attributes.

The core protocol should define two fields in an access token request to 
distinguish between rights (i.e. capabilities) and attributes.

A set of standard _attribute types_ should be defined to support ABAC 
(Attribute Based Access Control) :
e.g. first name, family name, birth date, birth location, home address, 
email address, social security number, citizenship(s), etc …

*4.* *Both attributes (ABAC) and capabilities (CBAC) SHOULD be supported
*
https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/371

At the moment, a client is able to request with a fine degree a 
precision a specific set of rights that should be included into an 
access token.
However, a client is unable to request a specific set of attributes that 
should be included into an access token.

As a consequence, the /support of rights/ versus the /support of 
attributes/ is unbalanced.

Implicitly, the core draft mandates a /bilateral/pre-relationship 
between every pair of AS / RS. This is not advertised in the draft.

Such bilateral pre-relationship limits the scalability of the architecture.

When attributes only are supported, no /bilateral/ pre-relationship 
between an AS and a RS is necessary.

The core document only implicitly allows an AS to add attributes into an 
access token /at its own discretion/,
without any specific request for them to be included from the client 
(and hence the end-user).

This means that the core document does not allow an AS to add specific 
attributes into an access token upon the request from the client
(and hence from the end-user).

This has *severe consequences in term of the end-user privacy* which are 
not mentioned in the draft.

First of all, since rights are always included, this means that the AS 
MUST be aware of the identity of the RS.
In addition, the AS cannot be kept ignorant of which actions will be 
performed by a client and on which resources.
*This allows the AS to act as "Big Brother"*. However, this can be 
prevented in the case where attributes only are supported.

Secondly, in order to support "good practices" (User Notice, User 
Choice, User Consent and Transparency)or legislation like the EU GDPR,
the end-user should be informed about the set of attributes that are 
requested _by a RS_and should also be able to know the treatment(s)
that will be done with such attributes. At the moment, a dialogue 
between the client and the RS is missing. A specific RS end-point
should be defined and dedicated for such dialogue.

If the end-user agrees to provide that set of attributes to the RS, he 
should be able to indicate to the AS which attributes types(/and 
optionally values/)
should be included into the access token. At the moment, the client is 
unable to specify to the AS a set of attributes to be included into the 
access token.
In addition, an end-user is even unable to know which set of attributes 
are known by the AS.

If this situation is going to last, the privacy consideration section 
should clearly indicate these limitations.

*5. A RS is currently only able to trust a single AS
*
https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/372

This limitation should be removed and can be removed. For details, see: 
draft-pinkas-gnap-core-protocol-00.txt

The /Proposal/for a Regulation amending Regulation (EU) No 910/2414 as 
regards establishing a framework for a European Digital Identity
of 3 June 2021 should not be ignored. /It paves the way for the use of 
//multiple////attribute servers//./

If such limitation is not removed, it should be clearly advertised in 
the core draft.

*6.* *Bearer access tokens and key-bound access tokens are not the 
single types of access tokens
*

**https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/373

**OAuth (and GNAP draft-08) postulate that only two classes of access 
tokens may exist:
- key-bound access tokens where the access token is bound to a key used 
by the client instance in its request, and
       - bearer access tokens that do not include a key used by the 
client instance in its request.

If a hardware security module (HSM) is being used, it prevents a 
legitimate client or a user to know the /value //of a client private key/,
but it does not prevent the /use//of that private key/by a legitimate 
client willing to collaborate with another client.

If a client accepts to collaboratewith another client, the use of 
key-bound access tokens does not offer a protection
against the use of an access token by another client.

GNAP (and OAuth) are not resistant to client collaborative attacks.

As long as this situation will last, this should be clearly advertised 
in the draft.

However, there exits a solution to address this issue which has already 
been advertised to the WG: the addition into the access token of a 
"buid" field : Binding User IDentifier.
As a side consequence, a distinction should be done between 
long_term_user_accounts and short_term_user_accountssupported by a RS.

For details, see: draft-pinkas-gnap-core-protocol-00.txt


*7. **Draft-08 makes a general assumption that an end-user and a RO are 
the same entity*

https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/374
**

**Extract from page 13 of draft-08:

      Note that the RO and end-user are often the same entity in 
practice, but GNAP makes no general assumption that they are.

Unfortunately, this Note is wrong. Section 1.5 is failing to provide a 
single example where the end-user is not also the RO and where the RO is 
an automated process.

This comment has already made several times, but no action has been made 
to take care of it up to now: section 1.5 has still not been modified.

*8.* *GNAP versus GNAF*: *do the current drafts describe a protocol or a 
framework ?
*
https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/51
*
*_Response_: They describe a framework since two independent 
implementations of the drafts will be unable to interoperate.

In particular, the issue about "Format of defining REQUIRED vs OPTIONAL 
request/response elements 
(https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/257) is still 
opened.

The protocols are not defined end-to-end. In particular, which 
treatments and verifications should be done by a RS are still left 
undefined.

As long as this situation will last, the document cannot be considered 
as a "Grant Negotiation and Authorization *Protocol*" (GNAP)
but rather as a "Grant Negotiation and Authorization *Framework*" (GNAF).


Denis


--------------RAMoPFLYfgYSZ0FWsJFiGn6o
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:
        EN-US" lang="EN-US">Hello every one,<br>
        <br>
        Most of the following observations have already been advertised
        in previous
        virtual GNAP meetings as well at the last OAuth workshop virtual
        meeting.
        <br>
        However, time has been lacking to discuss them. Since a GNAP
        virtual meeting is scheduled next week, I have transformed these
        observations into issues, <br>
        so that that can be individually discussed in GitHub before the
        meeting and then at the meeting.
        <br>
        <br>
        I publish the content of eight new posted issues below, so that
        every
        one can get an overview of all of them and, if interested,
        can directly point to each <br>
        of them with a single click.<br>
        <br>
        I have a specific request to the editors: please, do not close
        any of these
        issues before the next virtual GNAP meeting.<br>
        <br>
      </span><b><span
          style="font-family:Calibri;mso-ansi-language:EN-US"
          lang="EN-US">1.</span></b><b><span
          style="font-family:Calibri;mso-ansi-language:EN-US"
          lang="EN-US"> </span></b><b><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-US" lang="EN-US">Trust relationships are
          still left undefined in GNAP
          draft-08<br>
        </span></b></p>
    <p class="MsoNormal"><font color="#0000ff"><span style="font-family:
          Calibri;" lang="EN-US"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/368">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/368</a></span></font></p>
    <p class="MsoNormal"><b><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-US" lang="EN-US">
        </span></b><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"></span><span
        style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Section
        1.4 of draft-08 is
        supposed to be about “<i>trust relationships</i>”, but it is
        not. It is based
        on “Promise Theory” document (</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:#0070C0;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">302 pages</span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">) <br>
        where “ <i>A </i></span><i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB">promise is a stated
          intention </span></i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">”. </span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">“ <i>Each
          agent defines its own valuation function of promises given or
          received </i>”. </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:9.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">On
      </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:#0070C0;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">page 108 </span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">(!), there
        is a first attempt to define what Trust means:<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB"><span
          style="mso-spacerun:
          yes">  </span><i>Proposal </i>1 (Trust). An agent’s
        expectation that a promise
        will be kept. <br>
        <span style="mso-spacerun: yes">  </span>It may be assigned a
        value lying </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">between</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB"> 0 </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">and</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB"> 1, in the
        manner of a </span><u><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB">Bayesian probability</span></u><i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:#00B0F0;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB">.</span></i><span
        style="font-family:Calibri;
        mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><br>
        Such an approach is confusing : it is mixing trust relationships
        with security
        threats.</span><span
        style="font-family:Calibri;mso-ansi-language:
        EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><br>
        In the IT community, trust is a binary condition (0 </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">or</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US"> 1): either
        you trust something or you don’t. <b>It is not a Bayesian
          probability</b>. <br>
        <br>
        A
        trust relationship is rather simple and is composed of three
        parts : <br>
      </span><span style="mso-bidi-font-size:8.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><br>
      </span><span style="mso-bidi-font-size:19.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">An
        entity A … is trusting an
        entity B … for some kind of behavior C.<br>
      </span><i><span
          style="mso-bidi-font-size:19.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
          mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">…<span
            style="mso-spacerun:
            yes">  </span>being aware that some conditions “out of
          control” might happen</span></i><span
style="mso-bidi-font-size:19.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US"><br>
        <br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Section
        1.4 of draft-08 is
        failing to indicate the trust relationships that may exist
        between:<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
        <span style="mso-spacerun: yes">   </span>- </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">Client instances and
        end-users,</span><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
        <span style="mso-spacerun: yes">   </span>- </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">End-users and ASs,</span><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
        <span style="mso-spacerun: yes">   </span>- </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">Client instances and ASs,<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:19.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Trust
        relationships need to be
        clear and understandable. Without them, it will not be possible
        to demonstrate
        the security of the architecture.<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:23.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">In
        draft-08, the following
        questions have no answer:<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">How
        may a client instance be
        associated with an end-user ? This is left undefined. <br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">How
        may an AS be confident
        that a legitimate user is using a given client instance ? This
        is left
        undefined.</span><span
        style="font-family:Calibri;mso-ansi-language:
        EN-GB" lang="EN-GB"><br style="mso-special-character:line-break">
          <br>
      </span></p>
    <p class="MsoNormal"><b><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB">2. The
          Authentication of end-users by an AS is currently not required</span></b></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:
        EN-GB" lang="EN-GB"><font color="#0000ff"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/369">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/369</a></font><br>
        <br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Extract
        from the Introduction
        on page 5 of draft-08:<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
              </span><span
        style="mso-bidi-font-size:15.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">This
        protocol allows a piece
        of software, the </span><span style="mso-bidi-font-size:15.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">client instance</span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">, to request delegated
        authorization to resource
        servers and to request direct information.<span
          style="mso-spacerun: yes"> 
        </span>(…)</span><span
        style="font-family:Calibri;mso-ansi-language:
        EN-GB" lang="EN-GB"><br>
              </span><span
        style="mso-bidi-font-size:15.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">The
      </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">end-user</span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB"> operating
        the software </span><span style="mso-bidi-font-size:22.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">may</span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB"> interact with the
        authorization server to </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">authenticate</span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">, provide </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">consent</span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">, and
        authorize the request.</span><span style="font-family:Calibri;
        mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:7.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">Hence,
        the authentication of
        end-users by an AS is not required. Does it mean that the
        authentication of the
        "piece of software" used by an end-user SHALL be mandatory ?<br>
        If so, how this "piece of software" should associated with
        end-user
        is left undefined. </span></p>
    <p class="MsoNormal"><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">Considerations
        about an end-user for changing that "piece of software" or using
        several
        pieces of software at the same instant of time are not
        mentioned.</span></p>
    <p class="MsoNormal"><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">How an AS may
        associate some rights or attributes with an end-user is left
        undefined.<br>
        <br>
      </span><span style="mso-bidi-font-size:15.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">Note
        that the EU </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">Payments Services
        Directive (</span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">PSD2</span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">) </span><i><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB">mandates the use of MFA
          (Multi Factor Authentication)
          with the AS</span></i><span style="mso-bidi-font-size:15.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">.</span></p>
    <p class="MsoNormal"><span style="mso-bidi-font-size:15.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">Why a strong
        authentication of end-users by an AS would not be sufficient,
        hence avoiding
        the authentication of "pieces of software" ?</span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:
        EN-US" lang="EN-US"><br>
        <b>3.</b> <b>R</b></span><b><span
          style="mso-bidi-font-size:30.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">ights and
          attributes </span></b><b><span
          style="mso-bidi-font-size:20.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB">SHOULD be equally
          supported</span></b><b><span style="mso-bidi-font-size:30.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US"><br>
          <font color="#0000ff"><br>
          </font></span></b><span
        style="mso-bidi-font-size:30.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><font
          color="#0000ff"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/370">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/370</a></font><br>
      </span></p>
    <p class="MsoNormal"><span
        style="mso-bidi-font-size:30.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">The
        core draft defines:<br>
        <br>
        <span style="mso-spacerun: yes">      </span></span><u><span
style="mso-bidi-font-size:16.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB">Privilege</span></u><span
        style="mso-bidi-font-size:
16.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
Arial;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">:<span style="mso-spacerun: yes">  </span>right </span><b><span
style="mso-bidi-font-size:16.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:Arial;color:red;mso-font-kerning:12.0pt;mso-ansi-language:
          EN-GB" lang="EN-GB">or attribute </span></b><span
        style="mso-bidi-font-size:16.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">associated with a
        subject</span><span
        style="font-family:Calibri;mso-bidi-font-family:
        Arial;mso-ansi-language:EN-GB" lang="EN-GB"><br>
        <span style="mso-spacerun: yes">      </span></span><u><span
style="mso-bidi-font-size:16.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB">Access Token</span></u><span
style="mso-bidi-font-size:16.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:Arial;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">:<span
          style="mso-spacerun: yes">  </span>a data
        artifact representing a set of rights </span><b><span
style="mso-bidi-font-size:16.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:red;mso-font-kerning:12.0pt;mso-ansi-language:
          EN-GB" lang="EN-GB">and/or attributes</span></b><span
        style="mso-bidi-font-size:
30.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US"><br>
        <br>
        However, the core draft does not allow a RS to distinguish
        between rights and
        attributes.</span><span
        style="font-family:Calibri;mso-ansi-language:
        EN-US" lang="EN-US"><br>
        <br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">The
      </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">core protocol </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">should define two fields
        in an access token request to
        distinguish between rights (i.e. </span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">capabilities</span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">) and attributes.</span><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
        <br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">A
        set of standard <u>attribute types</u> should be defined to
        support ABAC <span style="color:#0070C0">(Attribute Based
          Access Control) </span>: <br>
      </span><span
        style="font-family:Calibri;mso-fareast-font-family:+mn-ea;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">e.g.
      </span><span
style="font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">first name, family name, birth date, birth
        location, home address, email address, social security number,
        citizenship(s),
        etc …</span><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
        <br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US"><b>4.</b> </span><b><span
          style="mso-bidi-font-size:20.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB">Both attributes
          (ABAC) and capabilities (CBAC) SHOULD be supported<br>
        </span></b><br>
      <span style="mso-bidi-font-size:20.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB"><font
          color="#0000ff"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/371">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/371</a></font><br>
      </span></p>
    <p class="MsoNormal"><span
        style="mso-bidi-font-size:20.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">At
        the moment, a client is able to request with a fine degree a
        precision a
        specific set of rights that should be included into an access
        token. <br>
        However, a
        client is unable to request a specific set of attributes that
        should be
        included into an access token. <br>
        <br>
        As a consequence, the <i>support of rights</i> versus the <i>support
          of
          attributes</i> is unbalanced.<br>
        <br>
        Implicitly, the core draft mandates a </span><i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-US" lang="EN-US">bilateral</span></i><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">
        pre-relationship between every pair of AS / RS. </span><span
        style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;mso-font-kerning:
        12.0pt;mso-ansi-language:EN-US" lang="EN-US">This is not
        advertised in the draft.<br>
        <br>
      </span><span style="mso-bidi-font-size:20.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;mso-font-kerning:
        12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">Such </span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
        +mn-cs;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">bilateral
        pre-relationship </span><span style="mso-bidi-font-size:20.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">limits
        the scalability of the
        architecture. <br>
        <br>
        When attributes only are supported, n</span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;mso-font-kerning:12.0pt;mso-ansi-language:
        EN-US" lang="EN-US">o <i>bilateral</i> pre-relationship between
        an AS and a RS is necessary.</span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;mso-font-kerning:12.0pt;mso-ansi-language:
        EN-GB" lang="EN-GB"><br>
        <span style="color:black"><br>
          The core document only implicitly allows an AS to add
          attributes into an access
          token </span><i><span style="color:red">at its own discretion</span></i><span
          style="color:black">, <br>
          without any specific request for them to be included from
          the client (and hence the end-user).<br>
          <br>
          This means that the core document does not allow an AS to add
          specific
          attributes into an access token upon the request from the
          client <br>
          (and hence
          from the end-user).<br>
          <br>
          This has <b>severe consequences in term of the end-user
            privacy</b> which are not
          mentioned in the draft.<br>
          <br>
          First of all, since rights are always included, this means
          that the AS MUST be
          aware of the identity of the RS. <br>
          In addition, the </span></span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">AS cannot be kept ignorant
        of </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;mso-font-kerning:12.0pt;mso-ansi-language:
        EN-US" lang="EN-US">which actions will be performed by a client
        and on which resources.<span style="color:#0070C0"> </span></span><span
        style="mso-bidi-font-size:
20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:blue;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
        <b>This allows
          the AS to act as "Big Brother"</b></span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">. However, this can be
        prevented in the case where
        attributes only are supported.<br>
        <br>
        Secondly, in order to support "good practices" (</span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">User Notice</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">, </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">User Choice, User Consent
        and Transparency)</span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB"> or legislation like the
        EU GDPR, <br>
        the end-user should
        be informed about the set of attributes that are requested </span><u><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB">by a RS</span></u><span
        style="mso-bidi-font-size:
20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB"> </span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">and should also be able to
        know the treatment(s) <br>
        that
        will be done with such attributes. At the moment, </span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">a dialogue between the
        client and the RS </span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">is missing. A specific RS
        end-point <br>
        should be defined
        and dedicated for such dialogue.<br>
        <br>
        If the end-user agrees to provide that set of attributes to the
        RS, he should
        be able to indicate to the AS </span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">which </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">attributes types</span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB"> (<i>and optionally values</i>)
        <br>
      </span><span
style="mso-bidi-font-size:20.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">should be included into
        the access token. At the moment,
        the client is unable to specify to the AS a set of attributes to
        be included
        into the access token. <br>
        In addition, an end-user is even unable to know which
        set of attributes are known by the AS.<br>
        <br>
        If this situation is going to last, the privacy consideration
        section should
        clearly indicate these limitations.<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US"><br>
        <b>5. A RS is currently only able to trust a single AS<br>
        </b><font color="#0000ff"><br>
          <a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/372">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/372</a></font><br>
      </span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:EN-US" lang="EN-US">This
        limitation should be removed and can be removed. </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">For details, see:
        draft-pinkas-gnap-core-protocol-00.txt<br>
        <br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US">The
      </span><i><span
          style="mso-bidi-font-size:15.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;
          mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Proposal</span></i><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US"> for a Regulation </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">amending Regulation (EU)
        No 910/2414 as regards
        establishing a framework for a </span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">European
        Digital Identity </span><span style="mso-bidi-font-size:15.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US"><br>
        of 3 June 2021 </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">should not be ignored. <i>It
          paves the way for the use
          of </i></span><i><span
          style="mso-bidi-font-size:15.0pt;font-family:
Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:#0070C0;
          mso-font-kerning:12.0pt;mso-ansi-language:EN-GB" lang="EN-GB">multiple</span></i><i><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-GB" lang="EN-GB"> </span></i><i><span
          style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:#0070C0;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB">attribute
          servers</span></i><i><span style="mso-bidi-font-size:15.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB">.</span></i><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US"><br>
        If such limitation is not removed, it should be clearly
        advertised in the core
        draft.<br>
        <br>
        <b>6.</b> </span><b><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">Bearer access
          tokens and key-bound access tokens are not the single types of
          access tokens<br>
        </span></b></p>
    <p class="MsoNormal"><b><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">
        </span></b><font color="#0000ff"><span
          style="font-family:Calibri;mso-ansi-language:
          EN-GB" lang="EN-GB"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/373">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/373</a></span></font></p>
    <p class="MsoNormal"><b><span
          style="font-family:Calibri;mso-ansi-language:
          EN-GB" lang="EN-GB">
        </span></b><span
        style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">OAuth
        (and GNAP draft-08)
        postulate that only two classes of access tokens may exist:<span
          style="mso-spacerun: yes">  </span></span><span
        style="font-family:
        Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
              </span><span
        style="mso-bidi-font-size:15.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">-
        key-bound access tokens </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">where the access token is
        bound to a key used by the
        client instance in its request, and <br>
      </span><span style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">      - bearer access
        tokens </span><span
        style="mso-bidi-font-size:15.0pt;font-family:
Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">that
        do not include a key used
        by the client instance in its request. </span><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><br>
        If a hardware security module
        (HSM) is being used, it prevents a legitimate client or a user
        to know the </span><i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-US" lang="EN-US">value </span></i><i><span
          style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">of a client
          private key</span></i><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">, <br>
        but it does not
        prevent the </span><i><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
          color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">use</span></i><i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
          mso-ansi-language:EN-US" lang="EN-US"> of that private key</span></i><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US"> by a legitimate client
        willing to collaborate with
        another client.<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">If
        a client accepts to </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:red;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-US" lang="EN-US">collaborate</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US"> with
        another client, the use of </span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">key-bound
        access tokens </span><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">does not offer a
        protection <br>
        against the use of an access token by another client.<br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-GB"
        lang="EN-GB"><br>
      </span><span style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">GNAP
        (and OAuth) are not
        resistant to </span><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;
        color:red;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">client collaborative
        attacks</span><span
        style="mso-bidi-font-size:18.0pt;font-family:
Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">.</span><span
        style="font-family:Calibri;mso-ansi-language:EN-GB" lang="EN-GB"><br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US"><br>
        As long as this situation will last, this should be clearly
        advertised in the
        draft. <br>
      </span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:EN-US" lang="EN-US">However,
        there exits a solution to address this issue which has already
        been advertised to the WG: the addition into the access token of
        a </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">"buid" field : </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:#00B0F0;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">B</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">inding </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:#00B0F0;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">U</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">ser </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:#00B0F0;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">ID</span><span
        style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">entifier.
        <br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US">As a side consequence, a distinction should be done
        between </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:#0070C0;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">long_term_user_accounts </span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:
+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB">and </span><span
        style="mso-bidi-font-size:
15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:#0070C0;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
        lang="EN-GB">short_term_user_accounts</span><span
style="mso-bidi-font-size:15.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:+mn-cs;color:black;mso-font-kerning:12.0pt;
        mso-ansi-language:EN-GB" lang="EN-GB"> supported by a RS.</span><br>
      <span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US"><span style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB"><br>
          For details, see: draft-pinkas-gnap-core-protocol-00.txt</span></span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:EN-US" lang="EN-US"><span
          style="mso-bidi-font-size:
18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:
+mn-cs;color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-GB"
          lang="EN-GB"></span>
        <br>
        <b>7. </b></span><b><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">Draft-08 makes a
          general assumption that an end-user and a RO are the same
          entity</span></b></p>
    <p class="MsoNormal"><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US"><font color="#0000ff"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/374">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/374</a></font><br>
      </span><b><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US"></span></b></p>
    <p class="MsoNormal"><b><span style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
          color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
          lang="EN-US">
        </span></b><span
        style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Extract
        from page 13 of
        draft-08:</span><span
        style="mso-bidi-font-size:19.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><br>
        <br>
             Note that the RO and end-user
        are often the same entity in practice, but </span><span
        style="mso-bidi-font-size:19.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:#00B0F0;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">GNAP
        makes no general
        assumption that they are</span><span
        style="mso-bidi-font-size:19.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">.</span><span
        style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US"><br>
      </span></p>
    <p class="MsoNormal"><span
        style="mso-bidi-font-size:18.0pt;font-family:Calibri;
mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:black;
        mso-font-kerning:12.0pt;mso-ansi-language:EN-US" lang="EN-US">Unfortunately,
        this Note is
        wrong. Section 1.5 is failing to provide </span><span
style="mso-bidi-font-size:18.0pt;font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;color:red;mso-font-kerning:12.0pt;mso-ansi-language:
        EN-US" lang="EN-US">a single example </span><span
        style="mso-bidi-font-size:18.0pt;
font-family:Calibri;mso-fareast-font-family:+mn-ea;mso-bidi-font-family:Arial;
        color:black;mso-font-kerning:12.0pt;mso-ansi-language:EN-US"
        lang="EN-US">where the end-user
        is not also the RO and where the RO is an automated process. </span><span
style="font-family:Calibri;mso-bidi-font-family:Arial;mso-ansi-language:
        EN-GB" lang="EN-GB"><br>
      </span><span style="font-family:Calibri;mso-ansi-language:EN-US"
        lang="EN-US"><br>
        This comment has already made several times, but no action has
        been made to
        take care of it up to now: section 1.5 has still not been
        modified.<br>
        <br>
        <b>8.</b> <b>GNAP versus GNAF</b>: <b>do the current drafts
          describe a protocol
          or a framework ?<br>
        </b><font color="#0000ff"><br>
<a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/51">https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/51</a><br>
        </font><b><br>
        </b><u>Response</u>: They describe a framework since two
        independent
        implementations of the drafts will be unable to interoperate. <br>
        <br>
        In particular,
        the issue about "Format of defining REQUIRED vs OPTIONAL
        request/response
        elements (<span style="color:blue"><a class="moz-txt-link-freetext" href="https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/257">https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/257</a></span>)
        is still opened.<br>
        <br>
        The protocols are not defined end-to-end. In particular, which
        treatments and
        verifications should be done by a RS are still left undefined.<br>
        <br>
        As long as this situation will last, the document cannot be
        considered as a
        "Grant Negotiation and Authorization <b>Protocol</b>" (GNAP) <br>
        but
        rather as a "Grant Negotiation and Authorization <b>Framework</b>"
        (GNAF).</span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:EN-US" lang="EN-US"><br>
      </span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:EN-US" lang="EN-US">Denis</span></p>
    <p class="MsoNormal"><span
        style="font-family:Calibri;mso-ansi-language:EN-US" lang="EN-US"><br
          style="mso-special-character:line-break">
      </span></p>
    <p><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:View>Normal</w:View>
  <w:Zoom>0</w:Zoom>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:DoNotOptimizeForBrowser/>
 </w:WordDocument>
</xml><![endif]--></p>
  </body>
</html>

--------------RAMoPFLYfgYSZ0FWsJFiGn6o--

