Re: [GNAP] New Version Notification for draft-ietf-gnap-core-protocol-11.txt
Justin Richer <jricher@mit.edu> Mon, 24 October 2022 19:54 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36153C14CE35 for <txauth@ietfa.amsl.com>; Mon, 24 Oct 2022 12:54:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojeFmRDgXeAd for <txauth@ietfa.amsl.com>; Mon, 24 Oct 2022 12:54:55 -0700 (PDT)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8BF1C1522DD for <txauth@ietf.org>; Mon, 24 Oct 2022 12:54:55 -0700 (PDT)
Received: from w92exedge4.exchange.mit.edu (W92EXEDGE4.EXCHANGE.MIT.EDU [18.7.73.16]) by outgoing-exchange-1.mit.edu (8.14.7/8.12.4) with ESMTP id 29OJs9k4032429 for <txauth@ietf.org>; Mon, 24 Oct 2022 15:54:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1666641294; bh=JL/za5wcrqB1cpuuF1UV6gMLRySJ7phhOiWqApe6UuE=; h=From:To:Subject:Date:References:In-Reply-To; b=RPbAnE0mwpV4kyt7shXY5V68vXOHuI+UTsou8D7Vr7duGIFIfqOboktA+1REpYi55 qZpPs4lmL7MFPazhwdWBUZk1vUGUovcv53Xg1ZATI/0Z7MnpG0DGfInsRBQhOeuuFf TWZopkEebBEAX8aUJXYcOVaFgAdDIu1tHbPSjCJaYr4l8u0iCU7IbRXys45aKlC5wt mRjwnQHSScNBicKYhky3BF6JUtcyA1GHOaOZz/jrsH2xJVo1EQxPBv+58YNjntgG1v FSimVG7TFEgApSWG+LjxRzc65LAMXdyhNyJ0+6l38Hq29FFkb4n49C11PtVKD+U4+B tJhJLY5IyzEWw==
Received: from w92exhyb5.exchange.mit.edu (18.7.71.110) by w92exedge4.exchange.mit.edu (18.7.73.16) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Mon, 24 Oct 2022 15:53:48 -0400
Received: from oc11exhyb8.exchange.mit.edu (18.9.1.113) by w92exhyb5.exchange.mit.edu (18.7.71.110) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Mon, 24 Oct 2022 15:54:10 -0400
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by oc11exhyb8.exchange.mit.edu (18.9.1.113) with Microsoft SMTP Server (TLS) id 15.0.1497.42 via Frontend Transport; Mon, 24 Oct 2022 15:54:10 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nZlt8r879qTEmzylZ5UKxZ0UGWPrfGJSjScA14B3HoJ1VhdrnRw5rb0NZCyDQuZHIqKcPjxGvoq/oMUH1QyMhmm0hZ5WtHhKj3n0g96VrL5mJnpzJsWOun/Z6DZydU3MHIuou28sX7vFWecOevk4O+8fFA7HrJ8xlMG4xe0lCtZuuDkCpmOFbWINqKJ26ShhOSu6gtrvxXk4WLwkFtE1Og+NOBifnA5W8ONtsI8u2ZCL50/RGy5CTV0SOFhT5CRSX1jKjuCO+hGnfcrRBSGI+HeyMxKMLCYhXXyFFNRMY1xsvDfD0dt7Nw/R0zmLuFmn2jUoCJ+Ok7gok6OQ5wxlNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JL/za5wcrqB1cpuuF1UV6gMLRySJ7phhOiWqApe6UuE=; b=ge71vvS2sZNlMkfgSguqDaDG4cUikwNXr7MLtiJsx89OjnqdoGpw85HVQGRd9P63OInsQbwJhGYABEd4h3qU1o8WKWg43wWHil2BTq7rDDy8R+IHcQDqngT62KWb7KzEg2xdTaRnMAuBUnLTfrj50rAUA6tUnFMWRQEKLU4iptCux40y4MsTghCq4QwmmWa+egiYJyI5AhdbmizAFJwfu4yMKdAhrGL3ilWFlbO5TXZqeUJHhk8TKlWDIu3lEQYkbOCs/NtyKTkTXVheo9l/YGgQNA8VaHfQzvE/W8BlMIDqr548MwPWFVYuLilSJ3KN8mj14bZSHR4D1mDvd/dKzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by MN2PR01MB5374.prod.exchangelabs.com (2603:10b6:208:10d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.21; Mon, 24 Oct 2022 19:54:07 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::9d85:53b9:9d56:e615]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::9d85:53b9:9d56:e615%7]) with mapi id 15.20.5723.032; Mon, 24 Oct 2022 19:54:07 +0000
From: Justin Richer <jricher@mit.edu>
To: GNAP Mailing List <txauth@ietf.org>
Thread-Topic: New Version Notification for draft-ietf-gnap-core-protocol-11.txt
Thread-Index: AQHY5+JgdHlw4BMwj0G6j3nN/vg/Dg==
Date: Mon, 24 Oct 2022 19:54:07 +0000
Message-ID: <BCA69C6C-4B18-46CD-B19D-EC8F2FFD0D4E@mit.edu>
References: <166663998339.23947.6560269861480369595@ietfa.amsl.com>
In-Reply-To: <166663998339.23947.6560269861480369595@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR01MB4444:EE_|MN2PR01MB5374:EE_
x-ms-office365-filtering-correlation-id: 3ae37937-14b2-474b-a776-08dab5f982ff
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Ok+CjKnfUtaaQrwvEx5vS26atB/Pavd89I0evotVlPKZPNVXyI6TUM5iDgpoXs21LMKheJclHjl+5a0vOXsC0/UscIjrIRx0WVhqxKlgcI/XWuLlv9Wq3J1f3qwaJDiN6v6EqufuwGSNsCZLecwN5kMF4kY9fsNCI2fn+5NcK70AbXtw/F+mNUQv0ezMIEj3AKjcta6Q1TwvnKzMR4aD0pq4Ij9YnXfb34Ir5aEycyhMOfQl/yp2IV0hd1UEPuoHbwX2tpuGxXdbyy9o8IKn/us2oijWHtJtwTnrKcFSswQGXFSDVhxltAJH/xE1WOlb+yVWgY6KFTIP/grkPwsoFI0VeT0i3NYZzI4N0U1DeqJqGXKFRYumzIoI0Z0jxv1VLvgeYDJgMyuxJk4OW4KV9yia9FRzE9qfxuKmrLsqDmBLZLqEhvAnpW3SXbPoZqb9G2J820OAsL1NJbCBXU4jBk3mD6SpVvqqWBho2bAR0SqfCq502Ih1nJFlpGe+WsaNsP2TI9Lx0k/x0MGyC8b2nfVm1L0SJ4EsLoQK7POgfUq4E6jcgy4a+iAujQ94G+R9bIQtyJg3glvUSbYMYZWCMXyPo8+7mQ1yCEFgM/NTC14TZNfI5+04lb/bZO9WIFLOSVum8AXl3Pclt3FGEjSBTfCE6QkQQGQhmzaNlNhlUsYk0QWXJg7mJnIohpJVgVZ7xKCbGgboL5ooH2EEx4ot3ArlsE5dlP9a0g+ZORWL/cXcC+YYTgQdsESh2twbRnahwNF3SkIeCetE+PnAHb/xskARCJRgAXo+J+Xw/Lsx1fd4WYy6YXtvm+K04xZ8tCZ/JLIfFVgqCSKfWoOLV9nkrg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4444.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(39860400002)(376002)(396003)(346002)(366004)(451199015)(53546011)(6506007)(6512007)(26005)(2616005)(36756003)(4001150100001)(2906002)(966005)(6486002)(71200400001)(38100700002)(15650500001)(122000001)(478600001)(86362001)(75432002)(8676002)(38070700005)(186003)(83380400001)(33656002)(66574015)(8936002)(64756008)(66446008)(786003)(316002)(41300700001)(5660300002)(6916009)(91956017)(76116006)(66476007)(66946007)(66556008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: BDsj4FaaUpzXDGT5nWBDvGWW69ESPfqYfye/ALQgITiH0GOn0Qt+XTinF4u/SI4UejsfXhsEs8GulM1fBLqvxFUSD/QntSVNYWRjzjHhNPptWJr6X/rryWu9EIyUfQ2nP3d2b7GUqCiP6iEQP40+pAAi86kDJczWYP8jPHnCxc8FYAfzQ461A8S8uvXPWla94yhDDBfjDyriZplkXdxC5TNvqaz1VWr7B0SFK0JbmoGE8W5c8RPR7fbQJY8pOpS8cJ/hprKgwMbo4voHs4PFaGMMaD/Z12BasszME5A4GDqUpy0bG904qwNdK5WejBf0SRlw61c/buxuS0/iRreTZ8mg3u/KwAfEwHZqtS2/59Zk/NrTYd+OdWFTsDkqnDcQ5tLK7Spbb5VajkCIjs6tR9D8w5Ny5vhE7o5OEnTEeoEiU0ybq89pgV59u5/Ld9wXLFY+XlbbkPb7Ctd8nZ0Y3Pq3NcLJoMnGm5qsdHkxajE1+1zQCXAcE8AI9ctdoMNXiXt/hABDbnv63YdoWam+JuhZ+MFpBc71xdkYSgD6Px0NifBDZSgUtbrny9ia+E0TntkyHm4KPFqq1jEParqnEZuxc3slo/xewa2Ds3IAKjugpMdawvTVQ/jib3i2xihwXDNtO5FEzlflILPE+qmqscU1D1yf48P+tvQ0dsuVmWzckRc0ZI30Oeyh6IqTm5yMeWmMfaiHpS37q1qFija/PmjLItGOSgSfuv+qovNY9NkpHtfc3UMXNK9Gjt28H3auM01I9qPAN3MWDWD+advyTOJXCpyvzOOdRvyM36Ck6/BoUmft03bnNbhbsqDYba4ZjaiRa8Zhss/L+EaZSus4baaZUfR5yaGWkaRMzD1o19qN6JkeDdAMI0S8k+FkO71lD1N20UA0RpkoUKtcn/HTzFyywIp07nkjlFUKOg49MaPAWGwo2wo/vz7zLYNe5C6yyCDiMjhOa/D/9SKqQdcH3IsO9jEhUq7cWwNhYfrMpfEFhmvIdyvDw8iKv7OEIgBmF9rEpckOrLdja2OMpi4t3ny05hZvYnFxurkwNqZ/K+abghb6d/kVbmL3tCELIm/J2VKIRFIh5zRg8rr0RY+i6wDDeSQFZV2mG5gNXjd3iJNZQVCjCY4/pKCciojQBWawkX9jr5jvbWoMXUqW5Raw84rqrpUqVdqaivPxK9ENyKMP8+6Fulkg0O3DhPnZHR5p/XfFks5bQDX3Y56ZJrR7OW6d1ppNuNGi5IM18cmcuTEfjJQoDC1p6tX6hS8bme6NqLsRnyemFT9kiE6zqSKfIBAs3dDhwdo4cOivH2dbFxmUi0dXi3+0XqlIZupng/57k3SKr6ZlidH/QlhxuATTQjIA3COD/4UEkpnvFk+aZWNcgFdlDpaEO2GEMZL/U7s7V46taCjua/SKmowqCFt+vDrDjZCq+d6ctuM0dQEscs9oWy/r01ajcokqJtO4KAvUYKhEMLTuhqhl9+p+vRaql2BqJjCHPBxec80xBi9O59MGRunVL1smEosH7c1RwEsTN33r70Q5Z3HNaZnGx4PYtr3flUEMsbulfMy7o46yHUZ5tYr/pzzzF8tAgxEF4YWJ
Content-Type: text/plain; charset="utf-8"
Content-ID: <2A253755482D0A448E28A35486CA4D4A@prod.exchangelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ae37937-14b2-474b-a776-08dab5f982ff
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2022 19:54:07.5154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EHV1uYqh/ix5dr9X92pF4tmRHh25nE5vA79Rc6GZ/VNTI0oFt6LUU8m+yBdYCl8M
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR01MB5374
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/ldMqgR4FAJ5ur587osgmOcWYPrg>
Subject: Re: [GNAP] New Version Notification for draft-ietf-gnap-core-protocol-11.txt
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2022 19:54:59 -0000
Hello everyone, A new version of the GNAP core protocol has been submitted, bringing us up to -11 ahead of the upcoming meeting in London in a few weeks. This version represents some significant editorial work as well as a couple small normative changes to bring different parts of the protocol into alignment with each other or finish defining functionality that’s been hinted at but not fully defined to date. The editors have been combing through the entire issue backlog and this version is the result. We’ll be going over this change set at the IETF meeting, but highlights include: - Filled out IANA section - Additional security considerations - Interoperability profiles for mandatory-to-implement functionality subsets - Discussion of dynamic grant endpoint discovery use cases - Discussion of intended extension points to the core protocol, including guidance for those writing extensions - Clarification of the relationship between TLS and the signing mechanisms in GNAP (ie, why we need both) - Addition of an implementation status section (if you have an implementation to list here, please post to the list or raise an issue/PR to add things) - Addition of the “sub_ids” request parameter to allow the client instance to target a user for returned subject information; this is particularly useful for cross-user cases where the end-user and RO are different people - Keys can now be sent in only a single format in a given request - Key proofs are now defined separately as string-type and object-type, aligned with other protocol elements like interaction start methods that use the same format - More error codes are defined, including the places where they’re used. - Some more normative requirements on the self-declared client fields in the dynamic introduction cases. - All URIs in the protocol are absolute (this was assumed before but is now required) - Access tokens have to fit “token68” characters instead of just “ASCII” (this is parallel to OAuth and other security protocols within HTTP) - Specific mechanisms for presenting new keys during token rotation operations and presenting multiple keys during key rotation operations. - Addition of the “referrer” field in RS discovery responses and definitions for its use in the grant request Thank you to everyone who’s contributed to this, and we’ll see you in London! — Justin and Fabien > On Oct 24, 2022, at 3:33 PM, internet-drafts@ietf.org wrote: > > > A new version of I-D, draft-ietf-gnap-core-protocol-11.txt > has been successfully submitted by Justin Richer and posted to the > IETF repository. > > Name: draft-ietf-gnap-core-protocol > Revision: 11 > Title: Grant Negotiation and Authorization Protocol > Document date: 2022-10-24 > Group: gnap > Pages: 205 > URL: https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-11.txt > Status: https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/ > Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-gnap-core-protocol-11 > > Abstract: > GNAP defines a mechanism for delegating authorization to a piece of > software, and conveying that delegation to the software. This > delegation can include access to a set of APIs as well as information > passed directly to the software. > > > > > The IETF Secretariat > >
- Re: [GNAP] New Version Notification for draft-iet… Justin Richer