[Txauth] Interact Section
Francis Pouatcha <fpo@adorsys.de> Thu, 11 June 2020 03:12 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E73FA3A1658 for <txauth@ietfa.amsl.com>; Wed, 10 Jun 2020 20:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMm-84vfS5zW for <txauth@ietfa.amsl.com>; Wed, 10 Jun 2020 20:12:37 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFCF73A1627 for <txauth@ietf.org>; Wed, 10 Jun 2020 20:12:36 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id x13so4537972wrv.4 for <txauth@ietf.org>; Wed, 10 Jun 2020 20:12:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:from:date:message-id:subject:to; bh=k9hX7UXYlGsi0l8m73y2L3W501YpPskGPuNrnnPpA/U=; b=dFKM7y4yNdcTbRqwdGaTNBzp4QCRZ64dKH4yrCILk+96kOLeZZiQtWfAMeq4rps5+E B2Wd8pUoshxK2iLZvYwCn66A5DkEGikcNKbqmTeKkEjNELEe43/RPBSHmUckPfeGCNUq YORrun3Uxmh4jASDCnUvEbzMtcLaygPXbCL2M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=k9hX7UXYlGsi0l8m73y2L3W501YpPskGPuNrnnPpA/U=; b=R+ciyx0AIAebsbDFP0o+fkh3P9J92fExI9VPkzcox/bdVVnxlmIMoUrjAx3i0oKDhM kPmXJjfdbVdGf9fKn4PHpLGEMgQruJR8NB9P9l+n4XQV1YcrhjNe0noGx46PQFTEZ2x5 5ML7AsvYPmAuLCf/a2ETsAUJcB2bSTr7jl0RRPlBG33ouMc/f2ZzIdqtfYhuc3K8yIrN p6CErtgNDzd06N9zZfjhVhGGzkZHu2CViKQI+QvE1ausNpLcZVC3weHNzEXsy51tZtSA DPgKD4IUHy90jqTzATsBb/IlN0x0V8OKxsyj+YXlyrme49nKIPsploKLOU/fmO8zEnMN I7Qw==
X-Gm-Message-State: AOAM530cCG2bnn5HJ1uNdqVL/NyikqwaXuWVgVtoOJlGgptLgpoqIK7W GeP8oa9hmr8JFWKgQgy93pnw6/+Z7+QLkkteN3/zz8FQ
X-Google-Smtp-Source: ABdhPJzPbdWXo8PGv5nluFzLmyOj6+pTWcbZO89efNrxE11VMUtFHVOm8pYFMXABrLiQDUoX18SJhdPT0LIy2yzz7Kk=
X-Received: by 2002:adf:e545:: with SMTP id z5mr6773636wrm.89.1591845154820; Wed, 10 Jun 2020 20:12:34 -0700 (PDT)
MIME-Version: 1.0
From: Francis Pouatcha <fpo@adorsys.de>
Date: Wed, 10 Jun 2020 23:12:23 -0400
Message-ID: <CAOW4vyMvZchnyBKVbvyjw_GgkbmfDC=fnbRK15PGcwyGc0tukA@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fda97d05a7c65431"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/v-iH5ID8VaOojx7fGniffrxCQdo>
Subject: [Txauth] Interact Section
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 03:12:39 -0000
The interact section of the <<draft-richer-transactional-authz-08>> sort of defines the choreographie of the authorization process (flow). I am missing something like: - A redirect flow here the AS instructs the RC to redirect to RO to the given interaction URL. Upon completing the RO interaction, the RO will be redirected back to the callback.uri specified by the RC. SO there is no callback here. - A decoupled flow is actually not visible. This is, I assume upon receiving the <<transaction authorization request>>, the AS initiated an interaction with the RO (-device). Upon completion of the interaction with the RO, the AS invokes the provided callback.uri to deliver the token (authorization) used by the RC to proceed with the transaction request>>. - An embedded flow seems hidden behind the didcom section. With the evolding number smart devices, the embedded flow shall open room for different types of synchronous transaction authorization requests in which the RO gives a verifiable assertion (proof of possession) to the RC for use at the <<transaction authorization endpoint>> in exchange for the seeked access token. This assertion can range from a simple password to a cryptographically signed claim. "interact": { "embedded":[{ "mode":"encrypted password" }, { "mode":"didcom" }], "redirect":[{ "callback": { "uri": "https://example.com/rc-front-channel/123456", "nonce": "VJLO6A4CAYLBXHTR0KRO" } }], "decoupled": [{ "callback": { "uri": "https://example.com/rc-back-channel/123456", "nonce": "VJLO6A4CAYLBXHTR0KRO" } }] } Still no idea on how to express the RC flow preferences to the AS. Maybe the order of entries in the interact sesion -- Francis Pouatcha Co-Founder and Technical Lead at adorys https://adorsys-platform.de/solutions/
- [Txauth] Interact Section Francis Pouatcha
- Re: [Txauth] Interact Section Justin Richer