[Txauth] Interact Section
Francis Pouatcha <fpo@adorsys.de> Thu, 11 June 2020 03:12 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E73FA3A1658 for <txauth@ietfa.amsl.com>; Wed, 10 Jun 2020 20:12:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMm-84vfS5zW for <txauth@ietfa.amsl.com>; Wed, 10 Jun 2020 20:12:37 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFCF73A1627 for <txauth@ietf.org>; Wed, 10 Jun 2020 20:12:36 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id x13so4537972wrv.4 for <txauth@ietf.org>; Wed, 10 Jun 2020 20:12:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:from:date:message-id:subject:to; bh=k9hX7UXYlGsi0l8m73y2L3W501YpPskGPuNrnnPpA/U=; b=dFKM7y4yNdcTbRqwdGaTNBzp4QCRZ64dKH4yrCILk+96kOLeZZiQtWfAMeq4rps5+E B2Wd8pUoshxK2iLZvYwCn66A5DkEGikcNKbqmTeKkEjNELEe43/RPBSHmUckPfeGCNUq YORrun3Uxmh4jASDCnUvEbzMtcLaygPXbCL2M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=k9hX7UXYlGsi0l8m73y2L3W501YpPskGPuNrnnPpA/U=; b=R+ciyx0AIAebsbDFP0o+fkh3P9J92fExI9VPkzcox/bdVVnxlmIMoUrjAx3i0oKDhM kPmXJjfdbVdGf9fKn4PHpLGEMgQruJR8NB9P9l+n4XQV1YcrhjNe0noGx46PQFTEZ2x5 5ML7AsvYPmAuLCf/a2ETsAUJcB2bSTr7jl0RRPlBG33ouMc/f2ZzIdqtfYhuc3K8yIrN p6CErtgNDzd06N9zZfjhVhGGzkZHu2CViKQI+QvE1ausNpLcZVC3weHNzEXsy51tZtSA DPgKD4IUHy90jqTzATsBb/IlN0x0V8OKxsyj+YXlyrme49nKIPsploKLOU/fmO8zEnMN I7Qw==
X-Gm-Message-State: AOAM530cCG2bnn5HJ1uNdqVL/NyikqwaXuWVgVtoOJlGgptLgpoqIK7W GeP8oa9hmr8JFWKgQgy93pnw6/+Z7+QLkkteN3/zz8FQ
X-Google-Smtp-Source: ABdhPJzPbdWXo8PGv5nluFzLmyOj6+pTWcbZO89efNrxE11VMUtFHVOm8pYFMXABrLiQDUoX18SJhdPT0LIy2yzz7Kk=
X-Received: by 2002:adf:e545:: with SMTP id z5mr6773636wrm.89.1591845154820; Wed, 10 Jun 2020 20:12:34 -0700 (PDT)
MIME-Version: 1.0
From: Francis Pouatcha <fpo@adorsys.de>
Date: Wed, 10 Jun 2020 23:12:23 -0400
Message-ID: <CAOW4vyMvZchnyBKVbvyjw_GgkbmfDC=fnbRK15PGcwyGc0tukA@mail.gmail.com>
To: txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fda97d05a7c65431"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/v-iH5ID8VaOojx7fGniffrxCQdo>
Subject: [Txauth] Interact Section
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 03:12:39 -0000
The interact section of the <<draft-richer-transactional-authz-08>> sort of
defines the choreographie of the authorization process (flow). I am missing
something like:
- A redirect flow
here the AS instructs the RC to redirect to RO to the given interaction
URL. Upon completing the RO interaction, the RO will be redirected back to
the callback.uri specified by the RC. SO there is no callback here.
- A decoupled flow
is actually not visible. This is, I assume upon receiving the
<<transaction authorization request>>, the AS initiated an interaction with
the RO (-device). Upon completion of the interaction with the RO, the AS
invokes the provided callback.uri to deliver the token (authorization) used
by the RC to proceed with the transaction request>>.
- An embedded flow
seems hidden behind the didcom section. With the evolding number smart
devices, the embedded flow shall open room for different types of
synchronous transaction authorization requests in which the RO gives a
verifiable assertion (proof of possession) to the RC for use at the
<<transaction authorization endpoint>> in exchange for the seeked access
token. This assertion can range from a simple password to a
cryptographically signed claim.
"interact": {
"embedded":[{
"mode":"encrypted password"
},
{
"mode":"didcom"
}],
"redirect":[{
"callback": {
"uri": "https://example.com/rc-front-channel/123456",
"nonce": "VJLO6A4CAYLBXHTR0KRO"
}
}],
"decoupled": [{
"callback": {
"uri": "https://example.com/rc-back-channel/123456",
"nonce": "VJLO6A4CAYLBXHTR0KRO"
}
}]
}
Still no idea on how to express the RC flow preferences to the AS. Maybe
the order of entries in the interact sesion
--
Francis Pouatcha
Co-Founder and Technical Lead at adorys
https://adorsys-platform.de/solutions/
- [Txauth] Interact Section Francis Pouatcha
- Re: [Txauth] Interact Section Justin Richer