Re: [GNAP] review of draft-ietf-gnap-resource-servers-05
Justin Richer <jricher@mit.edu> Wed, 01 May 2024 19:05 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C47C4C14F5FD for <txauth@ietfa.amsl.com>; Wed, 1 May 2024 12:05:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5WrGTzI5Ujs for <txauth@ietfa.amsl.com>; Wed, 1 May 2024 12:05:29 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2131.outbound.protection.outlook.com [40.107.94.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47B67C14F5ED for <txauth@ietf.org>; Wed, 1 May 2024 12:05:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kSujKUdcaYvfSrWwAqu3/bcMONoMDY4xuUxDPIms98b0jm2f3qVL/O0Ba2lsPPHkHVTCPenFuLAdyDw1GHJG4WRhpwCNYjZObi0iV1eioKidIqN6gPnF3zZku+kBi95hyTMWB59xyv93dh10BkEIZw93A1iRUcHzlWWXkXhjhVWqBbLlX369jgD8Ucs5kp8v3WWs2M4NpRtGeYj5wWv5b/AkKZXTloVpxVo3RFZdWF8C+T920HeNFaf0dw4YRlelQ798CVLhLhQJHBRzyNo7cVwC94YEXgAoud+qLal4ggXVDNVsOEAaLW2k2JnCp/6pE1TGV1r4/7Ujyt6JylrKaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bL0W0P3KzCMv1xw4ymqtQRMynLc4p3hlTPj63YBPQuk=; b=FYo7PgQeLLebvaWBBnGkOxjHyVj6D/qwRge6ClkSxUxqFCY8yaH6u8n+hDJ/VJfX904+fi1x0JSYGHeycn66GQS3bz1SOrNy1s2w4qhAJWkZ0p/gW7tOJ1mkJpYg5BuJnFskF2QwUoemrZl84Wi6s5FI46tt6+q92BmCluoqG50OD94wd6vlcL/CAxW49yQroEWSjCscsFiv6bfMLrVQ3R8yhFpNcMFmDZmJwHjLoGNIyFJa2uOr681wOzMmwOz9Vko06R1nDXN51FjS6W24/QuZmn+nyRyvyfts67csLYgfDjjfYpPGXFlnvGdK+dZu7JZK3DgOdph+Og3hMhPRiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mit.edu; dmarc=pass action=none header.from=mit.edu; dkim=pass header.d=mit.edu; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bL0W0P3KzCMv1xw4ymqtQRMynLc4p3hlTPj63YBPQuk=; b=qdP9cyKhUn7sWmJxVzPIfja0jPHpJnz+31eY6BR5/i4qZGWN3y2gcLrpdggNWbshRY4eNjO38ztIsK35e+KlWpYXoBW8Cuk6A6eP9noXaNbR6h6i2ryyVuZkH2R+xKIHSkO2wlv2b9vM6HjMlWc0spjSEf1HJLsOr7WtzzX393g=
Received: from LV8PR01MB8677.prod.exchangelabs.com (2603:10b6:408:1e8::20) by SA1PR01MB8180.prod.exchangelabs.com (2603:10b6:806:339::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.36; Wed, 1 May 2024 19:05:27 +0000
Received: from LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef]) by LV8PR01MB8677.prod.exchangelabs.com ([fe80::167:b38f:bb84:ecef%3]) with mapi id 15.20.7519.031; Wed, 1 May 2024 19:05:27 +0000
From: Justin Richer <jricher@mit.edu>
To: Andrii Deinega <andrii.deinega@gmail.com>
CC: GNAP Mailing List <txauth@ietf.org>
Thread-Topic: [GNAP] review of draft-ietf-gnap-resource-servers-05
Thread-Index: AQHam1Z+wz6ZWAYGFk6h5UMB+etZQbGCvlMA
Date: Wed, 01 May 2024 19:05:27 +0000
Message-ID: <EDB9977D-EBC2-49D1-9F3D-AB3688057106@mit.edu>
References: <CALkShcvqiCGeKUYDhMcboYKauxeiFgXkWx+Ezy-USWFf_fYK+A@mail.gmail.com>
In-Reply-To: <CALkShcvqiCGeKUYDhMcboYKauxeiFgXkWx+Ezy-USWFf_fYK+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR01MB8677:EE_|SA1PR01MB8180:EE_
x-ms-office365-filtering-correlation-id: 6e183790-cbc0-49ec-05d8-08dc6a11a996
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0; ARA:13230031|376005|366007|1800799015|38070700009;
x-microsoft-antispam-message-info: cX3m1qKwKpbV8XZXt6IWtzfOLZLv0g5pac/9q0xE/PrxHmG6JvSSHO6Y8q0Yt0hJkurXj/Aplpq51pY5vvSaHk4Wk/QMelnMdSyfSPQtLN/+0ZN0xEAQnv16ZtCe3PWe/DkzJqkybwYc67S/TXRMNm2eX3mZPS7S4ziewlyVaR/YpMjOpCIO1JC0gpchzR/Cl20wOpyp+Rp10pGj6F5WbrD/E+dfK6pGF3hu4146HKvPx6YOPt7kLI5ypIWWo7S1eELgckjaOXnBoDwdwoleGCyDJnc7QXZUt4Uok/BgPTijWVCoVnp5cQnK1BOG+p78EazZt4udgasRsD0eMkOTEdYnEkoZnrxE5GAPsHZzVp72ODmyMWZggBvJroJIRRKJpSj4ot839b4ZSiz6ilAIhgDXhPK5Td0XC5bhRvmI9CdGBrRcZHCX3ZAOLJpg3y3fE/OCkYgnH7RqejdgHc2rq6yuGhIIWEfclOhtR0AbCe9hWUsYQhWftlZepIeG8XnmwdOKVWcp3DsmPF5Tkvrr/Eqow4LMm0fQE+Gbf5S0u9qfch7kNomrw6rwv99DG3msgD5kKtNfGCk0Cy739bH0P7c/tEtdwkDWfRhMDgi2yuhyVXy0J5Al4eQjdQaiy4mznAZdBacTI5uQ/4NKDI3s+sKIejH+0gaj7UQUtROKuxDRqfVuaKw8umoGtjS08rp0pkoQhSz9qmQ9UuQr3NyuaVqDPUy/soMTBoGREXIM0bNtp3qdHSmZeenPPhTodaHdg5esOCGW8TuVRyPHoCMGwucpVZmJH9US2kOJzAlbpZFknVGMhuVUIUcqXimmvKqB0NfTvDO40yrG99zQ0GMs5KhSjYlhszD/1V9CBI5ai+8u5Cz8b9vq5TBZp+RhsqU4RKrmmyHrAOnHcChMeJsonYZmg7nHjAyFvpZSUvvDvCXTTB3aFHgMaYqxwffrC85Ng6StpzSdX1PnA5X8UJ+u9C33Zm5wfc9guVJZJwxcm5bIL24mWECQIGfpRV/wJuzu1HOCfvSocqa4AALuEx1LU6U95Pv924lIWW9JIlJ5ukwyujMSzjIklbHPiGzzBlmnGQbpkr1Y8uhGFyOE2MhSKAmjlWVedMfZZW0x5DKbLG5eFMl2dpo1rRdGPHp32y1RYSyr+8o73dXa9Cx+WPttKy0RNdmUXP1Ea9wZaY2MW52AHEeMm4KmVGTN7GUwoLuiuhrx5IcjKujUsPhDAjqSmIwpQETij3Iikjg1ytHwAJ3aU0hAGcVYq674cbIEK1P/BjGV9nX6vNxxRgKfkdrLuQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LV8PR01MB8677.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JXrZaMeInmJAjnusbFCm9MluJUfy08WIrsu9b2XLLN9N5NL5R+OYo0Ycl/mOhQQdSlhF+04fQN4OMnO5Jxq7Q2WGzWxQsNGg9nC+/saicbuADbNtvDCinuQZmv/bCOV8vXlLds9z1Ex6nfl3pEvLx/hbpoA2XybROzppnHa/0H/mOiLB2crKsz1xe6PC/SiJKm8qMnBXLy3IeqMY3ac2+8RzEDdX6vhMYqIpmFwzUQ29c+0f1IxhAhMG6sSZDwQuB9c6b5igWCtc7fQquFu4hD3ORhIQqDOHLjhbEu2QCx6PS7XSV1htDISsirE9D+S1/lkE4KeNY0bGaq6Nkl7KZL4XAMgk+3X67G/IgCJFVZN310XvIxywXKVzE+IVsVuAqKEOkMpICfS82hEW3yhKUZDRVIKcfQFHql6Xuds7GXa8563oAQUKpQL31YDYL24SJ/fIUcFhU5He0JX++EOMVEJq/jDc6hw98kL1VXs43KRWZUkKHUXEzJ7RwW6HdjBl9V93RIWtGF8sFYhsrhkKfDcAHTf+TRk4cWqZhvgvYIzDaasO+gAa1dtwaetP+XJG6DYiFaOkJ5HnXlIRz8Cp9+4eXhIWHtuzaCvDoD/Rtponr+BTE3NgC3HkrWGMknQLkgU6LlIxtu7GuaiIIeEIO5F5JLDzXRKJdUoxMC8ulULqK7XozGSRFILLye+xXXKF6bNX9ulKReNUclnRnshVxzEPZaYItsGu7Rrn+ygtmD5zoKx//WC0nbXMRw+3NpzrAcvd1wSUaTD8jej18WnFFHbLJplA4/wqVnyh0GTj6F9qJoewMdzv+NTu1zt3BKj+DjUqv6w7JVI6FBK5bjQ2o6SlcXMoKHjf07qGGdWu2vExTRfIt4T6zPo0pHgMArB1ar+7dbs32AO4fQs8fe90a5rS8oqlhMla4XSn88q6lBdMINZzdJrt+b9neHBtLIhT4ajsSOH98oIzSXLL2We+8yPB/SnLX71+q0n088h5XcnFjjHLaNHYhVVZmbwgSOjRI8gHs/li+HHZGg9WO5YxUUzgofM0Ama0OG7R8K1xyJr6/bHhv7kby7EwExwjJQMNXTW7JIagA6kBWhSu0p4Wh0SI8u60Tb2IBoDT94W+UCgfOyEXaQ4gkD8Rzv+1RpU5EJCUJUnMc8+kA44uaVUGRK5c/6t1FFuND5u3XN2WW40XuIM3sCIweD4hp+ME9XOX3Vr1NSsmDZDAohyXYskydu4yZiaQTppOfQ9nRMaDB07rVmCyfcbMMNjhHrwh76/9ROpBFsIDHKwwRqcKKNd+iM3xVLZtAy80jjb0qvI8zXtPwSzoncz5rmpWqT5DMuXEQLYOKqS31e/kSn9G3rXVy9d4oAcCpN1BotvQyUreQqmfQWJQn2deVW7LGzYXoJ95Ru5hUteVrEN9K7lYiIykyxW9DXqfIzpwmGT4KkRcHqNNJP+CJvCZp74TDiJJ8nmba1H0GMafJWER+jjTA4nRf6XEvqI+GMGUjqyMAewftz/o05CQtI1w+R3til6QYbnSwKqDAHx01lQVCKshSNI6aJYJMzheqjeYuiCZK5YoyOuwnOCaHpuu3TwSSXzQKDNE
Content-Type: multipart/alternative; boundary="_000_EDB9977DEBC249D19F3DAB3688057106mitedu_"
MIME-Version: 1.0
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR01MB8677.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e183790-cbc0-49ec-05d8-08dc6a11a996
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2024 19:05:27.1632 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9JfJqx+c51OFZ8Wdhu55+yO2s0gHdy63cjz63QlrGZmPxta2ndeyjq4mrnQq+m/V
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB8180
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/vA79yTleDvIu7Cv3FYxHpdk2l0A>
Subject: Re: [GNAP] review of draft-ietf-gnap-resource-servers-05
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 May 2024 19:05:34 -0000
Hi Andrii, thanks for the review. Answers inline. — Justin On Apr 30, 2024, at 7:30 PM, Andrii Deinega <andrii.deinega@gmail.com> wrote: Hello GNAP WG, I've reviewed this document and came up with these comments below. 1. in the abstract section my preference would be to have "GNAP defines a mechanism for delegating authorization to a piece of software, and conveying the results and artifacts of that delegation to the software." just like it's defined https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-20.html, right now it says "GNAP defines a mechanism for delegating authorization to a piece of software, and conveying that delegation to the software." Good catch, we will align these. 2. sentence "Additionally, this document defines a general-purpose model for access tokens, which can be used in structured, formatted access tokens or in the API." could be rephrased & simplified. What was the intent behind the "API"? Was it "an API-like mechanism like token introspection"? Thanks, we will clarify what this meant — at first read I do think it means introspection. 3. "implementors" should be probably changed to "implementers". The same applies to the use of "implementor" in this as well as in the core spec. Thank you, this does seem to be the preferred spelling. I’m sure the RFC Editor will pick up on that too. 4. sentence "This is not intended to be a universal or comprehensive list, but instead to provide guidance to implementors when developing data structures and associated systems across a GNAP deployment."" could be simplified to something like "This list is not universal nor comprehensive but rather serves as guidance for implementers in developing data structures and associated systems across a GNAP deployment." 5. sentence "In the case of an asymmetric algorithm, the model for the AS and RS need only contain the public key, while the client instance will also need to know the private key in order to present the token appropriately." could be simplified to "In the case of an asymmetric algorithm, the model for the AS and RS needs only to contain the public key, while the client instance will also need to know the private key in order to present the token appropriately." 6. sentence "The source of this key information can vary depending on circumstance and deployment" should be changed to "The source of this key information can vary depending on the circumstances and deployment." Thanks, can clarify the text for all of these. 7. section 7.3 should be called as "Caching Token Validation Result", not "Cacheing Token Validation Result". This also seems to be the preferred spelling, will address with above. 8. I suggest changing "the access_token request" and "the access_token response" to "the access token request" and "the access token response" accordingly in all places. This was actually meant to talk about the request parameter named access_token so we will clarify that. 9. Some examples of HTTP requests and responses do not include the Host HTTP header, as an example, the second example in section 3.3 (there are other similar places too). Thanks, we will validate all HTTP examples before publication. 10. "," in "is appropriate for the access indicated (if present)," should be removed or changed to "." (section 3.3) Thank you, will fix! 11. The normative section refers to https://www.rfc-editor.org/rfc/rfc7519 for JWTs. However, it can also refer to https://www.rfc-editor.org/rfc/rfc9068 from Vittorio, and that, in my eyes, could be a little better fit. Mainly, because of the "typ" headers set explicitly to "at+jwt". This can probably refer to both, in all honesty. We’ll add that reference in. 12. sentence "Expressed as a integer seconds from UNIX Epoch." should be probably changed to "Expressed as an integer number of seconds from the UNIX Epoch." in all places. This language was fixed in core during IESG review, so we’ll align with that. All the best, Andrii -- TXAuth mailing list TXAuth@ietf.org https://www.ietf.org/mailman/listinfo/txauth
- Re: [GNAP] review of draft-ietf-gnap-resource-ser… Justin Richer
- [GNAP] review of draft-ietf-gnap-resource-servers… Andrii Deinega