Re: [Txauth] Reviewing draft-hardt-xauth-protocol-11

Francis Pouatcha <> Mon, 20 July 2020 18:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0AC7E3A0DDF for <>; Mon, 20 Jul 2020 11:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id I-3iKvqrphaD for <>; Mon, 20 Jul 2020 11:54:07 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 65FDA3A0DE0 for <>; Mon, 20 Jul 2020 11:54:07 -0700 (PDT)
Received: by with SMTP id q15so517942wmj.2 for <>; Mon, 20 Jul 2020 11:54:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pq6BtKPInvvONL5Qj9cYPprcRKTBJ2eB46APU/bfsQc=; b=BysTHqc0gxasuRlHyKTMq5zZBz5tcTVfNIhIqfD8ovNAe8B/wjZLNhKynPQZjY1Jg/ uTf07hFvqZJA6ve+yqZQlHMvj1wT+r7w+xZ9avmD5dg6DP8HPi1clNpsYp5+++BBFFxh S4x7z/YYEkYIFYIqcqX6IJaz4m+a0UlW2z440=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pq6BtKPInvvONL5Qj9cYPprcRKTBJ2eB46APU/bfsQc=; b=NmarcBjKXeMQvVTze4lo9/rQanXrhVFfJqO3vz8Tkm84fXllOAn3KacV2wnhh6naLL Ok+0R8hTKaw6f4LTj2M+rWAgunGaVi+ZkygXcCWtFIW6+o8/ppu4ACL/N+SdZ8/C68Cf tnmDb8jW/7NK1r6UTwWqZ1QdT1Q3ooCXcT7ywfU3VJuL926N6nxJ/lRFgJQqmzQNOgqf 36ulQP0heK0eRoJAYyK0FKtVh3eXKlONXu51alB83mWGh60kgKqzSfzKQyteOeEQIqoB YW6PFYKHFWswUgJ8BO34HE95oZ+zTzjgDDigfuZWMM/B4nBDYdM+Ln2SQgHrUtdO3jcg J6VQ==
X-Gm-Message-State: AOAM530vMkxLXp3BwGJwBX6q6vm+D4vgMfRg7TxU52nHn3J/XIJE0WPu 7YB5/Bgx3k1AbRVIa8YycCF6CkgcOP9e+OZAH38wXg==
X-Google-Smtp-Source: ABdhPJy2ILQFqI9bfDt4GtIy5R1uyK9wGZ7tnhxioK4fowbrV0rakGVRYf0m1AY+FAbGlO9lYYI8wqoEaA0QsIsdJbE=
X-Received: by 2002:a7b:c952:: with SMTP id i18mr658875wml.65.1595271245782; Mon, 20 Jul 2020 11:54:05 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Francis Pouatcha <>
Date: Mon, 20 Jul 2020 14:53:54 -0400
Message-ID: <>
To: Tom Jones <>
Cc: Denis <>,, Dick Hardt <>
Content-Type: multipart/alternative; boundary="000000000000ecfe3505aae4070e"
Archived-At: <>
Subject: Re: [Txauth] Reviewing draft-hardt-xauth-protocol-11
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Jul 2020 18:54:09 -0000

Hello Tom,

> This interchange exhibits an essential problem of most of this work. The
> idea that humans populate the web. I have yet to see a human with an
> ethernet connection. So i must assume that the user agent is the essence of
> the human on the web.
No. The User agent is the agent of the User. The RO agent is the agent of
the RO. Off course the word "agent" only appears when the party (RO, User)
assuming a role needs some means of interacting with other parties.

Referring to a User agent does not conclude to the User being a human.

> Second there are two terms which need to be distinct in the general case -
> at least where the RO is a human and the resource contains PII.
What is PII?

> The RO aka subject is the identifier that is used by a real world human
> that has data on the web that is (inter alia) PII about them.
Next confusion: RO vs. Subject.

> The user aka guardian (and often also the subject) is the identifier that
> is used by a real world human that has acquired control of access to the
> PII about the subject.
Next confusion: User vs. Subject

This last sentence looks like the content of a new thread....

Francis Pouatcha
Co-Founder and Technical Lead
adorsys GmbH & Co. KG