Re: [Txauth] Additional implementation
Fabien Imbault <fabien.imbault@gmail.com> Mon, 06 July 2020 08:19 UTC
Return-Path: <fabien.imbault@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 929323A11C3 for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 01:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5B6LCgbDHXYm for <txauth@ietfa.amsl.com>; Mon, 6 Jul 2020 01:19:15 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4564F3A11C1 for <txauth@ietf.org>; Mon, 6 Jul 2020 01:19:15 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id i4so38355124iov.11 for <txauth@ietf.org>; Mon, 06 Jul 2020 01:19:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=r4v+qriGN+GIoZzUh3h5ZaWeKzCbBS2yfVALT0xlp1E=; b=J+06rm6MQvz2EsAI21kl9Y2G8VmHRyd6RP2xGqpjGnHmPQA6jsCZsI11flEwl/90d6 izgPXVlBQjaxUpaFqP0CLAw092im9uySm/ZFHQqLQqXiLEHbt5jtsEwkUm7ed1Xf97T0 0rZnGcYsH3kVklmBMo+sd0B+QUJhWqEBLvD0hltiQ/akjXvgTg0sFoHwzAhr5JKp0oa4 OUBjHFkoeesyCCwTcCIXeR2bCuwSHOQ7aMMzB3mhY0HsUj/L8gQs4oouOcRhn30vxKw4 a2aqLfujJ7xVD2U6OgOxM29e9HOpZhLPua1hE22jUHBq/GU9YhRPYFNPsd68zgvQoAxu fXcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r4v+qriGN+GIoZzUh3h5ZaWeKzCbBS2yfVALT0xlp1E=; b=lA6mVn8h5BlsnpBWIzku3znJe+z3ECQz8Ilepbqt5ddCJ5a012IN/A71lHcZea3QU/ WpP7SLXk4qMRaMxhSvXX+HOL3E49tTC/ghtpx8Z46HbdkbH8eZVBQW4GUAfeNHKC/I7c HUQA+rDq+grjYzOLq5r+HlEfroHLz5Nu0uY+MF6sH6wRtyYyLnEnE7bZO34mf0IyTZRQ VSPVFzK/T2+bJfSbfeNpVd34YMq1QZqo82yuQ2FQk13TkZxsbfu2ZPbfPPFjONCXHuGT 88mUNdQMEkbiBYWC2AsFOW8Q6uGQN5hV3uyj0MM902wfqq0dUeehW7IeoqsaTmHXC3Qg yK2w==
X-Gm-Message-State: AOAM531zSpSwdUJo7yfyMF9N97Gi/0bwf+MFAdVh1WR3kPkn771ish4w FCEE+WqcOB2KwsYPB+SK9P0bywCEpkOxOBiX3ZTGPhnECYc=
X-Google-Smtp-Source: ABdhPJxI50uu2SmEU9UBMvl8bcLQgz7GUMCf4ho/YxpEQnuBJ3mNUbnrAEUJBc2zZjYEhRGtd0OxXel+oxefRH1LG6E=
X-Received: by 2002:a5d:8f98:: with SMTP id l24mr24050939iol.141.1594023554446; Mon, 06 Jul 2020 01:19:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAM8feuRA1VfPs6bdrGgssBeBNe4wPySHjKcjiP6HexKMUff4DQ@mail.gmail.com> <CAD9ie-t7Lzt8S09YKPqwhc__7fKU6XpsyL1m8CGYUqfQwj8+ww@mail.gmail.com> <CAM8feuQK7HnKWd4TuusKy6z5q0K8V1+fO7xdqnLwOckThgtfNw@mail.gmail.com> <CAM8feuT5VO3w-PJWX-SWL0tdoCH4TfzfTnabD5kNLfZ=T8nAZw@mail.gmail.com> <CAD9ie-vUGGRcsv2mC6OD=p2P-jRLbpWo1dOfq3AVYc9gU1S8hA@mail.gmail.com> <CAM8feuRc_arjH-mKyXo+4k_PzRZ0Pq83fkNsN3_YM0mZ8VmmMg@mail.gmail.com> <CAD9ie-un7KEtreop+CYgkds5R89Xc26qCxt5Zd9zHRzY9UEH5Q@mail.gmail.com> <20200705225343.GQ16335@kduck.mit.edu>
In-Reply-To: <20200705225343.GQ16335@kduck.mit.edu>
From: Fabien Imbault <fabien.imbault@gmail.com>
Date: Mon, 06 Jul 2020 10:19:03 +0200
Message-ID: <CAM8feuTBw+ZqMpEpsYMkEKbytWA227NcMNHp00R7s0jFhcEXjw@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Dick Hardt <dick.hardt@gmail.com>, txauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b9f83205a9c187fc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/zGRvCvHHNOxa_pIgWMegmyKSfY0>
Subject: Re: [Txauth] Additional implementation
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2020 08:19:17 -0000
Writing too fast, with an iteration of unrelated examples, did not convey the right message. Sorry if it wasn't clear and confusing. We indeed need to differentiate between bearer tokens (e.g. JWT, macaroons or even simple cookies, etc.) and identity claims (e.g. OIDC claims, linked data proofs, etc.). I only wanted to say that we need to take into account that there might be a variety of formats defined elsewhere. Not only OIDC (for claims) + JWT (for access tokens). Regarding JWT vs macaroons : I would say that JWT are additive, while macaroons are organized around caveats (so they're subtractive in a sense). But indeed they are both used in similar settings. Hope that clarifies. Fabien On Mon, Jul 6, 2020 at 12:53 AM Benjamin Kaduk <kaduk@mit.edu> wrote: > Hi Dick, Fabien, > > Just to clarify on one point, and check whether I'm confused: > > On Fri, Jul 03, 2020 at 06:32:44PM -0700, Dick Hardt wrote: > > On Fri, Jul 3, 2020 at 1:19 AM Fabien Imbault <fabien.imbault@gmail.com> > > wrote: > > > > > On Thu, Jul 2, 2020 at 7:34 PM Dick Hardt <dick.hardt@gmail.com> > wrote: > > > > > >> On Wed, Jun 17, 2020 at 3:47 AM Fabien Imbault < > fabien.imbault@gmail.com> > > >> wrote: > > > > > > > >> Just like OAuth 2.0, the access token is opaque to the client, and it > is > > >> not specified, so I'm confused what you mean by "other types of > tokens than > > >> JWT"? > > >> > > >> FI : I mean, for instance, linked data proofs, macaroons, and so on. > > > > > > > I see. When I read 'token', I think of access tokens. You are referring > to > > what I would call a claims, which per above are defined somewhere else. > > My understanding was that macaroons, at least, were complete tokens that > incorporate (at least by reference) multiple claims. So a macaroon and a > JWT would be analogous in that sense (container holding many claims). I'm > not sure whether the same holds for a linked data proof (or if it's just a > way to represent a single claim), though. > > Am I confused? > > Thanks, > > Ben >
- [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Dick Hardt
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Dick Hardt
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Dick Hardt
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Justin Richer
- Re: [Txauth] Additional implementation Benjamin Kaduk
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Dick Hardt
- Re: [Txauth] Additional implementation Wayne Chang
- Re: [Txauth] Additional implementation Dick Hardt
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Fabien Imbault
- Re: [Txauth] Additional implementation Justin Richer