IETF Logo Mail Archive

[Wish] Authentication for resource url

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Wed, 08 September 2021 14:31 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BD3C3A2A30 for <wish@ietfa.amsl.com>; Wed, 8 Sep 2021 07:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CxdIcMhWqEsy for <wish@ietfa.amsl.com>; Wed, 8 Sep 2021 07:31:11 -0700 (PDT)
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 975413A2A43 for <wish@ietf.org>; Wed, 8 Sep 2021 07:31:11 -0700 (PDT)
Received: by mail-pf1-x42a.google.com with SMTP id g14so2235290pfm.1 for <wish@ietf.org>; Wed, 08 Sep 2021 07:31:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=AFxN43AJVn7g2nnu55ABj6c97dNsjCD4hkMEpaXZ7Vs=; b=Aw/ymjzoCEimem5W7H/uG9IMltQ9Zzh7zTcOfZI4Wn4qcCNAu2HysqfFXClNO2oEyS Szl3b/w63QN1B6BYXjhlqF9731nVI6NSwevq7VvqMM8+esVFCmGJvzIgclLaSDyLBQPM 7RvTMUKPAkkicj0nhlc2ujamm/sQgWoePtR5yBJF6afOn9KqkiyrcMH4g1XkNHP/w0fs ViB7k+OUtRtfB3Gx1nHhD9IZHLlu47bWMU+yjbxoDt6v3sb+CfeqBey/aVXSHm/x3AnP aqS+WDPKP306bYIa6nSt/b7CJU7RqDehAq90UAX+fhj6BFNfVyW41dTUVbXKP2ZOjMeU qIeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AFxN43AJVn7g2nnu55ABj6c97dNsjCD4hkMEpaXZ7Vs=; b=w/IVWuKPI415N76qLW50K+NRYRQRZImGFY65H+xJ76eKd+EmuBiAVGb8NbRPIi80eJ FKKDTzYHsNaHvqn7buSyVAo1rjqSHrI3CAZf6ajKl71xfL+b1EKAXlG21ODTZtnx7MFI kX231Ec5eU+X8MQlzGd7rfiAIr87FhrJ+/wDaDae3Y8LEQPOJPmW/w9pImSDGB8GWcGM HhW93lMqIRxtpYDQy9RNs+A2uM+xWJX9GOryvorMQ+NAIuFcVGyOJy6B/Ql2PShywxxR Hb+RkPxifzw1cN8l2QY5JWgsUWuP2NuOCTpz39g8V8nQKNgiT6bUor44cKqH3MAF+/8H jzuw==
X-Gm-Message-State: AOAM533VHzWHaVDzELXc/EFkn7EsjLS8E/1Op98NYVaSG51aGN4iReaT mqnoiLazoR4KUPzOBvcgMbrSg1eIC1pr1wkfeZMuDdg6
X-Google-Smtp-Source: ABdhPJyVFsmimc53FWo2sZ4BgwZq8lUPeTKK+k8K3k06CcFilvFAUfVVDqcpP2GnUvIQZ/lVLuk3m5PnVnNefzzjvQ4=
X-Received: by 2002:a05:6a00:2189:b0:414:22ae:eab9 with SMTP id h9-20020a056a00218900b0041422aeeab9mr4076632pfi.65.1631111469591; Wed, 08 Sep 2021 07:31:09 -0700 (PDT)
MIME-Version: 1.0
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Wed, 8 Sep 2021 16:30:58 +0200
Message-ID: <CA+ag07bjtS1Ucw1BZ5qQ_jJFfXbfQ3-hzDgxfkV1APhV1JZMnQ@mail.gmail.com>
To: WISH List <wish@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bbf0a405cb7cbb4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/QU-jA3VM0ARzWgybpiqNVXfT9Ho>
Subject: [Wish] Authentication for resource url
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>, <mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>, <mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2021 14:31:17 -0000

Hi all,

Lorenzo asked me a question regarding how the authentication of the
resource url returned on the location header (the one in which the DELETE
and PATCH requests are sent) and I am not sure about the right answer.

I think we have the following options:
 - Use the same mechanism/info as the initial request to the whip url (i.e.
sending the Authentication header with the same bearer token)
 - Returning a randomized opaque unique url
 - Allow using both?

The randomized opaque url is something that the server is always free to
implement, but should we explicitly  state in the draft that the client
must send the same authentication header on those requests?

Best regards
Sergio

v2.8.7 | Report a Bug | By Email