Re: [Ace] Alexey Melnikov's No Objection on draft-ietf-ace-cbor-web-token-12: (with COMMENT)

2018-03-16 Thread Alexey Melnikov 
Hi Mike,

> On 16 Mar 2018, at 10:04, Mike Jones  wrote:
> 
> Hi Alexey,
> 
> https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-14 should address 
> your comments.  Changes motivated by your comments were:
>  - Added the text "IANA must only accept registry updates from the Designated 
> Experts and should direct all requests for registration to the review mailing 
> list" from RFC 7519, as suggested by Amanda Baber of IANA, which is also 
> intended to address Alexey Melnikov's comment.

Works for me, thank you!

>Thanks again,
>-- Mike
> 
> -Original Message-
> From: Jim Schaad  
> Sent: Sunday, March 4, 2018 1:12 PM
> To: 'Alexey Melnikov' ; 'The IESG' 
> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; 
> ka...@mit.edu; ace@ietf.org
> Subject: RE: Alexey Melnikov's No Objection on 
> draft-ietf-ace-cbor-web-token-12: (with COMMENT)
> 
> 
> 
>> -Original Message-
>> From: Alexey Melnikov [mailto:aamelni...@fastmail.fm]
>> Sent: Sunday, March 4, 2018 1:01 PM
>> To: Jim Schaad ; The IESG 
>> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; 
>> ka...@mit.edu; ace@ietf.org
>> Subject: Re: Alexey Melnikov's No Objection on 
>> draft-ietf-ace-cbor-web-
>> token-12: (with COMMENT)
>> 
>>> On Sun, Mar 4, 2018, at 7:39 PM, Jim Schaad wrote:
>>> IANA does ask for the expert review as part of the processing it 
>>> does even for standards track documents.  This is because, in part, 
>>> they are responsible for doing the final number assignment.  That is 
>>> which number in the range is actually used.  The interesting 
>>> question would be what happens if the IESG and the DEs disagree about such 
>>> things.
>> 
>> This is exactly why I am asking about this. It might also possible to 
>> game the system to ask IESG approval of a Proposed Standard that 
>> bypasses Expert Review.
> 
> Interesting.  The text that IANA and I finally agreed to for the COSE 
> Algorithm registry is "Standards Action With Expert Review".
> 
> That would make sure that it cannot bypass the Expert Review.
> 
> Jim
> 
>> 
>>> I would
>>> expect that this would result in a long discussion with some type of 
>>> final agreement between them.
>>> 
>>> Jim
>>> 
>>> 
 -Original Message-
 From: Alexey Melnikov [mailto:aamelni...@fastmail.fm]
 Sent: Sunday, March 4, 2018 11:19 AM
 To: The IESG 
 Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; 
 ka...@mit.edu; ace@ietf.org
 Subject: Alexey Melnikov's No Objection on
 draft-ietf-ace-cbor-web-token-
 12: (with COMMENT)
 
 Alexey Melnikov has entered the following ballot position for
 draft-ietf-ace-cbor-web-token-12: No Objection
 
 When responding, please keep the subject line intact and reply to 
 all email addresses included in the To and CC lines. (Feel free to 
 cut this introductory paragraph, however.)
 
 
 Please refer to
 https://www.ietf.org/iesg/statement/discuss-criteria.html
 for more information about IESG DISCUSS and COMMENT positions.
 
 
 The document, along with other ballot positions, can be found here:
 https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/
 
 
 
 --
 --
 --
 COMMENT:
 --
 --
 --
 
 Just to double check: a CWT claim registration from a Proposed 
 Standard still needs to be submitted to the review mailing list, 
 but it is not really subject to Expert Review, correct? You might 
 want to make
>> it clearer.
>>> 
>>> 
> 

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Alexey Melnikov's No Objection on draft-ietf-ace-cbor-web-token-12: (with COMMENT)

2018-03-16 Thread Mike Jones 
Hi Alexey,

https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-14 should address 
your comments.  Changes motivated by your comments were:
  - Added the text "IANA must only accept registry updates from the Designated 
Experts and should direct all requests for registration to the review mailing 
list" from RFC 7519, as suggested by Amanda Baber of IANA, which is also 
intended to address Alexey Melnikov's comment.

Thanks again,
-- Mike

-Original Message-
From: Jim Schaad  
Sent: Sunday, March 4, 2018 1:12 PM
To: 'Alexey Melnikov' ; 'The IESG' 
Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; ka...@mit.edu; 
ace@ietf.org
Subject: RE: Alexey Melnikov's No Objection on 
draft-ietf-ace-cbor-web-token-12: (with COMMENT)



> -Original Message-
> From: Alexey Melnikov [mailto:aamelni...@fastmail.fm]
> Sent: Sunday, March 4, 2018 1:01 PM
> To: Jim Schaad ; The IESG 
> Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; 
> ka...@mit.edu; ace@ietf.org
> Subject: Re: Alexey Melnikov's No Objection on 
> draft-ietf-ace-cbor-web-
> token-12: (with COMMENT)
> 
> On Sun, Mar 4, 2018, at 7:39 PM, Jim Schaad wrote:
> > IANA does ask for the expert review as part of the processing it 
> > does even for standards track documents.  This is because, in part, 
> > they are responsible for doing the final number assignment.  That is 
> > which number in the range is actually used.  The interesting 
> > question would be what happens if the IESG and the DEs disagree about such 
> > things.
> 
> This is exactly why I am asking about this. It might also possible to 
> game the system to ask IESG approval of a Proposed Standard that 
> bypasses Expert Review.

Interesting.  The text that IANA and I finally agreed to for the COSE Algorithm 
registry is "Standards Action With Expert Review".

That would make sure that it cannot bypass the Expert Review.

Jim

> 
> >  I would
> > expect that this would result in a long discussion with some type of 
> > final agreement between them.
> >
> > Jim
> >
> >
> > > -Original Message-
> > > From: Alexey Melnikov [mailto:aamelni...@fastmail.fm]
> > > Sent: Sunday, March 4, 2018 11:19 AM
> > > To: The IESG 
> > > Cc: draft-ietf-ace-cbor-web-to...@ietf.org; ace-cha...@ietf.org; 
> > > ka...@mit.edu; ace@ietf.org
> > > Subject: Alexey Melnikov's No Objection on
> > > draft-ietf-ace-cbor-web-token-
> > > 12: (with COMMENT)
> > >
> > > Alexey Melnikov has entered the following ballot position for
> > > draft-ietf-ace-cbor-web-token-12: No Objection
> > >
> > > When responding, please keep the subject line intact and reply to 
> > > all email addresses included in the To and CC lines. (Feel free to 
> > > cut this introductory paragraph, however.)
> > >
> > >
> > > Please refer to
> > > https://www.ietf.org/iesg/statement/discuss-criteria.html
> > > for more information about IESG DISCUSS and COMMENT positions.
> > >
> > >
> > > The document, along with other ballot positions, can be found here:
> > > https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/
> > >
> > >
> > >
> > > --
> > > --
> > > --
> > > COMMENT:
> > > --
> > > --
> > > --
> > >
> > > Just to double check: a CWT claim registration from a Proposed 
> > > Standard still needs to be submitted to the review mailing list, 
> > > but it is not really subject to Expert Review, correct? You might 
> > > want to make
> it clearer.
> >
> >

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] CBOR Web Token (CWT) spec addressing IESG comments

2018-03-16 Thread Mike Jones 
The CBOR Web Token (CWT) specification has been updated to address comments 
received from Internet Engineering Steering Group 
(IESG) members.  Changes were:

  *   Cleaned up the descriptions of the numeric ranges of claim keys being 
registered in the registration template for the "CBOR Web Token (CWT) Claims" 
registry, as suggested by Adam Roach.
  *   Clarified the relationships between the JWT and CWT "NumericDate" and 
"StringOrURI" terms, as suggested by Adam Roach.
  *   Eliminated unnecessary uses of the word "type", as suggested by Adam 
Roach.
  *   Added the text "IANA must only accept registry updates from the 
Designated Experts and should direct all requests for registration to the 
review mailing list" from RFC 7519, as suggested by Amanda Baber of IANA, which 
is also intended to address Alexey Melnikov's comment.
  *   Removed a superfluous comma, as suggested by Warren Kumari.
  *   Acknowledged additional reviewers.

Special thanks to Security Area Director Kathleen Moriarty for helping get this 
across the finish line!

The specification is available at:

  *   https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-14

An HTML-formatted version is also available at:

  *   http://self-issued.info/docs/draft-ietf-ace-cbor-web-token-14.html

   -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1794 and as 
@selfissued.
___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

[Ace] I-D Action: draft-ietf-ace-cbor-web-token-14.txt

2018-03-16 Thread internet-drafts 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Authentication and Authorization for 
Constrained Environments WG of the IETF.

Title   : CBOR Web Token (CWT)
Authors : Michael B. Jones
  Erik Wahlström
  Samuel Erdtman
  Hannes Tschofenig
Filename: draft-ietf-ace-cbor-web-token-14.txt
Pages   : 27
Date: 2018-03-16

Abstract:
   CBOR Web Token (CWT) is a compact means of representing claims to be
   transferred between two parties.  The claims in a CWT are encoded in
   the Concise Binary Object Representation (CBOR) and CBOR Object
   Signing and Encryption (COSE) is used for added application layer
   security protection.  A claim is a piece of information asserted
   about a subject and is represented as a name/value pair consisting of
   a claim name and a claim value.  CWT is derived from JSON Web Token
   (JWT) but uses CBOR rather than JSON.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-ace-cbor-web-token-14
https://datatracker.ietf.org/doc/html/draft-ietf-ace-cbor-web-token-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ace-cbor-web-token-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace