Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

2020-03-23 Thread Hannes Tschofenig 
Hi all,

This is an interesting case.

CWT was created based on the work on ACE-OAuth. I would therefore agree with 
Ludwig that it should receive priority treatment with regards to the selection 
of the value encodings.

I do, however, also have sympathy for the argument Chuck mentioned regarding 
the scope encoded as a string. Of course, there is no need to encode the scope 
as a human-readable string.

The main question is whether we should argue about one byte.

Highly-paid ACE chairs: what is your opinion?

Ciao
Hannes


From: Jim Schaad 
Sent: Saturday, March 21, 2020 4:32 PM
To: 'Seitz Ludwig' ; 'Mike Jones' 
; 'Chuck Mortimore' ; 
Hannes Tschofenig 
Cc: chuck.mortim...@visa.com; cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org; drafts-expert-rev...@iana.org; ace@ietf.org
Subject: RE: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

No you should not need to make any changes in the document.  This will be taken 
care of by the RFC Editor.

Jim


From: Ace mailto:ace-boun...@ietf.org>> On Behalf Of 
Seitz Ludwig
Sent: Saturday, March 21, 2020 3:35 AM
To: Mike Jones 
mailto:michael.jo...@microsoft.com>>; Chuck 
Mortimore mailto:charliemortim...@gmail.com>>; 
hannes.tschofe...@arm.com
Cc: chuck.mortim...@visa.com; 
cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org;
 drafts-expert-rev...@iana.org; 
ace@ietf.org
Subject: Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Please disregard the last message (small keyboard, large fingers). What I 
intended to write was this:

Sorry for the delay, I’ve now looked into the changes necessary and it 
basically is this line in the draft:

8.13. CBOR Web Token Claims
[…]
Claim Key: TBD (suggested: 9) -> … suggested: 42)

I wonder if I need to make this change at all since the value is only suggested 
(and we now have a diverging decision by the designated experts). Can  IANA 
clarify this for me?

Thank you for your patience,


Ludwig


From: Seitz Ludwig mailto:ludwig.se...@combitech.se>>
Sent: den 21 mars 2020 11:26
To: Seitz Ludwig mailto:ludwig.se...@combitech.se>>; 
Mike Jones mailto:michael.jo...@microsoft.com>>; 
Chuck Mortimore 
mailto:charliemortim...@gmail.com>>; 
hannes.tschofe...@arm.com
Cc: chuck.mortim...@visa.com; 
ace@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org;
 drafts-expert-rev...@iana.org; 
cwt-reg-rev...@ietf.org
Subject: RE: [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Hello all, soo

From: Ace mailto:ace-boun...@ietf.org>> On Behalf Of 
Seitz Ludwig
Sent: den 17 mars 2020 10:01
To: Mike Jones 
mailto:michael.jo...@microsoft.com>>; Chuck 
Mortimore mailto:charliemortim...@gmail.com>>; 
hannes.tschofe...@arm.com
Cc: chuck.mortim...@visa.com; 
ace@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org;
 drafts-expert-rev...@iana.org; 
cwt-reg-rev...@ietf.org
Subject: Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Fair enough, take my points as the author’s opinion only.  That leaves us with 
3 experts to make the decision. Your position is clear, Chuck hasn’t commented 
on the latest exchange but he was agreeing with you before. I propose we give 
Hannes another day and if he doesn’t comment we go ahead with your decision, is 
that acceptable for you?

/Ludwig


From: Mike Jones 
mailto:michael.jo...@microsoft.com>>
Sent: den 16 mars 2020 19:43
To: Seitz Ludwig mailto:ludwig.se...@combitech.se>>; 
Chuck Mortimore 
mailto:charliemortim...@gmail.com>>; 
hannes.tschofe...@arm.com
Cc: drafts-expert-rev...@iana.org; 
cwt-reg-rev...@ietf.org; 
chuck.mortim...@visa.com; 
draft-ietf-ace-oauth-au...@ietf.org;
 ace@ietf.org
Subject: RE: [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Ludwig, yes, while you’re a designated expert, note that the instructions to 
the designated experts at https://

[Ace] Congestion control needs to be included

2020-03-23 Thread Jim Schaad 
I had a weird weekend trying to get coverage testing up for my Observe
implementation and in the process found out that it had not implemented the
required congestion control.  As part of this I had to go back and do a
careful read of RFC 7641 to get things right in my code and following that I
thought that this document really needs to have a discussion of congestion
control as well.  Part of this can be a reference to section 4.5.1 of RFC
7641 where we are using observe but we need to go through the document and
potentially look at some other places where we need to discuss congestion as
well.

I will also note that observe does not guarantee that all messages will be
sent to a client, just that after a while it will have the most current
version of the content.  This means that there is a high probability that
clients will not get every update of key material if turn over is being done
at all quickly.

Jim


___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

2020-03-23 Thread Jim Schaad 
And I thought this was why we “hired” experts.

 

As has been  noted previously in this discussion, there is no requirement that 
the scope must be a text string, it can be a binary string as well.  Further, I 
believe that there will start being some dictionary work being done at some 
point in the future when defining a new scope format so that any text strings 
could be compressed down.

 

I also am of the opinion that one of the major uses of CWTs is going to be as 
an authorization token and that scoping of authorization is an important part 
of this.   I would probably be more sympathetic to the argument of making it 
two bytes if that had been done for about half of the items currently 
registered.

 

I would make it a one byte because I think it is important, is going to be used 
by a lot of places where just audience is not sufficient to restrict scope, and 
ACE is the current hotspot where it is going to be used.  Both for general 
purpose authorization and for the group/multicast authorization as well.  My 
current expectation is still that most of the time HTTP will be using JWT not 
CWT.  

 

Jim

 

 

From: Hannes Tschofenig  
Sent: Monday, March 23, 2020 6:41 AM
To: Jim Schaad ; 'Seitz Ludwig' 
; 'Mike Jones' ; 'Chuck 
Mortimore' 
Cc: chuck.mortim...@visa.com; cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org; drafts-expert-rev...@iana.org; ace@ietf.org
Subject: RE: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

 

Hi all, 

 

This is an interesting case. 

 

CWT was created based on the work on ACE-OAuth. I would therefore agree with 
Ludwig that it should receive priority treatment with regards to the selection 
of the value encodings. 

 

I do, however, also have sympathy for the argument Chuck mentioned regarding 
the scope encoded as a string. Of course, there is no need to encode the scope 
as a human-readable string.  

 

The main question is whether we should argue about one byte. 

 

Highly-paid ACE chairs: what is your opinion? 

 

Ciao
Hannes

 

 

From: Jim Schaad mailto:i...@augustcellars.com> > 
Sent: Saturday, March 21, 2020 4:32 PM
To: 'Seitz Ludwig' mailto:ludwig.se...@combitech.se> >; 'Mike Jones' mailto:michael.jo...@microsoft.com> >; 'Chuck Mortimore' 
mailto:charliemortim...@gmail.com> >; Hannes 
Tschofenig mailto:hannes.tschofe...@arm.com> >
Cc: chuck.mortim...@visa.com  ; 
cwt-reg-rev...@ietf.org  ; 
draft-ietf-ace-oauth-au...@ietf.org 
 ; drafts-expert-rev...@iana.org 
 ; ace@ietf.org  
Subject: RE: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

 

No you should not need to make any changes in the document.  This will be taken 
care of by the RFC Editor.

 

Jim

 

 

From: Ace mailto:ace-boun...@ietf.org> > On Behalf Of 
Seitz Ludwig
Sent: Saturday, March 21, 2020 3:35 AM
To: Mike Jones mailto:michael.jo...@microsoft.com> >; Chuck Mortimore 
mailto:charliemortim...@gmail.com> >; 
hannes.tschofe...@arm.com  
Cc: chuck.mortim...@visa.com  ; 
cwt-reg-rev...@ietf.org  ; 
draft-ietf-ace-oauth-au...@ietf.org 
 ; drafts-expert-rev...@iana.org 
 ; ace@ietf.org  
Subject: Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

 

Please disregard the last message (small keyboard, large fingers). What I 
intended to write was this:

 

Sorry for the delay, I’ve now looked into the changes necessary and it 
basically is this line in the draft:

 

8.13. CBOR Web Token Claims

[…]

Claim Key: TBD (suggested: 9) -> … suggested: 42)

 

I wonder if I need to make this change at all since the value is only suggested 
(and we now have a diverging decision by the designated experts). Can  IANA 
clarify this for me?

 

Thank you for your patience,

 

 

Ludwig

 

 

From: Seitz Ludwig mailto:ludwig.se...@combitech.se> > 
Sent: den 21 mars 2020 11:26
To: Seitz Ludwig mailto:ludwig.se...@combitech.se> 
>; Mike Jones mailto:michael.jo...@microsoft.com> 
>; Chuck Mortimore mailto:charliemortim...@gmail.com> >; hannes.tschofe...@arm.com 
 
Cc: chuck.mortim...@visa.com  ; ace@ietf.org 
 ; draft-ietf-ace-oauth-au...@ietf.org 
 ; drafts-expert-rev...@iana.org 
 ; cwt-reg-rev...@ietf.org 
 
Subject: RE: [Cwt-reg-review] [IANA #1158953]

Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

2020-03-23 Thread Mike Jones 
Thanks to Hannes and Jim for participating.  Based on their feedback and in 
deference to the ACE working group’s decision, I’m now willing to have the 
registrations occur as specified in the draft.

Let’s give Chuck a day for him to either agree or disagree and then propose 
that we proceed with the registrations on Wednesday.

   Cheers,
   -- Mike

From: Jim Schaad 
Sent: Monday, March 23, 2020 10:55 AM
To: 'Hannes Tschofenig' ; 'Seitz Ludwig' 
; Mike Jones ; 'Chuck 
Mortimore' 
Cc: chuck.mortim...@visa.com; cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org; drafts-expert-rev...@iana.org; ace@ietf.org
Subject: RE: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

And I thought this was why we “hired” experts.

As has been  noted previously in this discussion, there is no requirement that 
the scope must be a text string, it can be a binary string as well.  Further, I 
believe that there will start being some dictionary work being done at some 
point in the future when defining a new scope format so that any text strings 
could be compressed down.

I also am of the opinion that one of the major uses of CWTs is going to be as 
an authorization token and that scoping of authorization is an important part 
of this.   I would probably be more sympathetic to the argument of making it 
two bytes if that had been done for about half of the items currently 
registered.

I would make it a one byte because I think it is important, is going to be used 
by a lot of places where just audience is not sufficient to restrict scope, and 
ACE is the current hotspot where it is going to be used.  Both for general 
purpose authorization and for the group/multicast authorization as well.  My 
current expectation is still that most of the time HTTP will be using JWT not 
CWT.

Jim


From: Hannes Tschofenig 
mailto:hannes.tschofe...@arm.com>>
Sent: Monday, March 23, 2020 6:41 AM
To: Jim Schaad mailto:i...@augustcellars.com>>; 'Seitz 
Ludwig' mailto:ludwig.se...@combitech.se>>; 'Mike 
Jones' mailto:michael.jo...@microsoft.com>>; 
'Chuck Mortimore' 
mailto:charliemortim...@gmail.com>>
Cc: chuck.mortim...@visa.com; 
cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org;
 drafts-expert-rev...@iana.org; 
ace@ietf.org
Subject: RE: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Hi all,

This is an interesting case.

CWT was created based on the work on ACE-OAuth. I would therefore agree with 
Ludwig that it should receive priority treatment with regards to the selection 
of the value encodings.

I do, however, also have sympathy for the argument Chuck mentioned regarding 
the scope encoded as a string. Of course, there is no need to encode the scope 
as a human-readable string.

The main question is whether we should argue about one byte.

Highly-paid ACE chairs: what is your opinion?

Ciao
Hannes


From: Jim Schaad mailto:i...@augustcellars.com>>
Sent: Saturday, March 21, 2020 4:32 PM
To: 'Seitz Ludwig' 
mailto:ludwig.se...@combitech.se>>; 'Mike Jones' 
mailto:michael.jo...@microsoft.com>>; 'Chuck 
Mortimore' mailto:charliemortim...@gmail.com>>; 
Hannes Tschofenig mailto:hannes.tschofe...@arm.com>>
Cc: chuck.mortim...@visa.com; 
cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org;
 drafts-expert-rev...@iana.org; 
ace@ietf.org
Subject: RE: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

No you should not need to make any changes in the document.  This will be taken 
care of by the RFC Editor.

Jim


From: Ace mailto:ace-boun...@ietf.org>> On Behalf Of 
Seitz Ludwig
Sent: Saturday, March 21, 2020 3:35 AM
To: Mike Jones 
mailto:michael.jo...@microsoft.com>>; Chuck 
Mortimore mailto:charliemortim...@gmail.com>>; 
hannes.tschofe...@arm.com
Cc: chuck.mortim...@visa.com; 
cwt-reg-rev...@ietf.org; 
draft-ietf-ace-oauth-au...@ietf.org;
 drafts-expert-rev...@iana.org; 
ace@ietf.org
Subject: Re: [Ace] [Cwt-reg-review] [IANA #1158953] Requested review for IANA 
registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

Please disregard the last message (small keyboard, large fingers). What I 
intende

[Ace] ace - New Interim Meeting Request

2020-03-23 Thread IETF Meeting Session Request Tool 


A new interim meeting request has just been submitted by Jim Schaad.

This request requires approval by the Area Director of the Security Area

The meeting can be approved here: 
https://datatracker.ietf.org/meeting/interim/request/interim-2020-ace-05



-
Working Group Name: Authentication and Authorization for Constrained 
Environments
Area Name: Security Area
Session Requester: Jim Schaad

Meeting Type: Virtual Meeting

Session 1:

Date: 2020-04-15
Start Time: 07:00 America/Los_Angeles
Duration: 02:00
Remote Participation Information: 
https://ietf.webex.com/ietf/j.php?MTID=mb5f50b1e50b7e9ad04f89d67ea2e4caf
Agenda Note: 

-


___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace