Re: [Ace] WGLC for draft-ietf-ace-authz

Wed, 31 Oct 2018 09:08:07 -0700 

This sounds like a good solution, Ludwig.  Thanks for the productive 
conversation.

                                -- Mike

-----Original Message-----
From: Ludwig Seitz <[email protected]> 
Sent: Wednesday, October 31, 2018 2:08 AM
To: Mike Jones <[email protected]>; [email protected]
Subject: Re: [Ace] WGLC for draft-ietf-ace-authz

On 30/10/2018 19:52, Mike Jones wrote:
> Thanks for your responses, Ludwig.
> 
....
>
>  I could live with "access_token" having a single-byte representation, 
> since as you point out, it is needed for every ACE OAuth interaction.  
> An "error" value is only needed when something goes wrong, so that 
> doesn't seem like a case that needs to be optimized for space.  A 
> two-byte "error" representation will only be used when errors have 
> occurred, so shouldn't be a problem.
> 
> -- Mike
> 
> -----Original Message----- From: Ace <[email protected]> On Behalf


Thank you for the quick and comprehensive answer Mike!

I conclude the following:

We are in agreement about giving "profile", "error", "token_type" and 
"grant_type" two-byte abbreviations in CBOR.

"scope" and "access_token" will get a one-byte abbreviation aligned with the 
unused numbers from CWT claims.

At IETF 103 I will propose the solution of registering all parameter 
abbreviations in the CWT claim registry in order to align abbreviations and 
avoid duplicate assignments.

If a signed request (and response) format is needed I am all for using CWT in 
the context of ACE access token requests, responses and introspection requests 
and responses. I will take up that discussion at IETF 103.

I will propose to make "token_type" and "grant_type" OPTIONAL, deviating from 
the OAuth 2.0 specs and defining the default token type to be "PoP" 
and the default grant_type to be "client_credentials".
This will avoid having to send grant_type with every access token request and 
token_type with every successful access token response.


Regards,

Ludwig


--
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace

Reply via email to