Re: [COSE] IETF 118 COSE Agenda

Wed, 01 Nov 2023 04:41:11 -0700 

Hi Chris,


thanks for sending a mail to the list. Since you have not submitted the
draft as draft-lemmons-cose-composite-claims it slipped through my radar.


Here is a bit of high-level feedback.


The draft lacks a motivation about why this functionality (particularly
the "logical claim") is useful. From a high-level point of view one
might wonder why it is a good idea to carry "policy" in the token itself
or whether we are better off using policy in the AS (or push it down to
the RS). There has been a lot of progress in policy languages recently
with OPA, for example. This raises also the question about what the
expressiveness of the policy language should be. Is "and"/"or"/"not" enough?


Would this functionality also be useful for JWTs or only for CWTs?


I would also appreciate examples.


Finally, the encrypted claim, or enveloped claim as you call it, is
interesting but just referencing COSE_Encrypt0 and COSE_Encrypt will
give you zero interoperability because of the large number of key
distribution mechanisms specified in the COSE RFC. On top of that these
key distribution mechanisms need to be "profiled" in order to be used.
You provide none of that information in the draft.


Ciao
Hannes


Am 01.11.2023 um 10:10 schrieb Chris Lemmons:

If time permits, could I have ten minutes for
draft-lemmons-composite-claims?

On Tue, Oct 31, 2023, 19:04 Ivaylo Petrov <[email protected]> wrote:

    Dear all,


    Our agenda has been uploaded at
    https://datatracker.ietf.org/doc/agenda-118-cose/01/. It contains:

        Agenda COSE IETF 118


        13:00-13:10 Opening remarks - the chairs (10 minutes)
        13:10-13:15 draft-ietf-cose-typ-header-parameter-00 (5 minutes)
        13:15-13:20 draft-ietf-cose-key-thumbprint-04 (5 minutes)
        13:20-13:30 draft-ietf-cose-cbor-encoded-cert-07 (10 minutes)
        13:30-13:40 draft-ra-cose-hybrid-encrypt-02 (10 minutes)
        13:40-13:50 draft-tschofenig-jose-cose-guidance-00 (10 minutes)
        13:50-14:20 draft-ietf-cose-hpke-07 (30 minutes)

        14:20-15:00 AOB (40 minutes)


    Presenters, please upload your slides at
    https://datatracker.ietf.org/meeting/118/session/cose by Friday.

    Best regards,

    -- Ivo

    _______________________________________________
    COSE mailing list
    [email protected]
    https://www.ietf.org/mailman/listinfo/cose


_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to