Re: [Ace] WGLC draft-ietf-ace-revoked-token-notification-04.txt

Sorry for slow answers on that one, holiday time here in Sweden. Please remove me as a co-author as I will not be able to significantly contribute. /Ludwig From: Ace On Behalf Of Ludwig Seitz Sent: den 14 mars 2023 16:13 To: Ace Wg Subject: Re: [Ace] WGLC draft-ietf-ace-revoked-token

Re: [Ace] WGLC draft-ietf-ace-revoked-token-notification-04.txt

and Authorization for Constrained Environments (ACE) WG of the IETF. Title : Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework Authors : Marco Tiloca Ludwig Seitz

Re: [Ace] ACE status

Hello Daniel, Could you also give us an update on draft-ietf-ace-oauth-authz and the related profile drafts? (I have only noticed they are sitting in the RFC-Editor’s queue for some time). Regards, Ludwig From: Ace On Behalf Of Daniel Migault Sent: den 23 december 2021 02:09 To: Ace Wg

Re: [Ace] WG Adoption Call for bergmann-ace-extend-dtls-authorize

+1 for adoption. /Ludwig From: Ace On Behalf Of Daniel Migault Sent: den 9 november 2021 17:35 To: Ace Wg Subject: [Ace] WG Adoption Call for bergmann-ace-extend-dtls-authorize Hi, This email starts a 2 week Working Group Adoption Call for -bergmann-ace-extend-dtls-authorize [1]. Please

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-46.txt

Tschofenig ; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-46.txt A new version of I-D, draft-ietf-ace-oauth-authz-46.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository

[Ace] Progressing draft-ietf-ace-oauth-authz

Base64url encoding of the original byte string payload. Does the working group or the OAuth designated expert have any objections (or suggestions) to this approach? Regards, Ludwig -- Ludwig Seitz Infrastructure Security Analyst Combitech AB Djäknegatan 31 . SE-211 35 Malmö . Sweden Phone: +46 1

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-params-16.txt

Hello ACE, This update fixes some nits discovered during the review of the IANA actions. /Ludwig -Original Message- From: internet-dra...@ietf.org Sent: den 8 september 2021 08:34 To: Ludwig Seitz Subject: New Version Notification for draft-ietf-ace-oauth-params-16.txt A new

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-45.txt

Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-45.txt A new version of I-D, draft-ietf-ace-oauth-authz-45.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name: draft

Re: [Ace] New Version Notification for draft-ietf-ace-oauth-authz-44.txt

; Hannes Tschofenig ; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-44.txt A new version of I-D, draft-ietf-ace-oauth-authz-44.txt has been successfully submitted by Ludwig Seitz and posted to the IETF reposit

Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz

Hello ACE, Since I haven’t heard an objection, I will go forward and add this to the draft. Regards, Ludwig From: Daniel Migault Sent: den 17 augusti 2021 17:25 To: Ludwig Seitz Cc: ace@ietf.org Subject: Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz Thanks Ludwig

[Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz

of additional parameters in section 5.9.2 and be something along the lines of: "cti OPTIONAL. The CWT ID parameter has the same meaning and processing rules as the "jti" parameter defined in section 3.1.2. of [RFC 7662] except that the value is a byte string. " Regards, Lud

[Ace] Nits in draft-ietf-ace-oauth-authz

, the other nits are: 1. Inconsistent IANA tables where some had the column "Original Specification" and some didn't for the CBOR abbreviation mappings, 2. An obsolete reference that needed to be updated in an IANA entry). /Ludwig -- Ludwig Seitz Infrastructure Security Analyst Combitech AB D

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-43.txt

for the final text proposal!) /Ludwig -Original Message- From: internet-dra...@ietf.org Sent: den 10 juli 2021 21:51 To: Erik Wahlstroem ; Goeran Selander ; Hannes Tschofenig ; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Olaf's compromise text looks OK to me. If no one objects I'll submit this later today. /Ludwig Sent from my smartphone Olaf Bergmann wrote >Hi Carsten, Ludwig, > >I think removing the discussed is not an option as the whole discussion >was about "something needs to be said" but

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

with the RS. The security of a profile MUST NOT depend on the assumption that this profile is used in all steps of the authorization flow (C-AS, C-RS, RS-AS). /Ludwig -Original Message- From: Francesca Palombini Sent: den 5 juli 2021 18:59 To: Carsten Bormann Cc: Ludwig Seitz ; Daniel Migault

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

. /Ludwig -Original Message- From: Carsten Bormann Sent: den 9 juni 2021 09:15 To: Ludwig Seitz Cc: Francesca Palombini ; Seitz Ludwig ; The IESG ; art-...@ietf.org; ace-cha...@ietf.org; draft-ietf-ace-oauth-au...@ietf.org; ace@ietf.org Subject: Re: [Ace] [EXTERNAL] Francesca Palombini's

[Ace] FW: New Version Notification for draft-ietf-ace-oauth-authz-42.txt

; Hannes Tschofenig ; Ludwig Seitz ; Samuel Erdtman ; ace-cha...@ietf.org Subject: New Version Notification for draft-ietf-ace-oauth-authz-42.txt A new version of I-D, draft-ietf-ace-oauth-authz-42.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name

Re: [Ace] [EXTERNAL] Francesca Palombini's Discuss on draft-ietf-ace-oauth-authz-38: (with DISCUSS and COMMENT)

Hello Francesca, Comments inline. Update will be posted shortly. /Ludwig -Original Message- From: Francesca Palombini Sent: den 10 maj 2021 20:42 To: Seitz Ludwig ; The IESG Cc: art-...@ietf.org; ace-cha...@ietf.org; draft-ietf-ace-oauth-au...@ietf.org; ace@ietf.org Subject: Re:

Re: [Ace] [IANA #1158953] Requested review for IANA registration in draft-ietf-ace-oauth-authz (cwt - CBOR Web Token Claims)

On 2020-02-26 00:58, Amanda Baber via RT wrote: Ludwig, Hannes, Can you confirm that you can make the CBOR Web Token Claim change requested below? We also have Chuck Mortimore listed as an expert for this registry, but our message to his Salesforce address bounced. Best regards, Amanda Baber

Re: [Ace] I-D Action: draft-ietf-ace-oauth-params-12.txt

for Authorization in Constrained Environments (ACE) Author : Ludwig Seitz Filename: draft-ietf-ace-oauth-params-12.txt Pages : 11 Date: 2020-02-01 Abstract: This specification defines new parameters and encodings for the OAuth

Re: [Ace] [Jwt-reg-review] Requested review for IANA registration in draft-ietf-ace-oauth-authz

On 2020-01-13 22:01, Brian Campbell wrote: Thanks for the updates Lugwig, Section 6.6. does propose one mitigation for the unbounded memory growth problem. However, it relies on the AS to do pretty specific things with the content of other claims for it to even be possible for an RS to perform

Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06

On 2019-12-22 19:27, elwynd wrote: Hi, Ludwig. Having had another look at section 3.1 of draft-ietf-ace-cwt-proof-of-possession, technically the rules about which keys have to be present are not part of the syntax of the cnf claim.  The point can be covered by changing '"syntax of the 'cnf'

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

On 2019-12-23 22:32, Brian Campbell wrote: The OAuth Token Introspection Response registry already has an entry for "cnf", which makes the first request in

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-params-06

Hello Elwyn, I have now submitted -09 to fix the minor issues and nits, which I forgot in my -08. Comments inline. Regards, Ludwig On 2019-12-14 23:46, Elwyn Davies via Datatracker wrote: Minor issues: ss3.1, 3.2 and 4.1:  The COSE_Key type 'EC' used in several kty fields is not defined. 

Re: [Ace] [Gen-art] Genart last call review of draft-ietf-ace-oauth-params-06

On 2019-12-19 21:23, elwynd wrote: Hi, Ludwig. Thanks for the prompt response. Regarding he major issue, I understand what the intention of the split was, but as far as early implementations are concerned, there is no such thing as a 'minimal breakage'; unless there is some cunning mechanism

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-authz

Hello CWT registry reviewers, the IESG-designated experts for the CWT claims registry have asked me to send a review request to you about the claims registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.13 Thank you in advance for you review comments. Regards,

Re: [Ace] Requested review for IANA registration in draft-ietf-ace-oauth-authz

Hello JWT registry reviewers, the IESG-designated experts for the JWT claims registry have asked me to send a review request to you about the claims registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.12 Thank you in advance for you review comments. Regards,

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-authz

Hello OAuth registry reviewers, the IESG-designated experts for the OAuth parameters registry have asked me to send a review request to you about the OAuth parameters registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.2 and here:

Re: [Ace] FW: [IANA #1157486] Last Call: (Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)) to Proposed

From: Sabrina Tanamal via RT Subject: [IANA #1157486] Last Call: (Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)) to Proposed Standard (BEGIN IANA COMMENTS) IESG/Authors/WG Chairs: The IANA Functions Operator has completed its

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

Hello OAuth registry reviewers, the IESG-designated experts for the OAuth parameters registry have asked me to send a review request to you about the OAuth parameters registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.3 and the OAuth introspection response

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

Hello CWT registry reviewers, the IESG-designated experts for the CWT claims registry have asked me to send a review request to you about the "rs_cnf" claim registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.2 Thank you in advance for you review comments.

[Ace] Requested review for IANA registration in draft-ietf-ace-oauth-params

Hello JWT registry reviewers, the IESG-designated experts for the JWT claims registry have asked me to send a review request to you about the "rs_cnf" claim registered here: https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.1 Thank you in advance for you review comments.

Re: [Ace] I-D Action: draft-ietf-ace-oauth-params-07.txt

Environments WG of the IETF. Title : Additional OAuth Parameters for Authorization in Constrained Environments (ACE) Author : Ludwig Seitz Filename: draft-ietf-ace-oauth-params-07.txt Pages : 13 Date: 2019-12-17

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-29.txt

and Authorization for Constrained Environments WG of the IETF. Title : Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth) Authors : Ludwig Seitz Goeran Selander

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-authz-27

On 2019-12-12 21:44, Stewart Bryant via Datatracker wrote: Abstract This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE- OAuth. The framework is based on a set of building blocks including OAuth 2.0

Re: [Ace] Genart last call review of draft-ietf-ace-oauth-authz-27

On 2019-12-12 21:44, Stewart Bryant via Datatracker wrote: Reviewer: Stewart Bryant Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-28.txt

: Ludwig Seitz Goeran Selander Erik Wahlstroem Samuel Erdtman Hannes Tschofenig Filename: draft-ietf-ace-oauth-authz-28.txt Pages : 87 Date

Re: [Ace] Secdir last call review of draft-ietf-ace-oauth-authz-27

On 2019-12-08 19:18, Stephen Kent via Datatracker wrote: Reviewer: Stephen Kent Review result: Has Issues SECDIR review of draft-ietf-ace-oauth-authz-27 The summary of the review is almost ready, but needs some revisions. I have reviewed this document as part of the security directorate's

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

Hi Ben, replies inline. /Ludwig From: Benjamin Kaduk Sent: Tuesday, November 26, 2019 12:04 AM To: Ludwig Seitz Cc: ace@ietf.org Subject: Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt Hi Ludwig, On Thu, Nov 21, 2019 at 03:16:03AM +0100

Re: [Ace] comment on draft-ietf-ace-oauth-authz-26

, November 21, 2019 10:27 AM To: Daniel Migault Cc: Ludwig Seitz; ace@ietf.org Subject: Re: [Ace] comment on draft-ietf-ace-oauth-authz-26 Hello, Ludwig, I agree that the current draft describes specifically for when CBOR is used. When CBOR is not used, I have read it as it will act similar

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-27.txt

to remove the text describing that option. This still leaves us with the two other options, so the problem is still covered. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

, Nov 13, 2019 at 01:55:44PM +0100, Ludwig Seitz wrote: On 10/11/2019 04:28, Benjamin Kaduk wrote: 16.) Section 3.2 One application of COSE is OSCORE [I-D.ietf-core-object-security], which provides end-to-end confidentiality, integrity and replay protection, and a secure binding

Re: [Ace] Mail regarding draft-tiloca-ace-revoked-token-notification-00

. Side-note: Do we want/need to cater for such a weird corner-case? Who in their right mind would use JSON in a CoAP message? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature

Re: [Ace] AD review of draft-ietf-ace-oauth-params-05

on't do much with CoAP directly in this document. Agree. I moved it. Appendix A We might want to wordsmith this some if it's to be kept for the final RFC (depending on what the OAuth work looks like at that point). I'm not sure that there are any useful changes to make to it right now, though. It seems the OAuth draft I'm talking about here is not going anywhere fast. We might consider removing this in the final edition. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

rrangement with the secretariat. If you want to get a new revision up to make these last few changes during the blackout period, I'm happy to approve a manual posting by the secretariat. (OTOH, since IETF LCs that overlap with the meeting week get extended automatically, it wouldn't necessar

Re: [Ace] ACE@IETF106 - agenda items and presentations

). /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-25.txt

...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-25.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name: draft-ietf-ace-oauth-authz Revision

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

POST. Future profiles using protocols that do not support these verbs MUST specify how the corresponding protocol messages are transmitted instead. " In the Overview section where we mention alternate transport protocols. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-34

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

Hello Ben, thank you for your thorough review. I have taken the liberty to add numbers to your comments in order to refer to them in a easier way. I have fixed 93 your 113 and there are 20 left where I am asking for clarifications. These are: 6.), 12.), 16.), 19.), 34.), 39.), 41.),

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

On 01/10/2019 05:13, Benjamin Kaduk wrote: On Fri, Sep 27, 2019 at 03:22:45AM -0700, Jim Schaad wrote: -Original Message- From: Ludwig Seitz Sent: Friday, September 27, 2019 12:03 AM To: Benjamin Kaduk ; draft-ietf-ace-oauth-authz@ietf.org Cc: ace@ietf.org Subject: Re: AD

Re: [Ace] AD review of draft-ietf-ace-oauth-authz-24

ity check (and decryption) is necessarily the first processing step. Any ideas how to resolve this gracefully (i.e. without adding a large amount of text) are most welcome. Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cry

Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

.    Thanks all,    -- Mike *From:* Samuel Erdtman *Sent:* Wednesday, September 25, 2019 12:18 AM *To:* Ludwig Seitz *Cc:* Mike Jones ; Benjamin Kaduk ; draft-ietf-ace-cwt-proof-of-possession@ietf.org

Re: [Ace] New Version Notification - draft-ietf-ace-cwt-proof-of-possession-07.txt

On 25/09/2019 02:23, Mike Jones wrote: I'm fine with us making both of the proposed changes. Thanks, -- Mike +1 -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

. So far everybody is combining the two AS roles into a single system. If you are ever in the second case, I would argue that you are better off using asymmetric keys all the way around. I can see this use case. That rules out my option 1. of removing this construct. /Ludwig -- Ludwig Seitz, PhD

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

ecurity properties or insufficient documentation thereof? I'm too unfamiliar with the designated expert system to provide a good answer on this one. Can one of my co-authors chip in here? Issue created here: https://github.com/cwt-cnf/i-d/issues/25 Will fix. -- Ludwig Seitz, PhD Security Lab, R

Re: [Ace] Keeping the same key identifier for groups

(that's my A) traffic in group Z, now you also want authorization to "write" messages to group Z (that's my B). What I'm saying is you should get a new CWT that says "read+write on Z" (and not a separate one that says "write on Z" to combine with the first one "

Re: [Ace] Keeping the same key identifier for groups

that the latter one should supersede the previous ones. Example: If you have a CWT authorizing A for audience Z and you now also need authorization B for audience Z, you should request a CWT for A+B for audience Z, that replaces your previous one. /Ludwig -- Ludwig Seitz, PhD Security Lab, RIS

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

On 12/08/2019 23:59, Carsten Bormann wrote: On Aug 12, 2019, at 14:08, Ludwig Seitz wrote: As far as I gather from the comments (especially from Carsten), we'd solve this by referencing section 6 of RFC 7049. I will consult with my co-authors, but I think this is the right solution

Re: [Ace] AD review of draft-ietf-ace-cwt-proof-of-possession-06

ste. Do you think we should use one or the other consistently? Acknowledgements, Authors The datatracker is currently accepting XML v3 format drafts, and the RFC Editor's target cutover date for the end of August is quite soon, so feel free to consider using an XML v3 submission wi

Re: [Ace] Comments on draft-ietf-ace-mqtt-tls-profile

/Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] draft-ietf-ace-mqtt-tls-profile connections

are not exactly "constrained-friendly", would it make sense to look at that as well to define a "MQTT-SN-over-DTLS-based" profile? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cry

Re: [Ace] Adoption call for draft-sengul-ace-mqtt-tls-profile

nsor networks, and thus ACE would be very much less relevant if we didn't work on a solution for MQTT as well. Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-params-05.txt

-ace-oauth-params-05.txt Date: Mon, 25 Mar 2019 08:54:18 -0700 From: internet-dra...@ietf.org To: Ludwig Seitz A new version of I-D, draft-ietf-ace-oauth-params-05.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name: draft-ietf-ace-oauth-params

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-23.txt

08:53:03 -0700 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-23.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name:

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-22.txt

Message Subject: New Version Notification for draft-ietf-ace-oauth-authz-22.txt Date: Tue, 5 Mar 2019 01:52:31 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-22

Re: [Ace] draft-ietf-ace-oauth-authz

ou were going for. Sorry for the slow uptake, and you are indeed right. I will go through the mapping IANA sections and redue the applicable policies to "expert review required" and "private use" based on the number ranges. /Ludwig -- Ludwig S

Re: [Ace] Call for IETF 104 agenda items

/agenda/ ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace Hello, I would like 15 minutes to present and discuss the changes in draft-ietf-oauth-authz and draft-ietf-oauth-params /Ludwig -- Ludwig Seitz, PhD Security Lab

Re: [Ace] draft-ietf-ace-oauth-authz

still allow this. IANA would still have the DE approve the assignment. Ok so you mean not having "specification required" for -65536 to -257 and 256 to 65535 and not having "standards action" for -256 to 255 would be ok? Note that this would be different from the policy

Re: [Ace] Comment about error responses in draft-ietf-ace-oauth-authz-21

at all can be provided. The intent was that these error messages should only be sent when the access token is POSTed to the authz-info endpoint. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature

Re: [Ace] draft-ietf-ace-oauth-authz

8. This document has an IPR disclosure on it. If anybody has any problems with the current disclosure then they need to speak up now. Processing ... The changes are currently only in the github version, I will upload a new version of the draft soon. /Ludwig -- Ludwig Seitz, PhD Security Lab, RI

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-21.txt

-oauth-authz-21.txt Date: Thu, 14 Feb 2019 01:27:00 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-21.txt has been successfully submitted by Ludwig Seitz and posted

Re: [Ace] I-D Action: draft-ietf-ace-oauth-authz-20.txt

Hello ACE, I've updated both draft-ietf-ace-oauth-authz and draft-ietf-ace-oauth-params to replace the "req_aud" parameter with the equivalent "audience" parameter (not to be confused with "aud") from draft-ietf-oauth-token-exchange. /Ludwig -- Ludwig Seitz

Re: [Ace] Resource, Audience, and req_aud

was a go-ahead with chair hat on. I'm in the process of making the necessary updates to both draft-ietf-ace-oauth-params and draft-ietf-ace-oauth-authz. Expect an update in the next 10 minutes. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description

Re: [Ace] Resource, Audience, and req_aud

nable to me. Do the chairs think that this would unduly delay the progress of draft-ietf-ace-oauth-params? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Description: S/MIME Cryptographic Signature ___ Ace mail

Re: [Ace] Resource, Audience, and req_aud

t I'd like the parameter to be aligned with the JWT "aud" claim as well and currently "resource" is URI while "aud" is StringOrURI. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 smime.p7s Des

Re: [Ace] [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

owever the audience claim is defined to be "StringOrURI" so if someone defines an audience identified by a String that is not an URI how does a client ask for that with the resource parameter? Or in short: Why don't you make your resource parameter mirror the "aud" claim? /L

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-19.txt

Message Subject: New Version Notification for draft-ietf-ace-oauth-authz-19.txt Date: Thu, 31 Jan 2019 04:45:55 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth

Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

oceed here. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Shepard review for draft-ietf-ace-oauth-authz

uld seem that all of them should. If not a comment about this is needed. Fixed. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Shepard review comments on draft-ietf-ace-oauth-params

. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-params-02.txt

Subject: New Version Notification for draft-ietf-ace-oauth-params-02.txt Date: Tue, 29 Jan 2019 00:59:05 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz A new version of I-D, draft-ietf-ace-oauth-params-02.txt has been successfully submitted by Ludwig Seitz and posted to the IETF

Re: [Ace] [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

aud" for group identifiers ("temperatureSensorGroup4711") and other non-uri strings (hash-of-public-key), which I cannot do with "resource". We therefore decided to keep the "req_aud" parameter in draft-ietf-ace-oauth-params, even though is clearly overlaps with

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-18.txt

-ace-oauth-authz-18.txt Date: Thu, 17 Jan 2019 06:45:56 -0800 From: internet-dra...@ietf.org To: Ludwig Seitz , Hannes Tschofenig , Goeran Selander , Samuel Erdtman , Erik Wahlstroem A new version of I-D, draft-ietf-ace-oauth-authz-18.txt has been successfully submitted by Ludwig Seitz

Re: [Ace] Token (In)Security

-- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Security of the Communication Between C and RS

was perhaps not ideal, since it has an even bigger breach as precondition. So under what conditions would an attacker get access to a pop-key of an expired token? Steffi any ideas? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51

Re: [Ace] Security of the Communication Between C and RS

could detect that a token has expired. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Security of the Communication Between C and RS

parameter. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Security of the Communication Between C and RS

the issue. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Security of the Communication Between C and RS

. Are you proposing we make the expires_in field mandatory? If so, why isn't it mandatory already in OAuth (currently only RECOMMENDED)? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https

Re: [Ace] Token (In)Security

properly. Ciao Hannes I agree that your text improves the "verification" section. I'm holding off with merging in order to wait for Steffi's confirmation that it addresses her comments. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

On 13/12/2018 15:42, Stefanie Gerdes wrote: Hi Ludwig, On 12/12/2018 10:47 AM, Ludwig Seitz wrote: The value of checking the iss field is indeed limited, but if present I feel it MUST be checked. The text does say that the RS must check the integrity of the token (see 5.8.1.1.) "

Re: [Ace] Overwriting Tokens

the expiration time helps in this case because it should be possible for the AS to provide a token that expires earlier than the previous token. Viele Grüße Steffi "Recent" here is meant as "most recently received". That is something the RS definitely can track. /Ludwig

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

though, since it currently only talks about the needing to RS know which audiences it recognizes. -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

On 11/12/2018 21:38, Jim Schaad wrote: -Original Message- From: Ace On Behalf Of Stefanie Gerdes Sent: Tuesday, December 11, 2018 4:11 AM To: Ludwig Seitz ; ace@ietf.org Subject: Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz- 17.txt and draft-ietf-ace-oauth

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

their comments. Regards, Ludwig Forwarded Message A new version of I-D, draft-ietf-ace-oauth-authz-17.txt has been successfully submitted by Ludwig Seitz and posted to the IETF repository. Name: draft-ietf-ace-oauth-authz Revision: 17 Title: Authentication

Re: [Ace] WGLC comments on draft-ietf-ace-oauth-authz and draft-ietf-ace-params

On 23/11/2018 11:31, Ludwig Seitz wrote: Hello ACE, I have now addressed all WGLC comments (Jim Schaad's, Mike Jones' and Stefanie Gerdes') except for this one: "Do we need to write something about how a RS should handle the presence of multiple tokens for the same client? Pe

[Ace] WGLC comments on draft-ietf-ace-oauth-authz and draft-ietf-ace-params

. while Olaf has (in the Jabber at IETF 103) expressed a preference for 2. I would need some guidance from the WG on how to proceed here. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 ___ Ace mailing list Ace@ietf.org https://www.

Re: [Ace] ACE Framework Review

storage space, as long as it stores at least one (in total, not per client). Thus I'm curious what additional protections you would suggest are feasible and necessary for the authz-info endpoint? /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51 _

Re: [Ace] WGLC for draft-ietf-ace-authz

On 23/10/2018 20:44, Jim Schaad wrote: -Original Message- From: Ludwig Seitz Sent: Tuesday, October 23, 2018 7:43 AM To: Jim Schaad ; draft-ietf-ace-oauth- au...@ietf.org Cc: ace@ietf.org Subject: Re: [Ace] WGLC for draft-ietf-ace-authz Hallo Jim, thank you for the review

Re: [Ace] WGLC for draft-ietf-ace-authz

S pair can raise, I'm not disinclined to forbid them or at least recommend against their use. However with audiences possibly addressing overlapping sets of RSs this might be more difficult than it looks. /Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70

  1   2   >