Hello ACE,
This update changes my email address from .se to .com. The .se address will
soon be discontinued.
/Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 6 maj 2021 09:14
To: Erik Wahlstroem ; Goeran Selander
; Hannes Tschofenig ;
Hannes Tschofenig ; Ludwig
Hello ACE,
This update changes my email address from .se (which will soon be discontinued)
to .com
(and fixes a typo I introduced when addressing the IESG reviews).
/Ludwig
-Original Message-
From: Ace On Behalf Of internet-dra...@ietf.org
Sent: den 6 maj 2021 09:07
To:
age-
> From: Ace On Behalf Of Seitz Ludwig
> Sent: den 26 april 2021 13:13
> To: ace@ietf.org
> Subject: [Ace] FW: [EXTERNAL] New Version Notification for draft-ietf-ace-
> oauth-authz-40.txt
>
> Hello ACE,
>
> This update fixes the outstanding review comment from
april 2021 13:12
To: Erik Wahlstroem ; Goeran Selander
; Hannes Tschofenig ;
Seitz Ludwig ; Samuel Erdtman
Subject: [EXTERNAL] New Version Notification for
draft-ietf-ace-oauth-authz-40.txt
A new version of I-D, draft-ietf-ace-oauth-authz-40.txt has been successfully
submitted by Ludwig Seitz
Hello ACE,
This update is intended to address the various IESG review comments.
/Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 16 april 2021 08:22
To: Erik Wahlstroem ; Goeran Selander
; Hannes Tschofenig ;
Seitz Ludwig ; Samuel Erdtman
Subject: [EXTERNAL] New
Hello Francesca,
Thank you for your review, sorry for the long response time.
Version -39 addresses some of your comments
https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39
I have replies on the remaining comment as follows below (prefixed with 'LS:')
Regards,
Ludwig
1.
Hello Zahed,
Thank you for your review. Sorry for the long response time.
Version -39 addresses your comments.
https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39
Regards,
Ludwig Seitz
> -Original Message-
> From: Zaheduzzaman Sarker via Datatracker
> Sent: den 24
Hello Roman,
Thank you for reviewing this draft. Sorry for the long answering delay.
Version -39
(https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39) addresses
your comments, except for:
> ** Would the first paragraph of Section 7.2 of draft-ietf-ace-dtls-authorize
>
Hello Éric,
Thank you for your review. Sorry for the long waiting time.
Version -39 addresses your comments.
https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39
Regards,
Ludwig
> -Original Message-
> From: Éric Vyncke via Datatracker
> Sent: den 22 mars 2021 15:56
>
Hello Lars,
Thank you for reviewing this draft and sorry for the long response time.
Version 39 addresses your comment (and of course the nits you pointed out),
basically clarifying that the recommendation against HTTP is limited to
constrained environments.
Hello Murray,
Thank you for reviewing this draft, sorry for the long waiting time.
Version -39 fixes your comment.
https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-39
Regards,
Ludwig
> -Original Message-
> From: Ace On Behalf Of Murray Kucherawy via
> Datatracker
>
Hello Zahed,
If it's ok with you I'll fix that in conjunction with the IETF-editor review
(they will probably find a few more like this).
/Ludwig
> -Original Message-
> From: Zaheduzzaman Sarker
> Sent: den 26 mars 2021 15:04
> To: Seitz Ludwig ; The IESG
> Cc: ace-
Hello Lars,
Thank you for your review. Your issues have been fixed in -14.
/Ludwig
> -Original Message-
> From: Lars Eggert via Datatracker
> Sent: den 25 mars 2021 12:11
> To: The IESG
> Cc: draft-ietf-ace-oauth-par...@ietf.org; ace-cha...@ietf.org; ace@ietf.org
> Subject:
Hello Murray,
Thank you for your review. The issues you pointed out have been fixed in -14.
/Ludwig
> -Original Message-
> From: Murray Kucherawy via Datatracker
> Sent: den 25 mars 2021 04:57
> To: The IESG
> Cc: draft-ietf-ace-oauth-par...@ietf.org; ace-cha...@ietf.org; ace@ietf.org
Hello Zaheduzzaman,
Thank you for your review. The issues you found are now fixed in version -14.
Note that there seems to be an problem with xml2rfc, since the outdated
reference to draft-ietf-ace-oauth-authz-33 should have been taken care of by
the tooling.
I have notified the maintainer of
Hello Elwyn,
Thank you for you review. I have fixed the nit you pointed out in the new
version of the draft (-14).
/Ludwig
> -Original Message-
> From: Elwyn Davies via Datatracker
> Sent: den 23 mars 2021 23:53
> To: gen-...@ietf.org
> Cc: ace@ietf.org;
Hello ACE,
This update addresses the IESG reviews. I will contact the IESG reviewers
individually and explain how I addressed their concerns (hopefully tomorrow).
/Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 25 mars 2021 15:51
To: Seitz Ludwig
Subject
Hello Éric,
Thank you for your review. I plan to submit an update of the draft to address
your comments (and others') by the end of the week.
I have some comments inline.
/Ludwig
> -Original Message-
> == COMMENTS ==
>
> -- Section 3 --
> Should references/expansions be added for
Hello Francesca,
Thank you for your review. I will address your detailed comments separately,
with regards to your DISCUSS:
The option to allow both HTTP and JSON for any leg of the communication
(client-AS, rs-AS, client-rs) was the result of long discussions in the WG. If
I recall correctly
Hello Francesca,
Thank you for your review. I have some comments inline.
/Ludwig
> --
> COMMENT:
> --
>
> Thank you for this document. A couple of minor
Hello Roman,
Thank you for your review. I have taken the liberty to copy your text
suggestion for the differences to OAuth 2.0 directly into the document as a new
appendix
(you will also find an acknowledgment in the acknowledgments section).
For the issue below, I need to coordinate with the
Hi Martin, Ben,
If I were to change the offending sentence like so:
"It is RECOMMENDED that an AS reject a request containing a symmetric key value
... (Note: this does not apply to key identifiers referencing a symmetric key)"
(the "Note..." part being the new clarification), would that help
I’d like to second the question Mohit assumes Michael is asking:
What is the benefit, in the context of IoT, to add the overhead of EAP to say
TLS?
/Ludwig
From: Ace On Behalf Of Mohit Sethi M
Sent: den 22 januari 2021 15:37
To: Michael Richardson ; Ace Wg
Subject: [EXTERNAL] Re: [Ace] call
, see diff or github for
details).
/Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 17 november 2020 08:28
To: Hannes Tschofenig ; Seitz Ludwig
; Goeran Selander ;
Erik Wahlstroem ; Samuel Erdtman
Subject: [EXTERNAL] New Version Notification for
draft-ietf-ace
Hi Christian,
The short answer is:
We aligned as close as possible with OAuth 2.0, and there Introspection uses
POST.
/Ludwig
> -Original Message-
> From: Christian Amsüss
> Sent: den 16 november 2020 08:59
> To: draft-ietf-ace-oauth-au...@ietf.org; draft-tiloca-ace-revoked-token-
>
Hello Olaf,
The AS is supposed to have this information from the registration of the
clients and RSs (see Appendix D).
The underlying assumption was that if the AS does not have this information it
could not generate the right kind of access tokens anyways (e.g. selecting the
right kind of
Hello Francesca, Cigdem,
I believe I know the reason for the confusion: Earlier versions of the
framework allowed the clients to indicate a preference for a specific profile
by sending in values with the “ace_profile” parameter in the access token
request.
This option was removed because we
m: Ace On Behalf Of Stefanie Gerdes
> Sent: den 10 september 2020 14:11
> To: ace@ietf.org
> Subject: Re: [Ace] draft-ietf-ace-oauth-authz-35 - unauthorized AS address,
> DoS, and privacy
>
> Hi Ludwig,
>
> comments inline.
>
> On 09/10/2020 08:49 AM, Seitz Ludwig
Seeing that the mechanism was introduced to bootstrap a client that doesn't
know which AS to talk to for a specific RS and given the issues raised by John,
what other options do we have that are more secure?
a.) A resource directory lookup? I'm not knowledgeable enough on RD to answer
whether
Hi ACE,
Sadly I couldn't attend the interim meeting yesterday. Did the WG decide on how
to proceed with regard to John's comment?
/Ludwig
> -Original Message-
> From: John Mattsson
> Sent: den 7 september 2020 14:11
> To: ace@ietf.org; Seitz Ludwig
> Subject: R
Hi John,
Replies inline
/Ludwig
> -Original Message-
> From: Ace On Behalf Of John Mattsson
> Sent: den 5 september 2020 14:53
> To: ace@ietf.org
> Subject: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35
>
> Hi,
>
> I just reviewed draft-ietf-ace-oscore-profile. This made me
+1
(and I'd suggest names that make both "from" and "to" clear, e.g.
"client-rs-request" or something like that)
/Ludwig
-Original Message-
From: Francesca Palombini
Sent: den 1 september 2020 10:34
To: Seitz Ludwig ; Jim Schaad
; Ace Wg
Subject: Re:
1.) I would not put these parameters in the "token request" category, they
belong into a new category. Whether they should be registered in the OAuth
parameters registry is doubtful to me, since I don't see them being used in a
non-ACE OAuth context. Somewhere in the ACE registries?
2.) I
Hello ACE,
As a follow-up on a discussion between the authors and the Gen-ART Last Call
reviewer we have the following issue I'd like to bring to the list to give you
the occasion to comment on our proposed solution:
> * In the previously mentioned paragraph in 3.3.1:
>
>... This
>
Hello ACE,
Sadly my -34 update contained an unintended change that we earlier discussed
and rejected. -35 reverts this mistaken update. Sorry for that.
(Note to self: check diffs before submitting)
/Ludwig
-Original Message-
From: Ace On Behalf Of internet-dra...@ietf.org
Sent: den
...@ietf.org
Sent: den 23 juni 2020 08:25
To: Samuel Erdtman ; Seitz Ludwig
; Goeran Selander ;
Hannes Tschofenig ; Erik Wahlstroem
Subject: New Version Notification for draft-ietf-ace-oauth-authz-34.txt
A new version of I-D, draft-ietf-ace-oauth-authz-34.txt has been successfully
submitted by Ludwig
d follow-up discussion!
>
> -Ben
>
> On Mon, Jun 01, 2020 at 09:13:13AM +, Seitz Ludwig wrote:
>> Hi Ben,
>>
>> I had a look at the well-known URI list at IANA and it seems that for
>> vanilla OAuth 2.0 endpoints (authorization, token, introspect) the
Hi Ben,
I had a look at the well-known URI list at IANA and it seems that for vanilla
OAuth 2.0 endpoints (authorization, token, introspect) there are no well-known
URI:s either. What exists is an URI used by the authorization server to
self-describe (including attributes giving the values of
Hello Francesca,
I have not followed this discussion in detail so excuse me if I missed an
important detail. That said: I cannot understand why you would want to
negotiate a new context in step 8 by sending N1'? At that point you have a
functional OSCORE context established and could just send
Peter,
Why not document what you invent in a draft? To me it would be a good starting
point.
/Ludwig
From: Peter van der Stok
Sent: den 4 maj 2020 09:15
To: Carsten Bormann
Cc: Seitz Ludwig ; Jim Schaad
; peter van der Stok ; Ace
Subject: Re: [Ace] draft-ietf-ace-oauth-authz
Hi Carsten
For the sake of getting the document finished before I die of old age ;-) would
it be possible to specify this in a separate document?
/Ludwig
From: Ace On Behalf Of Peter van der Stok
Sent: den 1 maj 2020 08:56
To: Jim Schaad
Cc: consulta...@vanderstok.org; 'Ace'
Subject: Re: [Ace]
Hello ACE,
This update expands the first use of CoAP and CBOR (per request of a reviewer).
/Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 29 april 2020 08:32
To: Seitz Ludwig
Subject: New Version Notification for draft-ietf-ace-oauth-params-13.txt
A new version
I wonder if I need to make this change at all since the value is only suggested
(and we now have a diverging decision by the designated experts). Can IANA
clarify this for me?
Thank you for your patience,
Ludwig
From: Seitz Ludwig
Sent: den 21 mars 2020 11:26
To: Seitz Ludwig ; Mike Jo
Hello all, soo
From: Ace On Behalf Of Seitz Ludwig
Sent: den 17 mars 2020 10:01
To: Mike Jones ; Chuck Mortimore
; hannes.tschofe...@arm.com
Cc: chuck.mortim...@visa.com; ace@ietf.org;
draft-ietf-ace-oauth-au...@ietf.org; drafts-expert-rev...@iana.org;
cwt-reg-rev...@ietf.org
Subject: Re
I'm sorry if I'm being daft here, but what is the difference to
https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-33#section-8.5 ?
/Ludwig
-Original Message-
From: Hannes Tschofenig
Sent: den 17 mars 2020 12:38
To: Jim Schaad ; Seitz Ludwig
Cc: 'Cigdem Sengul' ; 'Ace Wg
with your decision, is
that acceptable for you?
/Ludwig
From: Mike Jones
Sent: den 16 mars 2020 19:43
To: Seitz Ludwig ; Chuck Mortimore
; hannes.tschofe...@arm.com
Cc: drafts-expert-rev...@iana.org; cwt-reg-rev...@ietf.org;
chuck.mortim...@visa.com; draft-ietf-ace-oauth-au...@ietf.org; ace
Hi Mike,
I will of course abide with a majority decision of the designated experts (note
that I’m one of them too). I would therefore be very interested to hear Hannes
take on this.
Regards,
Ludwig
From: Mike Jones
Sent: den 13 mars 2020 19:17
To: Seitz Ludwig ; Chuck Mortimore
Cc: Ludwig
Hello Mike, Chuck,
Thank you for clarifying your assessment Mike, thank you Chuck for weighing in.
Mike you say: “the scope claim is specific to the ACE OAuth protocol”
This is not entirely correct, since the scope claim is defined in RFC 8693
for Token Exchange, which is not an ACE
; Goeran Selander
; Samuel Erdtman ; Seitz
Ludwig ; Erik Wahlstroem
Subject: New Version Notification for draft-ietf-ace-oauth-authz-33.txt
A new version of I-D, draft-ietf-ace-oauth-authz-33.txt has been successfully
submitted by Ludwig Seitz and posted to the IETF repository.
Name
Hello ACE,
This update fixes the review comments from the IANA designated expert Brian
Campbell for the
OAuth registries.
/Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 11 januari 2020 17:20
To: Hannes Tschofenig ; Goeran Selander
; Samuel Erdtman ; Seitz
Hello Brian,
Thank you for this review!
I have added text to clarify the formatting of these parameters and claims when
used in JSON-based interactions.
More comments inline.
Regards,
Ludwig
From: Ace On Behalf Of Brian Campbell
Sent: den 10 januari 2020 21:57
To: Ludwig Seitz
Cc: Roman
Hello ACE this fixes the review comments by Brian Campbell, the designated
expert from IANA for the OAuth and JWT registries.
Regards,
Ludwig
-Original Message-
From: internet-dra...@ietf.org
Sent: den 11 januari 2020 16:37
To: Seitz Ludwig
Subject: New Version Notification
Hello Brian,
Thank you for the re-review! Comments inline.
I will be issuing a draft update soon-ish.
/Ludwig
From: Ace On Behalf Of Brian Campbell
Sent: den 10 januari 2020 21:16
To: Ludwig Seitz
Cc: Roman Danyliw ; oauth-ext-rev...@ietf.org; Daniel Migault
; Jim Schaad ; Benjamin
Kaduk ;
Hello Charlie,
Thank you for the review, sorry for the tardive reply (things got a bit chaotic
due to an affiliation change on my part). The -10 version here:
https://datatracker.ietf.org/doc/draft-ietf-ace-oauth-params addresses your
comments given the additional explanations by Ben.
Please
Hello Elwyn,
Sorry for being a pain. I have one more comment.
/Ludwig (now finally from the corporate account)
From: elwynd
Sent: den 22 december 2019 19:27
To: Ludwig Seitz ; Elwyn Davies ;
gen-...@ietf.org
Cc: last-c...@ietf.org; draft-ietf-ace-oauth-params@ietf.org; ace@ietf.org
55 matches
Mail list logo