Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-08 Thread Jim Schaad
in the ACE protocol, although I think that is a candidate for an extension draft in the future. -Original Message- From: Ace On Behalf Of Stefanie Gerdes Sent: Tuesday, September 8, 2020 2:33 AM To: ace@ietf.org Subject: Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35 Hi John, the hard

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-08 Thread Stefanie Gerdes
Hi John, the hard-coded list of authorized AS' is only one possibility for authorization on the client side. I think we agreed that it is not a very good one. The client may also dynamically obtain if a certain AS is authorized. In this case, it is useful for the client to know for which AS it

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-08 Thread John Mattsson
Hi Stephanie, Regarding the section that you quoted: "the client MUST be able to determine whether an AS has the authority to issue access tokens for a certain RS. This can for example be done through pre-configured lists, or through an online lookup mechanism that in turn also must be

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-08 Thread Seitz Ludwig
ttacks in the IoT space is very serious. Recently, the lagest > DDoS attacks have all been using IoT devices. New protocols should mitigate > amlification and DDoS attacks. > > Cheers, > John > > -Original Message----- > From: John Mattsson > Date: Monday,

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-07 Thread John Mattsson
tacks. Cheers, John -Original Message- From: John Mattsson Date: Monday, 7 September 2020 at 12:45 To: Seitz Ludwig , "ace@ietf.org" Subject: Re: AS discovery in draft-ietf-ace-oauth-authz-35 Hi Ludwig, The problem I have is that the current mechanism is presented as

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-07 Thread Stefanie Gerdes
Hi John, On 09/07/2020 12:45 PM, John Mattsson wrote: > > The mechanism is not presented as an error message when the client in good > faith tries to access a resource. It is presented as something C do > intentionally to dicsover the AS. In the description in the draft, C is > clearly aware

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-07 Thread Olaf Bergmann
Hi John, please see inline for remarks in addition to Ludwig's response. John Mattsson writes: > I just reviewed draft-ietf-ace-oscore-profile. This made me wonder > about the AS discovery mechanism in the ACE framework. Why is this > particular discovery mechanism given so much attention? Of

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-07 Thread John Mattsson
covery in draft-ietf-ace-oauth-authz-35 Hi John, Replies inline /Ludwig > -Original Message- > From: Ace On Behalf Of John Mattsson > Sent: den 5 september 2020 14:53 > To: ace@ietf.org > Subject: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35 > > Hi, &

Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-07 Thread Seitz Ludwig
Hi John, Replies inline /Ludwig > -Original Message- > From: Ace On Behalf Of John Mattsson > Sent: den 5 september 2020 14:53 > To: ace@ietf.org > Subject: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35 > > Hi, > > I just reviewed draft-ietf-ace-o

[Ace] AS discovery in draft-ietf-ace-oauth-authz-35

2020-09-05 Thread John Mattsson
Hi, I just reviewed draft-ietf-ace-oscore-profile. This made me wonder about the AS discovery mechanism in the ACE framework. Why is this particular discovery mechanism given so much attention? Of all possible discovery mechanisms, this seems like one of the worst as: 1. It requires a