in the ACE
protocol, although I think that is a candidate for an extension draft in the
future.
-Original Message-
From: Ace On Behalf Of Stefanie Gerdes
Sent: Tuesday, September 8, 2020 2:33 AM
To: ace@ietf.org
Subject: Re: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35
Hi John,
the hard
Hi John,
the hard-coded list of authorized AS' is only one possibility for
authorization on the client side. I think we agreed that it is not a
very good one. The client may also dynamically obtain if a certain AS is
authorized. In this case, it is useful for the client to know for which
AS it
Hi Stephanie,
Regarding the section that you quoted: "the client MUST be able to determine
whether an AS has the authority to issue access tokens for a certain RS. This
can for example be done through pre-configured lists, or through an online
lookup mechanism that in turn also must be
ttacks in the IoT space is very serious. Recently, the lagest
> DDoS attacks have all been using IoT devices. New protocols should mitigate
> amlification and DDoS attacks.
>
> Cheers,
> John
>
> -Original Message-----
> From: John Mattsson
> Date: Monday,
tacks.
Cheers,
John
-Original Message-
From: John Mattsson
Date: Monday, 7 September 2020 at 12:45
To: Seitz Ludwig , "ace@ietf.org"
Subject: Re: AS discovery in draft-ietf-ace-oauth-authz-35
Hi Ludwig,
The problem I have is that the current mechanism is presented as
Hi John,
On 09/07/2020 12:45 PM, John Mattsson wrote:
>
> The mechanism is not presented as an error message when the client in good
> faith tries to access a resource. It is presented as something C do
> intentionally to dicsover the AS. In the description in the draft, C is
> clearly aware
Hi John,
please see inline for remarks in addition to Ludwig's response.
John Mattsson writes:
> I just reviewed draft-ietf-ace-oscore-profile. This made me wonder
> about the AS discovery mechanism in the ACE framework. Why is this
> particular discovery mechanism given so much attention? Of
covery in draft-ietf-ace-oauth-authz-35
Hi John,
Replies inline
/Ludwig
> -Original Message-
> From: Ace On Behalf Of John Mattsson
> Sent: den 5 september 2020 14:53
> To: ace@ietf.org
> Subject: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35
>
> Hi,
&
Hi John,
Replies inline
/Ludwig
> -Original Message-
> From: Ace On Behalf Of John Mattsson
> Sent: den 5 september 2020 14:53
> To: ace@ietf.org
> Subject: [Ace] AS discovery in draft-ietf-ace-oauth-authz-35
>
> Hi,
>
> I just reviewed draft-ietf-ace-o
Hi,
I just reviewed draft-ietf-ace-oscore-profile. This made me wonder about the AS
discovery mechanism in the ACE framework. Why is this particular discovery
mechanism given so much attention? Of all possible discovery mechanisms, this
seems like one of the worst as:
1. It requires a
10 matches
Mail list logo