Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-12-13 Thread Ludwig Seitz
On 13/12/2018 15:42, Stefanie Gerdes wrote: Hi Ludwig, On 12/12/2018 10:47 AM, Ludwig Seitz wrote: The value of checking the iss field is indeed limited, but if present I feel it MUST be checked. The text does say that the RS must check the integrity of the token (see 5.8.1.1.) "Since the

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-12-13 Thread Stefanie Gerdes
Hi Ludwig, On 12/12/2018 10:47 AM, Ludwig Seitz wrote: > The value of checking the iss field is indeed limited, but if present I > feel it MUST be checked. > > The text does say that the RS must check the integrity of the token (see > 5.8.1.1.) > > "Since the cryptographic wrapper of the token

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-12-12 Thread Ludwig Seitz
On 12/12/2018 10:27, Stefanie Gerdes wrote: Hi Jim, thank you for your quick response. On 12/11/2018 09:38 PM, Jim Schaad wrote: C may receive keying material for the communication with RS from AS. Unfortunately, the AS does not inform C how long the keying material is valid. C therefore

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-12-12 Thread Ludwig Seitz
On 11/12/2018 21:38, Jim Schaad wrote: -Original Message- From: Ace On Behalf Of Stefanie Gerdes Sent: Tuesday, December 11, 2018 4:11 AM To: Ludwig Seitz ; ace@ietf.org Subject: Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz- 17.txt and draft-ietf-ace-oauth

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-12-12 Thread Stefanie Gerdes
Hi Jim, thank you for your quick response. On 12/11/2018 09:38 PM, Jim Schaad wrote: >> >> C may receive keying material for the communication with RS from AS. >> Unfortunately, the AS does not inform C how long the keying material is > valid. C >> therefore may use outdated keying material for

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-12-11 Thread Stefanie Gerdes
Hi, I looked through the document again. Many issues have been fixed, but I still have some comments: I still think that Section 5.8.1, in particular 5.8.1.1 should point out that RS must check the integrity of the token und validate that it stems from an authorized AS. Checking the iss field

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-11-28 Thread Jim Schaad
rg > Subject: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz- > 17.txt and draft-ietf-ace-oauth-params-01.txt > > Hello ACE, > > I have just submitted new versions for draft-ietf-ace-oauth-authz and draft-ietf- > ace-oauth-params addressing the WGLC review co

[Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

2018-11-26 Thread Ludwig Seitz
Hello ACE, I have just submitted new versions for draft-ietf-ace-oauth-authz and draft-ietf-ace-oauth-params addressing the WGLC review comments and the discussions from the IETF 103 meeting. I would encourage the reviewers to check if they feel that I have sufficiently addressed their