Internet Engineering Task Force 113, 25 Mar 2022

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF113-GNAP-20220325-0900

Description

GNAP meeting session at IETF113
2022/03/25 0900

https://datatracker.ietf.org/meeting/113/proceedings/

A

A

It feels also good to be able to badger people for fun and profit.

A

A

All right, it's ten o'clock.

A

I guess we should get started so um if somebody could volunteer to take notes um and I'm looking at the remote participants who who um there are 17 of you well 16, I guess so if anybody could step up and volunteer to take notes that be very, very helpful.

A

There is a note-taking tool in right there in meet echo, it's very, very easy to log in and use.

A

A

Thank you, christopher perfect, uh christopher nacio has volunteered to do that. All.

B

A

So jaron, I think we can sort of just get uh get the show on the road at that point. So um this is the session. um Let's get to the note. Well, um no, the note well well, as the saying is.

A

And uh your own, this is usually when you tell people to sign up to meet echo.

C

Yeah, this is where you tell local people, of which there are very few, to use the local tool, the local tool, the in-person tool, and then remote people already know what to do, because they're here.

A

Exactly all right: uh well, we have a note taker uh and uh hoping we get good notes in hedgehog and I think with that, the agenda um so we're basically gonna, have um justin up here. Talking and he's also gonna attempt a live demo from from. You know, tempting the gods of the demo gods to see if we can actually do a live demo based on the hackathon, which is going to be fun, but um we have a lot of stuff to go through.

A

So um I think we'll just invite you up and I'll switch the slides over to protocol update and, uh let's see here.

D

Embedding editor.

A

Editors update there, you go.

E

E

There's this stupid open id thing it makes me do every time come on.

F

Yeah all right.

A

I wonder who came up with that stuff.

E

Yeah that stuff stopped all right yeah, so I have requested. Have you.

A

E

How do I see that I think it's the thing that's lit up.

A

I don't see any anyone asking me for. Oh.

B

A

B

No where's that list go to the list.

E

Oh there we go here, we go gotcha and that way I should have slides magic. There we go there. We go awesome all right so good morning. Everybody welcome to the last day of ietf 113.. uh I am going to be presenting all of the presentations today, uh because fabion was unable to travel here in person. He's online, though I saw and aaron was unfortunately unable to make it this morning. He is also online and we'll be jumping in from time to time.

E

So, um first off we are going to go through the protocol update I'm going to go through the changes to the core draft since iatf 113, that's uh from version 8 to version 9.

E

and including all of the editorial and functional changes, because there's there's been a fair bit um and I want to take a take a pause to say that we have not been focusing on the rf, dr on the rs draft, uh during this time frame.

E

um The reason for that is that there's still been enough sort of editorial and structural stuff. That has been happening in the core draft that the editors didn't want to split our focus and split our attention too much right now, because they do. The two drafts are intended to work fairly orthogonally with each other. So um the idea being we can get the core draft uh even more solid and then start focusing on the rs draft in the future. All right!

E

So if you download the slides, all of these links are live. uh You can go and look at the actual diffs between all of uh all of the different drafts. If you're curious about the actual text that we changed, um we did uh 37 pull requests on the core draft and uh and two on the rs draft.

E

Although we did not publish a new version of the rs draft in this time frame and again, if you go click on those uh live links, um that'll actually pull up a list in github of everything. That's changed during that time, so that you can see the actual changes with all the commentary and everything like that.

E

All right, we managed to close uh 40 issues in the uh in the core github tracker um in this time frame. Again, you can go look at that list yourself, see all of the things that we've managed to close.

E

Almost all of those are closed with actions that are tied to one of these pull requests a few of them.

E

They were either duplicates of other p of other issues and we tied the conversations together or things like that, or we went and um read through them and decided and and brought to the group. The fact that you know this, this has kind of been overrun by events or.

B

E

There wasn't consensus to make the changes requested or something like that, but for the most part, the issues that we've been closing. uh We are actually making uh changes into the text to make it more consistent to make it more readable and to make it more robust overall and no issues closed on the on the rs draft.

E

So, on the editorial side, things fell into three different categories. um First, and uh this is this- is a big one for a draft this big. um I forget our page count right now, but uh it's it's a very extensive draft um text.

E

Consistency is going to be a really really big thing, because sections get written at different times by different authors by different people and stuff, like that, so there have been a number of things over the last six months, so uh you know the last ietf period and this period, where we've realized that we haven't been using terms correctly or somebody asks like. Why do you call it this here and that there and stuff like that and most of the time, there's actually not a good reason?

E

And so there's been a lot of cleanup on that. So two big issues for that ones- I want to point out- is excuse me, use of the term end user and use of oh I'd, have to click through to remember what the other one was anyway again. These are all live links, uh thanks to aaron's, editing on all the slides, these all actually link into uh github uh the actual github issues uh and and pull requests the, um as you can see, there's a lot of editorial stuff that went in here. These are typos.

E

These are formatting. These are you know, little bits and pieces um and then, finally, a lot of what we just put under cleanup like it's, not even really changing editorial text. It's shuffling headers and things like that functional changes uh we actually had a few, um a few good ones and I'm gonna go into a couple of these categories in more detail as part of this presentation.

E

um Actually, if you guys don't mind, uh would you guys mind if I took my mask off while I'm talking because trying to project in a mask all right? Thank you.

E

Thank you. Trying to project in that mask is a little a little difficult, um so uh we have a very extensive security consideration section now. um It's obviously not complete, because you know it's a security protocol there's going to be a lot of security considerations, but we added sections on a few new attacks or newly identified attacks and either the mitigations or the descriptions about them uh are now in the security considerations.

E

One of the things that we did with the security considerations in this uh in this round and tied a little bit into the last revision as well was we tried to make sure to have forward links from the um from the actual normative text that was making the requirements and forward link into the security considerations.

E

That explains why you would want to do that or the additional things you might want to think about and and talk about, uh we made some changes to the subject: identifier format, sect, that's tracking work in the sec event group that is uh wrapping up, um hopefully real soon right now, um I did a bit of work on keys and discovery.

E

Some changes in how, uh in the interaction section and I'll, be talking about the changes in the user code uh mode specifically and those of you that were in the oauth working group. This will um you know this this. This ties into some of the discussions that have been happening there as well.

E

um We finally have error codes thanks to thanks to aaron, um and I I totally take the blame for us not having uh uh error codes up until now, because I got into the lazy habit of saying it returns an error and linked to the to be defined error section um so aaron went through and created the error code, section and um sort of established the pattern of what these will look like and um we're still still kind of backfilling, some of the places in the spec that need to define specific errors, but I think we've got a lot of them done right now and we had a couple of different changes to uh to how token management works and I think we're going to go over those in a bit all right.

E

Oh here we here we go. That was the other change I forgot I for aaron was sorry. Aaron was supposed to do these slides, so my bad. um So on the editorial side, uh we were more deliberate and consistent about the use of uri versus url anybody. Who's tried to get something through the iesg knows that this we would have been raked over the goals for this anyway, um so good to at least try to be consistent and correct. About that now turns out.

E

Most of the places inside gennapp are don't really need a url, so almost everything is a uri inside the spec space and the use of end user without the dash, as opposed to end user with a dash and uh one one of the big ones for readability um that that, I think, is actually uh you know it's one of those improvements that you don't notice until you're.

E

Reading text that doesn't have it is the parameter lists are all listed now in such a way that things are actually uh consistently listed out in terms of what the parameter is its description and whether or not it's required all right, so user code interactions.

E

um Previously we had this kind of wishy-washy text about the user code, interaction mode.

E

That said, that you return a user code for a user to type in and then a uri which shouldn't vary, but it was kind of allowed to and if it did, then maybe you should do something about it, but the client wasn't actually required to do anything with that, because the client was supposed to be able to count on that being static and all this kind of stuff we've realized for a while that that was that that was kind of messy and um we finally uh finally came up with the idea of actually splitting the user code mode into uh into two separate interaction modes.

E

Just very simply, there is now user code, which has no uri and user code uri, which does have a uri. The expectations of the client instance are different in each of these cases, right so um for user code. That's the art, that's the slides! So for user code you just get back the code and the uri, where you type that in is assumed to be static and known out of band. So this is for stuff that can't actually display anything. Maybe it's like talking or something like that.

E

um So, and displaying any kind of uri that might be dynamic is just too big of a lift uh for this kind of thing. um So for that we have just the plain user code user code uri, you have a user code and a uri to go type it into now that uri could vary, but it is not intended to be a secret uri.

E

It is, however, intended to be variable such that when you are, uh you know, say talking to a new as or talking to a multi-tenanted system, or something like that.

E

You might get back a different uri for a different tenancy depending on what it is you're connecting and what it is you're asking for, and things like that, a client asking for this mode is making the declaration that I can display not only or I can communicate, not only the user code itself, but this short uri and the expectations from the as are the are that these are both supposed to be short enough and simple enough for somebody to type in right. These are not uh you know, 32 character, random things and stuff, like that.

E

um These are all meant to be very simple user typable. uh That is the expected and defined ux for both of these all right.

E

So the reason for the change is that things were ambiguous before we think that this does make it clear, even though it is, is adding another interaction mode to the possible list. It does give you a way to declare what your capabilities are at a more fine-grained model, and that, fundamentally, is um is really key to how can app manages all of its user interactions right. The client instance shows up and says this is what I can do and the as responds to okay.

E

These are the bits that I support, and this is this is what I can give you. So a client instance saying that it can do both of these. I can do user code or user code uri the, as might give you different codes for both. It might only give you one of the two, because you've said you can do either and it's gonna, let you um it's gonna, let the client pick which one it actually wants to engage in right. If the eas supports both this does raise an interesting question, though the two interesting questions.

E

The first is that user code, which was previously coming back as an object, is now an object with a single sub member, which is always a string.

E

So, like we've done in a lot of the rest of the nap protocol, should this be collapsed up into just a string return value, I think so, and it would look something like that. You would just get user code and just get the string back.

E

We need to make sure that we don't expect any other extended parameters inside of that, but I think with the new tighter definitions, I don't think that that's going to happen. uh That would be a sin. That would be an additional syntax change, but I um personally, uh I think that that is a good way to go.

E

This also raises the question- and this is relevant to the a lot of the discussions we've been having in the oauth working group recently. Does the redirect mode? Is that actually a good name for it, um because redirect in ganap doesn't actually mean redirect it means I can communicate an arbitrary uri to the end user and get them to go there. Somehow now I might do a redirect, I might launch their system browser. I might display a giant qr code for them to scan on a secondary device.

E

An apt actually doesn't make an assumption, whether it's a single device or a multiple device based on this alone, all of that single and multiple device stuff that is tied up into the interaction finish method, which is declared separately from all of this.

E

So with that in mind, the editors are uh opening the bike shed discussion of.

E

Should we rename the redirect mode, because it's not really just redirect it never actually was just a redirect um in implementation um and as you'll see during the uh during the hackathon demo, the um the scannable qr code thing uh that aaron has on his command line. Client uses the redirect mode, even though there's no redirection happening and it's on a secondary device.

E

um So do we call it arbitrary uri? What do we call it? I don't know, um but that is something that uh that we need to consider all right.

E

Subject: information request this is what fabian did to align the uh the subject, identifier and assertions uh with each other. More than anything else, uh he realized when doing work on uh updating the subject, identifier formats to be in line with the with the latest sec event. Draft that um the way we were asking for assertions um and subject identifiers was it they didn't match each other.

E

um So now you ask for sub id formats and assertion formats and they're both lists of identifier, strings format, identifier strings but more importantly, the response now comes back using a similar structure.

E

So subject identifier formats are defined by the sec event draft um we are using pretty much the same kind of structure for assertion, response and right now assertions are defined to be a a single json string in the value with the format as the as the indexing key to tell you how to parse that if there are other formats that could use other structures in there, um you know we're open to that. We haven't seen any examples of it yet because the only ones that have come up so far have been open.

E

Id connect, id tokens and saml assertions and both of those would just get chucked into a json string. So this is what we have right now we'd like to see this exercise more to figure out if it needs to be more flexible, but I do think that this is a big improvement over the previous method, which allowed you to only do one assertion of a given type and it was a different type of indexing and formatting than what we had before.

E

We also editorially cleaned up a lot of the uh the text around how these things align with each other. um The fact that uh you know the assertions and the identifiers should be about the same person, but they might use different identifiers. So, for example, you get back an id token. That has a subject identifier, but you ask first that has the issuer and subject inside the id token.

E

But the subject identifier you ask for is an email address right, and uh so those are different identifiers used for the same person, but it is um implied by the as as part of this contract that these are pointing to the same person.

E

That's part of the request and response, like I mentioned before a whole bunch of security considerations, got added um a lot of these came from the community. So thank you to um you know. Florian, I know wrote a couple.

E

I'm I'm really bad at remembering names. I'm sorry. A few people wrote these, um but uh tightening down redirect codes um bits on session management. The session management one is actually a little bit interesting. We used to have normative requirements about session management, which made absolutely no sense in practice, and so we backed off the normative requirements and turned that into a more comprehensive security considerations, with advice about what to look for and how to do it.

E

That is going to depend on the type of client instance and deployment that you have there's a really interesting attack about how you replay stolen tokens, even though gnapp uses bounce tokens by default, uh there's still an ability to poke a client to get it to replay a bound token. So this is also relevant for oauth mtls and oauth depop, and things like that, um and that's that's actually where the attack was first discovered and uh researchers applied it to get out.

E

um So we've got uh discussion on how to mitigate that um considerations on uh self-contained access tokens, especially as it relates to token management inside of gnab. um So gnap has an explicit token management uh layer to it. um That is separate from requesting the grants and the thing uh you know it's, it's like the little statements that are in the uh oauth revocation draft about like. If you can't revoke a token, then the token's not revoked right.

E

uh If you have a completely self-contained token and you try to revoke it, it's well, that's that's a you problem and excuse me, and that is all um that's all uh recorded here now, um oh and another big one that I have not seen nearly enough in um in this space is a server-side request. Forgery anytime, a protocol allows a an input of a uri for the server to fetch for the authorization server to go and fetch, whether that be the client's keys or in gnapp's case the logo and home page, and things like that.

E

You open up a vector for an attacker to be able to craft a uri to go and fetch things. We saw exactly how bad this can be with the log4j vulnerability earlier this year, where something was very exploitable to anything to any deployment that was vulnerable to ssrf.

E

So we're calling that out now all right for the mix-up attacks a little bit more detail on some of these for the mix-up attacks.

E

The recommendation is that a client that is capable of talking to multiple asses should use a different key for each, as this completely prevents a whole class of attacks of the client being handed a token that was supposed to be used with one set of rss um and or was supposed to be fetched with one rs uh with one as and uh actually getting it from an attacker's.

E

As for the attacker to be able to inject it, um it's a really simple thing for a client to be able to do inside of ganap, and now we've called that out explicit I've already talked about most of these, I forgot that we had slides for each of these. My bad um yeah. I already covered this. This was the user presence and session management requirement.

E

This is uh aaron's error responses. These are the these are the responses here um and one. I do want to point out uh that I think is interesting. uh The last one request denied, which is separate from user denied- that's basically the as saying no and I'm not going to tell you why. So if you have some reason to distrust the client instance or something else happened it, this is just saying no, like the the request is over and you're done. um I want to point out for anybody coming from the oauth side.

E

These are all uh error, responses that come in the back channel. Only the front channel does not carry any error codes at all, which already closes a huge set of potential vulnerabilities. All right so.

E

Right so uh the token rotation changes that we have in there um when you go and rotate a token through the token management system in ganap. That means that you are getting a replacement for the token that you are rotating.

E

That's the intended semantics of that move if you are making a request to continue a grant with the same set of rights and permissions you're asking for a new token to be issued as part of that grant now, the old token may or may not be thrown out, in that case, that's kind of up to the, as at least how it's currently written.

E

When writing all of this, we realize, though, that we really need to have a more explicit grant life cycle, discussion and I'll cover that, in a later presentation,.

E

Sorry, it's not going.

E

Life, can you advance.

A

Yourself with your um re-requests yeah,.

E

I will I am going to re-request.

A

And, oh, oh, did we lose the.

E

Yeah, I'm I'm doing it right now. Okay,.

A

There we go it.

E

It asked me to share okay, all right, I'm gonna, try and page through this.

E

Token rotation perfect all right or is that just the last slide.

E

That might just be the end of the presentation.

A

Well, I I don't see it because you're sharing, so you should be seeing the oh well.

E

Then it's the last.

A

I think I think it's okay.

E

All right, I think this is the last slides uh again. Sorry, I didn't. uh I wasn't prepared to present this deck this morning, uh so anyway, that's the state of the current core draft. uh The editors are still uh working through issue backlogs and um and things like that. uh Any questions on where this is before we move to the next uh presentation.

A

Nobody online- I, I guess not, I'm.

E

A

Somebody um so jay hoyla is asking so I haven't read any of the drafts or anything but with the computer attacks. Would it be possible to have a master key and then use the kdf to produce an independent key for each ass.

G

Sorry yeah, that was me: oh oh yeah,.

A

G

Ahead there you go yep, so yeah. As I said, I haven't read any of the drafts or anything, um but with the confusion attack a few slides before yeah.

A

G

Ahead, it says um you should use a different key for each ass. Yes, would it be possible to do something where you have a master key, and then you use a kdf to derive a different key for each as yeah. Absolutely.

E

Yeah, absolutely, and um uh at the end of the day, as far as good map is concerned, as long as the as accepts the key for the client instance and whatever trust logic, it needs in order to accept that key as long as the as accepts the key, it's fine, um and so, if you're, in an ecosystem, with like multiple uh as's that are in like a tight federation relationship- and you know you can tell that this has been derived from a certain master key or it's co-signed or some something like that when that key shows up- and you can verify that that's great uh gnapp actually doesn't care how that trust gets established as long as it is established.

E

So, yes, you can do exactly that very.

G

Cool. Thank you. Yep.

A

Well, we don't have anyone else on the queue, so we might as well go ahead and all right, yeah and now the hackathon.

E

Is the next one? It is.

E

All right so this last weekend, um aaron parechi and I sat down in the hackathon and implemented a whole bunch of stuff, and um I'm gonna tell you guys about what we did. um You know what we learned from that, including some uh some feedback for the drafts that we were implementing themselves and uh hopefully, hopefully show you guys. Some of this stuff live we'll we'll see how that goes.

E

All right, I'm going to skip the what is gnapp slide. These are slides. We wrote for the hackathon results.

E

Our focus during the hackathon was uh that all the requests would be protected with http signatures. um We were trying to build stuff. You know from from sort of ground up as much as we could using existing libraries for components where they were available, building them, where they weren't.

E

And we, our goal was to be able to make requests, make valid requests for access tokens and get the user to interact with the aes. Now, because gnapp is such a flexible protocol, we limited our scope of what we wanted for interaction. What we wanted for access tokens and things like that, but at the end of the day it was mostly about getting these messages along the wire.

E

So we built a whole bunch of new code, php code that aaron wrote from scratch for a cli and a web client. um He, uh if I recall correctly, he built the cli first, then refactored out sort of the core bits of that and built that into a php website as well uh that work that acts as a good app client.

E

um I built a javascript spa single page, app um again pretty much pulling things from scratch. I had a basic react: react shell uh from previous work that I had done throughout pretty much everything that was in the middle of it and and put that forward in the process of this, we made significant updates to existing code that we already had that we were running against.

E

So we had a java based web server client based on java spring, and we had a java based authorization server both of these needed to be tweaked um because it turned out there were some errors and bad assumptions. Inside of uh of each of those implementations.

E

Now we leveraged as many existing libraries as we could find, um but in a lot of cases uh there weren't full libraries on hand to build this stuff out. So those of you that were in the again the oauth meeting the other day, the whole lack of you know good libraries to do things.

E

This is as important for uh the component pieces of a system as it is for somebody just being able to pull down a nap library and go which we wouldn't expect at this point in time, but being able to pull things down for http, structured fields and cryptographic primitives, and things like that. That was all really important for aaron and I to be able to build stuff all right.

E

What we learned is that in particular, http signatures is very complex to do from scratch. Now I want to emphasize that last bit there signatures itself hb message: signatures in cell itself.

E

Isn't that crazy, once once, you kind of you know, get your head around how the fact that you're doing a detached signature system, but there's a lot of moving parts so having libraries for manipulating things like http, structured, structured fields and all of those data structures goes a very, very long way having knowledge about how to get strings properly in and out of or really bite arrays in and out of your platform's chosen, crypto library.

E

How to um how to get keys in and out of that, uh crypto library, that kind of knowledge you would need for any crypto system, and um it applies to this no less. There were a couple of surprising bits that were more fiddly than we expected in particular turns turns out that the order of the parameters um was not on on one of the http. Structured fields was not being preserved on one of the platforms that we were going on and when you're doing a when you're doing a cryptographic operation.

E

If you've got parameters swapping order, semantically, we didn't care what order the parameters were in, but when you've got parameter, swapping order that changes your input string that completely breaks all of your signatures.

E

So, ideally, the end goal for http message signatures, um and this is uh we're taking back to the http working group. um The end goal for that really is that it really should be transparent within http uh library platforms.

E

That's what that's that's the layer it should be working at. I should be able to say, make an http request and sign it with this.

E

Key excuse me, uh I will say, though, once we had that part. The rest of the gnat protocol came together very very quickly, um so um I also want to point out that aaron and I built our signing functions deliberately so that it they would sign an arbitrary http message.

E

We could have hard-coded a bunch of stuff to say, okay. This is just making a good app request and setting the fields this way and stuff like that. Neither of us wanted to do that. We both wanted to have something that says, given an http url to go to and a key sign this and send it. So the hackathon was as much a http message signatures implementation as it was, can happen, but once we had that function in place on all of the different platforms, everything else really kind of um went fairly smoothly.

E

Gnapp at its core is a json based protocol with certain semantics on on different fields, and so getting those json bits in place was definitely the easy part.

E

And I learned that I still hate javascript, it's it's, it's just a bad idea, all right, so things we learned from actually building this about the specs for gnapp. We discovered that we need a way to communicate the proof parameters.

E

So when you're doing http message signatures, for example, you've got a signing algorithm and a digest algorithm, and um all these other sort of sub layers of that that are not communicated with just the key that says, do http signing same with jws detach signing. uh You would want to be able to communicate the jw. The target intended jws algorithm um inside of that as well as opposed to just accepting whatever signed object, came in because we know that that is. One of um that is the basis of one of jose's.

E

You know most most famous misimplementations um people just accepting whatever whatever algorithm is in the jws structure.

E

um We realize that the life cycle is unclear in when you're actually exercising the protocol and that's why the editors are going to focus on this uh during the next cycle here.

E

um So the fact that we're doing a at one step of the process, in some circumstances, we're doing a post with no message body we finally took us, took a beat and asked ourselves. Why are we doing a post with no message body? Is this more semantically like a get? Does this make sense, that's the type of stuff that we need to step back and ask us: uh ask everybody: what does each piece actually mean and and what are we doing with it?

E

um So that is going to be the big focus for for the next bit, which we'll get into in in the later presentation in detail.

E

um We definitely need to uh externalize some of our uh references, like our hash reference for the interaction hash, aaron found a an existing registry we can use for that which we're going to be changing to.

E

um We need during the hackathon aaron, and I actually got into an interesting and lively debate about what the hash actually protects and drew up a few diagrams. So I've already put in a pr to add the diagram that we drew during the hackathon to the uh to the draft and security considerations and um yeah and, like I mentioned, there's a little bit of semantic cleanup that some of the names might not make as much sense as as we originally thought.

E

um Http structured values is a fantastic, uh fantastic, spec, uh rfc 8941. I think it is now um it's absolutely brilliant, but it's weird because it is very http. Ish and http is a weird protocol.

E

um So if you're, not thinking in very http kind of structures and terms, it can be jarring to, and the first question you are going to ask- is why isn't this just json there's a good reason that it's not just json there's a lot of good reasons? Actually, but some you know some more starter guides for structured fields would be really good to see.

E

And I mentioned with http signatures already. um This really needs to be built into uh the http libraries, and this is something that I would like to really see happen. We are seeing a lot of uptake of um developers on different platforms. uh Writing uh signature, implementations people have been waiting for the ietf to actually declare an http message, signature process for a long time now and so we're seeing developer uptake. Hopefully it's a matter of time before those get uh more tightly integrated, all right.

E

So now it's time for the demos um we have the cams demos here, but I am actually going to go and grab my laptop.

A

Live demo, not not not something you see every day in the itap.

E

All right, so you guys get to uh get to see this fail, live.

A

All right, let's.

E

A

Prove something all right well,.

E

A

The screen share from your laptop.

E

Yeah, exactly and apparently I need to, I think, meet echo locked me out because I logged in for my phone.

A

God forbid that you should over consume itf meetings from separate devices.

F

E

All right and the infinite tunnel- yes.

E

All right so here's to hoping this works and you guys can follow along at home. um If you go to uh ganap c dot, herokuapp.com.

E

You get the same the same screen now. This is set up to very much be an engineer's interface because, as you can see here, these are all of the parameters for a gnap request right.

E

Some of them are just defined in raw json, so I hope your mental json serializer is really good because it does not fail gracefully. If you break your json sorry, we had a weekend.

E

And I am going to do um a redirect mode here, I'm going to create new request and, in the background, is where all the interesting stuff happened right. um This is the problem with doing a demo of a security protocol. It's you click a button and something works.

E

All the fun stuff is happening off on the server where it's creating the messages and signing them and stuff like that. We'll be able to see a little bit more of that when I show the spa demo in a moment and aaron's uh aaron's demo actually shows it a little bit better also, but I'm going to go here to the uh to the interaction url. This is that redirect uri that we were talking about before now up here, you can see that we are approving access uh to four different kinds of things.

E

um What's not clear from this is that the top three are oauth scope, style requests, so they're just simple strings, so if you have apis that are protected with oauth scopes, this is how gnapp represents that the bottom one is actually that large object block the rich authorization request style request.

E

An app of course allows you to do them together in the same request, and so that's what's showing up here, I'm going to approve that and then hide the form and then, as if magic, we now have an access token from the as that, we can then use to go, and um you know at apis and stuff like that.

E

All of this was done using a a java based web server. So all of the keys secrets and stuff like that are happening off on a back end out of the browser.

E

So one of the things about the um about the hackathon was that we wanted to be able to do all of this inside the browser and see what that would feel like. So.

E

This key was generated using web crypto, so navigator.credentials.createkey whatever it is, I'm actually going to go down and so look at the end value. It starts with 2i20s I'm going to go and this button, which you would never guess, does create a new key. So now our n value starts with mfx q4, completely different key generated just now.

E

This client is going to use that to make a request to the authorization server all right and oh- and I do want to point out that both the spa and the um and the java based client, one of the things that they do allow is you to set your grant endpoint right at the top, so gnapp is a protocol is designed to not really require a discovery step. uh It is you know. Negotiation is built into the protocol in a lot of spaces, so you just need this one url to kick things off.

E

Both of these clients are configurable to whatever url you want to put on and if you're running it the the code on localhost. I have a shortcut there, because I got tired of typing that in all right. So, anyway, we are going to go, create a brand new transaction.

E

It auto redirects, because I was lazy, um but this is doing the same, redirect based flow as we were doing before, and I'm going to go through all of that, in addition to all of the access that it's asking for, it's also asking for these two different subject: identifiers for me, is the user I hit approve and now, in addition to my oh, my access token, which is here, I also have a user information in form of an email address and then a server specific, opaque identifier.

E

All of that came back straight to the client. This is not wrapped up in an id token, this is not a user info call. This is information that is just dropped directly back to the client in a back channel response so that the client can just pick it up and use it. You can, additionally, as we saw, uh do the assertions and things like that. You can of course, call apis that are as specialized as you want them to be.

E

On top of this, as well just in exactly the same way that openid connect does but one of the optimizations that can app adds, is this ability to send the subject information directly back to the client without the additional wrapping for the cases where you don't want or need that?

E

um So that's what I have for these demos erin, if you're available to do your demo.

F

F

All right, I'm also going to share my screen.

F

Oh no, why did why did my permissions get reset.

F

E

Have to rejoin uh it's telling us it's starting, oh is, is it permissions.

F

E

F

My chrome permissions I'll be right back.

E

Okay, aaron is reconnecting.

E

uh Any questions on that demo before we move forward.

G

Jonathan hoyland cloud player- uh this is just like that I was bringing up in chat um again. I haven't read any of these documents or anything right, but um the the message format the signatures. um Do. They include a uh like a string that says, like gina such that you couldn't possibly use this interface as an oracle like if I, if I have a dumb client that will just sign anything and.

B

G

Wired that up to the network does the does. The api require the string, gene app to always be added, or some distinguishing string such that I can't persuade some client to sign, saying it shouldn't or to produce a signature.

E

That it shouldn't, rather so clients in general, should not be producing signatures on things on messages that they aren't sending themselves so think of it more like making a tls connection.

E

um It's only going to your tls stack is only going to encrypt stuff for sockets that you're connecting to or transport yelled at me for calling it sockets before I don't remember the right term, um whatever tls does.

G

So tls does include long strings saying you know tls13 message uh and those mean that if somebody, if I'm talking to somebody malicious and I send them a signed thing- they can't then turn around and give that sign thing to some other service. To pretend to be me, oh.

E

G

Okay, I think I know what you mean, I'm going.

E

To uh open up the console, so I can show you guys.

F

What that looks like my mo, has some details on on that it shows the actual request being signed.

A

Right aaron is back, but you guys talk about this and then we'll. Let him.

E

Yeah aaron shows a lot of details, um but just inside the sba clan. I know it's a little bit small here, but uh what's happening behind the scenes, this is the string. That's actually getting signed so http message. Signatures is a detached uh signature mechanism. You generate this on both the signer and the verifier side independently, based on the context of the message all right.

E

So when I am sending a request, I take that request message and uh I decide that I am going to be signing the method, the target uri, the authorization header, the content, digest header, the content, type header and then. Finally, these are the signature parameters for the signature that I'm creating right now right all of that gets concatenated together in a in a very deterministic algorithm.

E

I sign that and then I actually send that signature. uh Where is it so? This is the signature value right here, nice binary blob alongside the uh where'd. It go the signature input line itself so that last line of the signature gets sent out in clear text kind of as a as a detached header.

E

Those get sent side by side so that the verifier can then parse that and and recreate that signed signature or that signature base verify the signature and go forward.

A

So aaron, I know you're on the line, but thank.

D

A

I'm guessing jaron. Do you want to comment on this particular point, or should we let aaron run this thing? What do you.

C

Want to do yes, actually, I do uh I'll start with the class one that signatures are reasonably easy to write. If you have a structured field library and with golang, I was lucky to have one so, um but otherwise it's really difficult and then to to jonathan's point. I support this idea. I think it's something we should consider for message signatures and my example of an analogous context is the end time type in in jobs again to to prevent confusion, mix up attacks where people are reusing.

E

Okay, that was that was hard. They don't have that in the monitor up here. But did you guys hear that okay, okay.

A

um All right so yeah I'm trying to type to meet echo about that, but um all right so aaron do you want to so. Do you want to.

E

I'm all set so aaron aaron will be sure.

D

I'm not sure I can, I don't seem to be able to grant. Can you.

F

Might need to remove justin first.

E

Yeah I stopped sharing. Oh did I not? No. I don't.

A

Think you stopped cheering there. Well, doesn't look like just there. I I stopped. No sorry there.

E

A

F

Okay, tunnel vision: let's there we go there, we go so um hi, aaron perecki. um I want to share what I built during the hackathon, so this is going to be the two versions of the same um same code, the command line version and the web based client version.

F

um Both of these are talking to the same authorization server that justin's client was talking to so just for context. You will see the same authorization screen because it's talking to the same graph server, so the command line version.

B

F

Off with um creating the request, for you know what it's, what it's trying to get access to, so I have a uh command. That's going to do that and, like I said, mine is much more verbose, so I'll explain what's going on here. um This is the string that is being signed with the private key, so it generated the key that it's got in a in a file here, and this is the string that's being signed. So um I uh this this is what ends up creating that header.

F

This is the http signatures, part which uh plus, I guess, the content digest header, and this was the part.

G

F

The font size- this is almost it's mostly um mostly a blur anyway. So thank you. um Hopefully that helps um so. The this is the http signatures part. This is the string being signed talking about what url it's talking to um the different headers being signed, etc, etc. This was the part that took the most the most work, because I didn't find an existing library for doing this, specifically http signatures part.

F

Thankfully I did find the library for doing the actual crypto work as well as building uh this header, which is the structured header structure, atp header spec, so um it goes in, creates a signature. This is the actual post request request it's making um and then here is the json. That's part of the actual gnap protocol.

F

So this is where it's saying um I can send the user to a url, I'm trying to get an access token, and here is the info about the client's key and the name of the client. um The server was able to validate that accept the key and then created this response, sending back to the client. So it's saying go over. You know send the user out to this url to continue um or sorry. This is the url to continue at the command line app. This is all sort of debug up here.

F

um The command line app. What it would actually be doing is then saying to the user visit this url in your browser or go to this url enter this code, and it can also take this complete url and show it as a qr code, for example, which might be a little bit more friendly.

F

So I can go and scan that qr code in my phone so.

E

Well, while aaron's well aaron's scanning that I want to point out in case the audio was a little low. The url, that's in the qr code is not the url that you go to enter the um the user code into it. Is that full url, which has this uh randomly generated blob at the end, which we're not expecting a user to type or memorize or recognize right, so that could be a whole encoded encrypted. Whatever thing tacked on to the end of that, because it's not expected to be user facing directly.

E

So thus, the previous question of, should we rename redirect, because that is the mechanism that's being used here, because but it's not a redirect sorry for the interruption.

F

E

F

You can see my phone screen right.

F

Yes, okay, so um I'm looking at the same authorization screen that you saw on justin's demo and then I can click approve and because there's no way for the server to send my phone back anywhere useful, it just says: go back to the device.

F

So at this point the command line app needs to go and actually do a poll. So um this little thing is in the way there we go. So I will instead do a poll and it's going to do a poll with.

F

To the here we go to the continue endpoint, which I got back in that first response, and it sends back a token that it got in that first response and uh does this whole signing dance again and because I approved the request on my phone, it actually got back the access token now so now the app is considered login and there is the access token.

F

um I guess I should have shown what happens if I don't approve the request first. So if I pull with a pending request, uh the response is sort of looks the same. There's no access token. In this response, there's just a um you know the continue url. So it's basically saying try again and if I keep doing that, it'll keep saying pending until I actually go and approve that request.

F

So that is the command line um demo and then we can look at the same thing on the web. So now this is I'm in the web browser I'm talking to this application. It's actually using the same client library underneath, but now this one's running the web browser. So I'm going to click log in we're going to see the same. Verbose debugging of what it's sending this time, it's sending it's saying we can start the user by redirecting them somewhere and we can finish the flow by redirecting them back to localhost 8080..

F

So it's gonna we're telling the authorization server to send the user back here after they log in which is different from the command line, which doesn't have a way to do that. So here's the response from the authorization server saying all right go, send the user here um and because we're in a browser. I can just put that as a link on this button. You know in a real app. I would obviously just send them right there with no interstitial.

F

We click on this. We see the same approval screen click approve, and this is going to now redirect the user back in this browser back to the redirect url, which you probably can't read the address bar, but up in the address bar. There is a a hash and interact ref and those two things combined work out to the client being able to say cool. uh Let's go make that request to um to the continue endpoint. This is the thing that I got in the url and then the response is now the access token.

F

So uh now we're logged in- and there was more info in this response, because I requested subject info, for example, in this app and um yeah we're logged in in the command line up now. So.

A

E

A

Actually worked quite impressive, so I we did have sam weiner at the q for a little bit, but I guess he stepped away. So um I think that means that we're at future work right. um Where is it yeah or is it embedding now.

E

uh It's future work future work all right.

A

I'll share and you can request control.

E

The thing is, I totally get why they do that.

E

So should have control all right um so now that we've just waited to beat no, nobody in the queue for questions on the hackathon results, all right. Okay. So where do we go from here?.

E

That's what we're going to talk about. I put a lot into that slide, um so the biggest thing that the editors did um between last ietf and now is we went through all of the existing github issues and triaged them and assigned little little less than half of them at the time to ourselves as things that like we are going to go through and close this specific one and figure out.

E

What's going on we're going to keep doing that, you know it's um it's it's a lot of overhead uh for us, but it's also forcing us to be very thorough about how we're addressing everything so we're gonna we're gonna plan to keep doing that. um But there are a couple of sort of larger issues that we know that uh we need to address in this to.

E

In order for this to be a you know, rich full and complete protocol, um the biggest thing- and this is something that I am going- I am personally going to be taking the lead on, and that is the uh life cycle of these grant requests, um because right now, there's an implied life cycle. uh You make a request. You continue it.

E

You can update it, you can, uh you know, revoke it and all this other stuff we're just not explicit about the fact that it is stateful, it's inherently stateful. So what we're going to do is we're going to add that discussion explicitly into the spec.

E

This may end up actually having uh syntactic and semantic knock-on effects to the protocol itself. Specifically, we want to be, and we know we need to be much more precise about what you're allowed to send at each stage of the protocol.

E

So if I am doing, for example, a continuation request, am I allowed to send a new client key like right, then that probably doesn't make any sense right now you're kind of allowed to and kind of not, but if I'm making a continuation request- and I send you a new interaction block, the client might actually have some additional interaction method that it realizes it can do now, based on what the authorization server has told it. You know it has new bits of information that it that it's saying I can share this.

E

So when, when do we allow that kind of thing right now, it's very ambiguous and and you're just you're kind of allowed to send it and the a.s is kind of allowed to deal with it. uh However, it sees fit. We need this to be in order for this to be interoperable at this level.

E

That needs to be much much more precisely defined, and so that's going to be one of the biggest things that we are targeting for change between now and iatf 114 this summer.

E

We've got a good feel for what this looks like the editors have been discussing this for a while and have talked about different aspects of this.

E

This is kind of the life cycle that we have in mind right. um This is a bit of a straw man. This is hardly final, but the idea being once you create a request.

E

If you need interaction, it goes into this pending approval state, where it stays until somebody approves it, and then it's approved, that's where you get tokens and eventually gets thrown out. If you create a request and it doesn't need interaction, it doesn't need external approval. So this is the oauth client credentials or assertions or some of the more advanced uma flows um that gnap can do natively.

E

Then you just go straight to approved and that's where you're getting tokens and here you're you can continue to pull it and get additional access tokens and things like that.

E

However, once you're approved, there are cases where you want to update that existing grant and that might move you back up into pending approval because you're asking for more you're asking for additional things that haven't been approved yet so, instead of kicking you out of the system entirely and saying go create a new thing.

E

uh Get app is designed to allow this sort of you know a cleaner fallback uh into say: okay, you're already here just go interact again, and this is why we need to have clarity about when you're allowed to send interact blocks and things like that inside the protocol itself.

E

um So again, this is, I will be sending this diagram out to the list and hopefully starting a conversation on this as well. um uh I surprised my co-editors with this diagram I think yesterday afternoon. So when I say we came up with it, I'm hoping they're not going to yell at me.

E

But again this is a straw man and hopefully we can. uh We can improve this.

G

There's a question from jabba euron says I was going to ask if the protocol is ready to freeze to allow researchers to focus on proof's attacks, but if we're still changing the state machine, we're not ready to be clear. I'm supportive of that.

G

E

Thank you yarn. um I don't, I think, we're clarifying the state machine, but I, uh but I agree that until this is this is fully formalized. um You know uh we don't have quite all of the tools to do the full static, formal analysis of the protocol. I think that this will actually help us a lot like once we get this written down. This is the kind of thing that feeds into formal analysis, engines and that will help us from a security perspective and also from um from a developer and implementer perspective.

E

Being able to look at this and say like this is where I am right now inside this process. Here's what I need to do next right, one of the uh one of the things that's great about oauth 2- is that it's a tends to be a very linear state process.

E

It's just you go you ask, maybe you refresh and that's kind of it where oauth falls apart, is that people start bolting on things to get these loopbacks back into the system, which sometimes means just go start over from the beginning in ganap we want to actually have that type of structure be explicitly declared inside here.

E

All right, key rotation is something we've been kind of talking about for a long time. This whole state machine, I think, will actually help us with that. uh We now have a much clearer model of where the keys are associated um and what they're associated with inside the um inside the protocol- and this is something that I actually realized during the hackathon.

E

um The way that I'm associating keys in my implementation of the authorization server probably doesn't actually match the uh the model implied by the uh implied by the specification.

E

So I need to update my code and we need to make the special specification clearer about where these things are associated, so that people don't make the same mistakes that I did and so that, if everybody is doing this, they can do it in a predictable way. Right.

E

Key rotation needs to be handled for access tokens and potentially for client instances themselves, since we also have different key proofing mechanisms inside of gnapp, and that is an explicitly extensible plugable part of the protocol.

E

We need to be able to handle these all of these different methods. Originally, the editors were trying to come up with one grand unified way to rotate keys across all proofing methods and whatnot.

E

We actually no longer think that that actu, that that makes sense, um uh because each of these different proofing methods has very very different properties in terms of uh key presentation and key verification.

E

um So what we're now proposing which we need to, we need to write the text for what we're now proposing is different ways to handle key rotation based on the proofing mechanism that that you have in use. This, of course, raises the question of what, if I want to change proofing mechanisms, say I'm doing uh htv sig and I need to switch to mtls.

E

For who knows what reason um is that something that can app is going to allow natively or is knapp going to say if you want to do that? Just start over pretend it's a brand new key: um that's that's a bridge we're gonna have to cross when we, uh when we actually get through um this section.

E

Okay, now for mandatory to implement. This is something that um uh the editors have uh gone back and forth on a lot and what we are we still don't have mandatory to implement text um partially, because gnapp is such a an incredibly flexible design.

E

uh It's meant to be used in lots of different kinds of deployments.

E

But what we think actually makes a lot of sense is to borrow something from openid connect.

E

Openid connect has an implementation, consideration section which includes profiles that say, if you are doing this type of application, here's all of the stuff. You have to include right and that's not to say that it is going to necessarily be like everybody follows that, but providing those base recipes, we think, is uh the editors are at least proposing that that is a reasonable way to approach uh the mandatory to implement question for uh for a protocol as flexible as this.

E

um So anybody in the queue for that no.

E

Okay, extensions are another really big part of the spec. uh This doesn't really change the core spec. This changes how um designers and implementers interact with the spec itself? uh Are you allowed to ignore an extension that you've never heard of?

E

um That seems like a sensible thing to do, but what, if that is the extension that actually adds security like oh office, 2 uh struggles with pixie right now, if the as doesn't know pixie it ignores pixie, and then you don't get any of the benefits, but you think you are getting them from a client perspective.

E

So this is not an as easy a question as it seems on the surface. um We are at a spot in um in the development of gnapp that we think there's a lot that we can do to make this clearer, based on what we've learned from other protocols and other systems and other stacks, and the editors are currently proposing to kind of create a section about how to add new features and functions to gnapp and what you're allowed to do with all of the different parts of the protocol.

E

Right now we have a bunch of scattered sections that says, and this can be extended and it waves to iana and that's it. We obviously need a lot more than that, um and that's that's what we're going to plan to do.

E

We do think that we have really good extension points, though, from what we've seen and what we've been talking to the people who are building this out into their out into their systems right now, the ability to extend interaction methods without completely uprooting the protocol, the ability to have different proofing methods have different user information come back.

E

Those bits and pieces all seem to feel like those are the right places to be extended.

E

So what we're really after here is not necessarily changing that and changing that nature of the protocol, but providing the right context and guidance around people who want to add additional stuff what they're allowed to do, and so that implementers of the core spec can be prepared for what weird extension somebody is going to try to cram into all of these places that we say is extensible and what you're supposed to do with that all right.

E

There is the lingering question of what to do with the two jose based uh key proofing mechanisms: uh we've kept them in core for now. This is the same slide as uh at ietf 112., I'm just bringing it up right now that this is, I think, going to be a a continual question for a while. um It's the only jose dependency in all of canapcore is is this proofing mechanism, and I do think that that is a good thing that it is limited to just this. This particular space.

E

The twin questions of does this need to be tied directly to gnapp. You know. Is it something in core? Should this be an extension and if it is an extension, is it actually something that's even more generic than just an app?

E

um So this is doing things in a way, that's a little bit different from depop, because it is not tied into the the deep pop key presentation and um sort of the oauth protocol flow directly, um but could this be used outside of gnapp as well? Possibly, um that is. That is a question that the community eventually needs. To answer. Inertia, however, will keep these as methods inside of gnap itself.

E

Unless there is a significant force to to extract them,.

E

All right so the resource server draft, we know it's still there, we haven't forgotten about it. uh It's been expired for a little bit, uh but that's because we haven't been doing active publication work on it.

E

The two biggest things for the resource server draft, though because it is a lot simpler than core um is the security privacy and trust considerations uh like we did with the core draft last fall we're going to do the same exercise with the rs draft and um we're also, very importantly, going to be presenting a token model.

E

Now. This is not necessarily a token format. It could be expressed as a token format and it can be expressed as introspection responses, but a model of what tokens represent and sort of that data. Data structure, data model style thing of there is a user. There are rights, there is a client. There is an as there are target rs's. That type of stuff needs to be enumerated and clarified and then mapped into things like jot and introspection response.

E

Okay- and that is all the editors had for our updates.

A

All right, let's see if anybody wants to step up to the mic and ask questions or uh not.

E

Oh there we go hi george.

H

Hey, can you guys hear.

B

H

Hey so I just in in listening to the presentations this morning, it sounded like key rotation, was proof method specific. Is there value in just basically making proofing method a sort of plugable entity and then jose just becomes a one of the proofing mechanisms that support it, and that way, it's sort of you know it. Can you can either plug it in or or not based on on how you want to do it?

H

It just seemed like, from a factoring perspective, you're already heading down a path of saying the proofing mechanisms are sort of unique in their own way. So you could write a standard set of way of saying you could even write instructions like hey. If you have a new proofing mechanism, here's the things that you need to describe right, how you you know cycle keys. You know blah blah blah.

E

Yeah yeah thanks george, uh that is exactly how it's written already. Actually, uh the so the jose stuff is already a separated module if you will, uh as is http signatures and um mutual tls, um so you're already allowed to um you know plug that in or out as you see fit.

E

So, for example, one of the things that we did for the hackathon is we decided we were just going to use http signatures as our proofing method for all of our stuff, um even though the the java, as does support the jose methods and and other stuff as well um so yeah.

E

That is, that is the intent, and that is hopefully something that will come, become more clear with the discussion on how to write extensions like what a new proofing method needs to cover what it needs to what aspects it needs to have in order for it to be considered a valid, gnat proofing method.

E

This also ties into the mandatory to implement discussion of um you know if you're talking to an authorization server, can you expect for there to always be one type of proofing method that is always supported, or is that going to be based on some other deployment profile so yeah? It already is that type of separate module.

H

Cool in in that context you had mentioned that, um and obviously I checked out a long time ago, so I'm listening to try and gain some ideas or gain some familiarity. I can't talk it's early here in the u.s.

H

Is there a way when I hit that first single endpoint since there's no real configuration to basically ask with the proofing methods supported by the asr.

E

uh Sorry I had to get up to the speaker here, um so the question is: can you ask what proofing methods are supported, and yes, so with that first url? If you make an http options, request to that, the as uh is required to send back what is effectively a.

B

E

Document you can also with the new error codes. You can also just blindly try your first request and then, if the, if the error comes back and says like hey, that method isn't supported, then you switch and go do stuff like that um in the wild like we, we see clients doing both.

E

We see clients like trying to pre-configure themselves and do the right thing, and we see clients that just kind of blast the thing that they know how to do and if that fails well, I couldn't reconfigure myself anyway, um so get out kind of allows. Both types of client behavior with at least predictable results.

E

It's not going to guarantee that it's going to work, because you know if a client only does jose then, and it's talking to a server, that's doing tls, that's obviously not going to work, um but there's at least predictable results when that's when that kind of combination shows up cool thanks.

A

E

A

I think that means that all right, you got a uh unfair or actually just you could switch over to your final yeah. The um embedding thing.

D

Run that from your hangout.

E

There we go okay, and I think I have control.

F

All right I'll get my guess.

E

All right last presentation, I still kind of have a voice embedding nap. This is uh something that uh that I posted out to the list. We actually had a speaker about um uh during the interim call um for this talk. I am not speaking as an editor, I'm speaking as an individual contributor to the working group. um None of this can uh carries editorial weight or consent or uh intent. Rather, um I'm not even saying that. I necessarily think this is a good idea.

E

This is a question that I think the group should consider, and uh so what I would like to get out of this discussion is um if the group thinks that this is something that this is an interesting problem that we should address.

E

Let's, let's start that, if not, then we know that we won't all right.

E

So there are a couple of use cases that uh that have been brought up um that have some similar, uh similar aspects, all right, so one that got brought up during this working group's initial boss was this idea of. I am calling an api and the api says: wait.

E

I need the user, that's using you right now to go enter new credit card information, so I need them to go, interact, go do some approval, enter some information and then come back to me and we can keep doing the api thing that feels a lot like a delegation protocol stepping out in the middle there right, even though it's it's it's kind of not um it's. It's getting the user involved in the middle of an existing process. That's something that delegation protocols like knapp.

E

That's what they do. That's their entire purpose. Another use case came up recently in the verifiable credentials. Api um special interest topic, whatever it's called in the w3c. It's not its own working group, because w3c is weird.

E

You've got a wallet presenting a vc and the presentation. Api needs to go gather consent from the user.

E

um In order to do that, it needs to be able to get the user in front of some other piece of software for the user to say hi. It's me, I'm okay with this this and this okay go right.

E

In some cases the user might log in. In some cases, the user might present a separate set of vcs uh to this. In sort of this, you know change transaction thing regardless, once the user says go, then they actually need to come back and the app needs to finish calling the api exactly like it always has.

E

So the reason that I think that this is interesting is that protocols like an app are never used on their own, like nobody ever runs a security protocol for the sake of running a security protocol unless you're a couple of nerds at a hackathon last weekend, uh but that doesn't count uh in the real world you're either protecting an api, you're gathering user information or you're just you're just doing something and the security protocol is your means of doing that right or it's part of your means of doing that, and that's that is actually really important.

E

How gnap fits in with other protocols and ecosystems is intentionally flexible because we've learned a lot from how oauth 2 has been used over the years, both as part of open id connect and on its own and as part of other systems.

E

So we've got two models today. I'm going to go through three different models: we've got two that exist today. We either have a traditional delegation.

E

We can embed protocols inside of canap itself, and I want to raise the question of. Does it make sense to embed gnap inside of another protocol?

E

So what do those look like with traditional delegation? You go try to do the protocol, your tar, your end target protocol. You try to go. Do that and you fail and you get told to go talk to an authorization server do whatever that says and then come try again come back with an access token and talk to me to prove that you've done this all right.

E

This is really simple uh from a protocol design perspective like we all know how this works. We've been doing this for a very, very, very long time.

E

Gnap fits completely in that box in the middle and does not really touch the outside of the protocol, except for that www off header that indicates go start the connect process, and otherwise you know that's that's pretty much it. This is plain, vanilla, api access, so the benefits of this is that it separates the layers very cleanly, and that is a really really big benefit to be clear, the ganap layer and the protocol layer don't really have to know anything about each other.

E

They don't have to deal with each other separate set of concerns, and it's usable without modif, without modifying either protocol like an app doesn't have to do anything special. The protocol doesn't have to do anything special except say that it's protected by access tokens and knows how to kick this off right, but it doesn't need to the protocol, doesn't need to know anything about how these are interacted or, what's being requested, or anything like that, if it doesn't want to- and another huge benefit here- is that you can do this against multiple protocols at once.

E

This abstraction layer across of security across different apis is one of the biggest things that delegation protocols, like cannabinoauth, really really give us.

E

The downside is. This is very chatty. There's a lot of back and forth. There's a lot of discrete steps um when you know the end result that you're trying to get to, and it's really really inefficient for the simple cases like going and getting, and um you know credit card information like I'm, not really asking for additional access to the api. At that point. It's just that's the only means the api has. If we're doing this, the only means the api has for getting the user involved is to say your access.

E

Token failed quote: unquote, go tell the user right.

E

Then there's the case of embedding protocols inside of canap itself, so you start a genetic process, but then, with extensions, probably through the interaction methods, you're actually going to go, do a co, a totally different protocol inside the context of canal and then you're going to return the results of that as part of the canap response. An app is built to be extended in exactly this way. The reason for this is this is exactly what openid connect did to oauth 2..

E

You go start off the map process, make your grant request and say I can do the foo api for my interaction method. This is how I can get the user involved, and so I'm going to go do that food protocol and I can do all whatever I need to do, whether that's exchanging vcs or calling you know, back-end fabrics to post information or doing key exchanges.

E

Good app doesn't care during this phase like it's, whatever extensions you want to be able to do there, and then you kick off this interaction. Finish portion of the ganap protocol, which can happen, can then take over and say all right now that that's done hey.

E

I've got this extra chunk of information that I can return directly to you at the client as part of the gnap response, the most obvious way to use this is for things like identity information, so I'm going and I'm doing a negotiation for which types of uh user claims and uh attributes that I'm asking for and I'm getting back, signed assertions that I can then use as part of federation transactions right.

E

The downside is that this is a very specialized integration that assumes that you are doing gnapp right from the start, which is a really really funny thing to think of. If somebody is trying to go and actually do something else.

E

So if somebody just wants to call their, you know purchase api embedding that every time inside of the gnap request makes no sense, especially in the cases where it's just going to go through right. You already have all of the information.

E

This is a whole other extra layer of overhead, which is why the login case makes sense, because you're kicking off a brand new process when you're going to get login information. So it makes sense that you might have to do some additional stuff to get there when you're calling other kinds of apis. It doesn't make nearly as much sense.

E

So that brings us to the third and, uh in my opinion, weirdest case, of embedding gnap inside of a different protocol.

E

So we started the protocol and then we get kicked out of the protocol and start doing gnaps stuff sort of already in process already in progress, and then we do that for a bit and then we land back at the original protocol.

E

Now what this looks like this absolutely looks weird this is this is looks really funny, but this is the way that these use cases keep getting described, and this is why I think this is fascinating, because I go to call the api and I'm just doing the native api call whatever. That is not even necessarily access tokens, I'm just calling the api and doing that and then the api says hey. I have figured out that I need to get the user in front of me somehow.

E

So here is a gnapp response block. It's got interaction and continuation, and all of that other stuff that can app defines go process this and to process that you go and you start doing gnap you follow the interaction stuff.

E

You do the token continuation you do all of that stuff and then, when that has been fulfilled, the api call comes back with the native api response, so the thing that you were asking for in the first place, it's a vc. It's the uh the purchase completion, it's whatever this is not something embedded inside of a knapp response anymore. This is the native ape target api.

E

Now. The upside of this is that this is a really efficient use of the gen-app security components, because you're only using the bits that are relevant to you, like you're, getting the user in front of something else. You are managing the state of that request over time and then you're getting out of the way.

E

And calling the protocol natively at the start and at the end, that that feels right, because that's what the developer is ultimately trying to do, they're not trying to get access to the api, they already have access to the api, there's just an additional bit of user interaction and consent and other stuff that they need to gather in the middle of that api.

E

So the downsides is that this is a really strange specialized integration and gnapp was never meant to start halfway through like this, like the nap process is always you start it exactly the same way and then then you branch off into all of these different options, um that is, that is a fundamental pillar of gnapp's design.

E

All right. um Every version of this is going to depend on the protocol that it's being embedded in so that can app response coming back. You know it's going to look different. What, if I'm calling an api that speaks, xml or speaks cozy or speaks something else? Gnapp is defined in json over http.

E

So if I'm getting a json blob embedded in some other protocol definition, that means I now need to sort of roughly shift gears to go. Do this other thing that feels very strange and what we're seeing right now um with the handful of places that are doing stuff like this, is that, instead of embedding gnap they're, actually uh claiming inspiration from gnab and doing this interaction type stuff right, so my question to the community to the working group is: is this something we care about?

E

It's been, it hasn't been brought up a lot, but it's been brought up at least twice, which is interesting in very different contexts, and my question to the group that I think we should consider is: are the extension points that we have sufficient?

E

Should we explicitly consider this case of pulling like the middle bits of gnap out and saying how people should use it in that way, or is this something that we just we just are silent on and if people take inspiration from ganap, that's good enough. um Do we even care? So that's that's my question. I don't have those answers.

G

uh Jonathan hoyland cloudflare um this I mean, obviously people think I say this about everything, but uh this this looks like a place where you'd use channel bindings and importers and exporters, because what you're actually trying to do is not produce one sort of super big protocol, you're trying to say we want to in a principled way, get some security guarantee from using gene app or using some other protocol inside gene app and transfer that between the two protocols, and rather than trying to come up with a sort of one-size-fits-all solution, you should, or you could produce an importer interface where people can import keys and an exporter interface where people can take keys out that give you those guarantees when used yeah, I know so it could be done in a principles way.

G

If you want to do formal analysis stuff all right.

E

Thank you, I'm honestly, I'm not sure I fully understand that response as to what the key important export binding would have to do with with this, because I think we might be talking past each other, so.

G

If you, if you have this sort of protocol in the middle, um rather than trying to say, define your food protocol, gene app interface.

B

G

And then going away and using it, you could just say: gene app. Has this api call that you can make at the beginning and produces some output at the end, um and then foo just has to be able to use those two um without understanding anything about gene app or defining anything about cheating.

E

Yeah, that's what's what you're describing is this.

G

uh Okay, yeah, but uh my point is you could do it in a formal analysis, style? Okay, thank you.

E

So the embedded gnap just to be clear, is basically an optimization of this model where you sort of slice off the top and bottom of that box in the middle, in order to make it more streamlined and compact, at least in theory right um and the main reason for this is that you are no longer in in the proposed use cases. You are no longer really calling a protected api.

E

You are just kicking off for user interaction and coming back, and the answer may very well be we just tell all of these groups go figure it out on your own. That's that's your protocol. If you don't want to fully step out into delegation space, then that's not our problem. That might very well be the the right answer, and I would be fine with that, um but because this has come up a few times, people have looked at knapp and said: maybe I can use parts of it.

E

I think we should at least have an answer for that.

A

So aaron, do you want to oh sorry jaron? Do you want to jump in.

C

Yeah, so let me check if you can hear me.

C

All right, so I think this can become very complicated very quickly and we should avoid it now, uh we're still figuring out our own state machine.

C

They security integration, which jonathan alluded to is complicated. Maybe it's doable. Maybe it's not. I think it would just hold us back and we shouldn't look at this.

C

Before the v1 is out.

E

So if those of you in the room didn't hear yarns take was that we shouldn't should not look at this until v1 is, is done, which is a totally reasonable, take and honestly kind of something I personally lean towards. But I wanted to make sure that this was written down and we considered if this was worth it.

A

All right, that's that's it yeah and I think that gets us. I'm gonna put the chair slides back just for uh for the hell of it and yeah, um so um the uh I that gets us to the end of our content for for today, and uh we didn't actually put up a slide that says open mic, but this is it right. So if somebody has anything they want to raise otherwise we're uh we're out of here um early and uh hopefully meet again well gerald. Have we decided on the interims?

A

um I don't think we have decided on the m trims yet.

C

No, no, we have not.

A

No, but we will definitely discuss that on the list and it's like very likely that we'll do in further interims before philadelphia, but you know hope to see more of you in philadelphia um for itf 140 114 and I think that's um not seeing anybody running for the mics or up to the queue. So I think that's it and thank you all for for coming.

F

B

A

One of them um well.

B

A

Of them are really.

B

A

And uh who you might have talked to, I don't know, maybe maybe but.

B

um They're gonna be.

A

Involved in a lot of work.

E

Yeah, a lot of the there's there's a few different people in the wallet space that are implementing that for yeah.

H

E