Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / Interim Meetings / 7 Jun 2023
Internet Engineering Task Force / Interim Meetings / 7 Jun 2023
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF-GNAP-20230607-1400

Description

GNAP meeting session at IETF
2023/06/07 1400

https://datatracker.ietf.org/meeting//proceedings/

A

But you're creating it commercially for your own company.

B

Yeah, yes, yes, very good.

A

And I think still.

B

There's no sound I, don't know why.

A

How about now yeah.

B

That's fine! That's fine!.

A

Yeah I wonder what happened? Are you still seeing like uh places where the spec is unclear.

B

In general, it's fine but I, think I'm a bit based here, because since I wrote a part of it.

A

I'm.

B

Not.

A

Sure, yes,.

B

But at least it it makes sense from what I'm doing it makes sense, um but then I'm not entirely sure someone that's not participated in in the writing. Of it will understand everything and I'm, not sure it's, um but at least it's going well. Hi Justin.

A

Hey Justin.

C

Hello, okay, I think I've got everything unlocked on my browser here now took a moment good.

A

Justin, do you have any slides or is it.

C

uh No no slides prepared for the day uh we've got. The the only change was the uh the set of diffs that went into the latest Draft, so I figured. We could talk about that directly, maybe view the diff itself directly, um but no slides. On top of that.

C

I think we lost your audio, though.

B

We had the same issue a few just before you arrived gotcha.

B

Foreign.

B

Yes,.

C

Yes, loud and clear.

C

Nope, yes, yes, we can. Can you hear us.

A

Okay,.

C

Can you hear us.

B

I can hear you.

A

No.

A

Wow.

C

Okay, well.

A

Okay, now I can.

C

Oh okay, oh good, good I was afraid we were going to have it be. uh Was that that's a single mutex, audio Kodak? If I remember my multimedia codec days.

A

Simplex simplex anyway,.

C

That's right.

C

Here we go.

A

There's exactly one participant on the list: I don't recognize.

A

And I don't even know how to read it. So, okay, we have one more person joining.

C

All right is Leif uh gonna be joining us. Do you know.

A

I haven't heard from him: okay,.

A

Foreign.

A

Well, not Quorum, um but then we will need to run things on the mailing list. That's always required, but this time it's not only formality. We need to get some packing to move forward to the isg.

C

Yeah uh we posted to the list after making the changes, um but nobody nobody responded at that time, yeah happy to go through them today. uh Do you want to share or should I.

A

Please do okay.

C

um

C

All right so I did the screen share request over here, and you have to. This is pretty good for something. Okay share, my screen.

C

Let's see if I'm gonna, okay.

C

There.

A

We go.

C

All right, okay, um so there were a couple of changes in the latest uh draft, um most of them uh most of them small editorial uh things like rotating the token's value, instead of rotating the token just being more precise there, the biggest change you can actually see, starting in this example, and that's the token management like we talked about in Yokohama, um instead of token management, uh now being based on just a URI, um it is now set up much like the continuation uh response in that there's, a URI and an access token uh structure.

C

That goes with that. The access token is mandatory here it is. This is the text that defines it um so the manage field uh when it comes back with an access, token object. It means that you.

C

Basically, uh you get a special access token just for managing the access token and and for nothing else um previously, we had used the token itself to call the token management API, um but uh there was pushback on that during last call and after discussion, we uh we backed that off and now are using a separate access token for accessing that API.

C

uh This is a little bit more complicated, but it is parallel with the rest of the um with a lot of other functions in the draft and um in fact, most of this text we took from the continuation token text. That's already been um uh discussed at length uh in the group, so two Fields here, the URI that you call and then the access token that you use to call that um it has the same constraints that the continuation token has, um which is to say it must be bound to the client's.

C

Key must not be a bearer token, which means the flags array must not have the string pair and and the key field must be omitted um also to prevent uh infinite. Recursion. The token management access token must not have its own token management access. Token for.

A

Managing.

C

The token management token um so basically, this is a special use token, and if it stops working then it just it stops working. There's you! You have to go, get a new access token um from from the grant, API and then I have uh that's.

A

A simple can I have simple implementations that don't know about the management token and the the base access token just expires, and that's that.

C

Yep yep, you don't uh returning the manage field is optional entirely, so you can. You can completely have an access token that just dies um or is manually revoked or anything like that, and then you don't have to worry about this and this one of the reasons that we were. uh We were comfortable with doing this. Is that uh that's how most of the implementations we've seen so far are built?

C

They just have simple tokens that expire and then then, that's the that's the end of it, um but the feedback we got um from the uh from the thin Bose folks and from um uh the uh the Gen folks, gen digital is that uh if they were to implement this, then uh what we had had in the draft previously, where we were using the same token value was, uh was not going to be um easily implementable for them, um but separating it out as a separate field that they could track was a pattern that that you know we've already already done in a lot of ways.

C

It's similar to the oauth 2 refresh token, uh with slightly different properties, but uh a a similar idea of using a separate value to control access to uh to token management. This.

B

Also gives you token.

C

Revocation capability at the client- because that's all it's all part of the same API.

C

So, along with that definition, we of course changed the token management API specification down below.

C

um So we now no longer have this. If it's sender constrained, if it's Bearer blah blah blah, it's always just the token management access token. uh That's always the one that's used and similar to the continuing continuation API. You must uniquely identify a token being managed from the token management, URI, token management access, token or a combination of both of those. So just like the can, uh just like the Grant Management API, it's the same same set of constraints which.

B

I think simplifies a lot actually.

C

Yeah I I think so as well, uh we're putting less weight on just the API and allowing or sorry just the URI and uh allowing the as to uh make some deployment decisions. There.

A

But from an API point of view, there's no change.

C

I mean yeah, there's it's still a token protected endpoint, it's just which token you're using to protect. It is now different.

A

But the management apis.

A

On change.

C

Yeah, the actual management apis themselves uh are not changed, um sort of what the as has to do with it is simpler now, um because we don't have to have all of this. If the tokens expired, then you can still rotate it, which was the source of uh uh contention, and we also don't have to have the if it's a bearer token, then don't treat it like a bearer token uh text, which is which was also confusing to people I. Think a lot of this comes from this being a less uh a much less exercise.

C

Part of the specification um so uh I think that's. Why we're only hearing about all of this now, even though all of all of this has been in this fact for a very long time,.

C

And those are really the main changes um you know there's a little. Oh, uh there is key rotation um which I can go into in a bit uh once we're done with this topic.

C

That's why I wanted to pull up the diff to make sure we didn't miss any major topics, but this is the difference in the token response, so, instead of a managed URI, you get to manage URI and token value.

A

Thank you.

A

Before we move into uh irritation, do we still have any outstanding issues.

C

um No, we do not.

C

Hearing uh yep all issues are closed.

A

Amazing.

C

Yeah there was uh one other issue that got raised about um uh interaction, uh responses and sort of bundling the Finish methods, and things like that- um and we talked with the author about that uh on GitHub and um proposed that that might fit as an extension and they agreed.

C

So we closed that on we closed that one under needs text and because they nothing's been proposed. Yet.

C

But those those were the two outstanding issues.

C

All right, uh so, if we're okay on that topic, I can talk about the the key rotation changes.

A

Yeah, let's do that.

C

um So there was actually a um a uh security report on HTTP message: signatures uh about how we were proposing it being uh getting used, um namely signing the signature value in order to compound signatures um and that's what we were using to do uh key rotation in gnap, um and so we fixed uh we fixed HTTP signatures there weren't. Actually any protocol changes there, but the advice on how to apply it changed a bunch that of course affected uh both gnap, which we have here.

C

I'll talk about in a sec, as well as the fappy profile of hdb signatures, which was doing the same thing.

C

um So the the researchers were right to call this out and and carefully explain why uh why it wasn't a good idea, because uh several groups saw the obvious um use which turned out to be turned out to be not very good.

C

um So in any event, um key rotation. Previously, you would just sign the old signature value um so yeah, and that was it so.

A

That's the only change at the HTTP signature layer, nothing at the gnap player really.

C

uh So I took an app layer. The requirements for doing key rotation are now you sign the whole request again, including the signature and signature input.

C

um So previously you could get away with just with just this line and now we're saying no, you actually have to tie it to the entire message, because you don't get the transitive signature property that we thought we were getting before so you're still doing, HTTP signatures you're still applying two signatures in order, uh but you just also have to tie it to the rest of the message in order for it to be considered, secure.

A

Is there any hardship at the implementation level that you see here.

C

No because this is all stuff that you would have to do uh to apply the first signature anyway,.

A

So you just need to save the the individual fields and verify them when they come back.

C

Yep yep, exactly which you have to do to verify the first signature anyway. Now it's just you have them both in both signatures, instead of uh only applied to one signature.

C

And the up and the examples here are updated from uh from the script that generates all of these.

C

When we do have the application tag of gnap in the example now, oh we did before. Okay, we did do that before otherwise.

A

That their authorization had uh signed.

A

Kind of at a different.

C

Layer.

A

To me.

C

So this is the call to the um the, since this is key rotation. This is a call to the either the token management endpoint or the um uh Grant Management endpoints.

C

So those are both token protected, uh which means that the access token itself is bound to the key and so signing the authorization. Header value uh shows that you are presenting this token value, underneath this particular key.

A

Yeah, okay,.

C

With HP signatures, we were very deliberate about not using the authorization header to carry the signature itself, which previous drafts of the signature the signature scheme uh did allowed, that which I think does conflate the different layers.

A

And just out of curiosity, you said that this also applies to Fat pay. Is that a profile of Fabi, some specific, like variant.

C

uh So fappy has the HTTP signatures uh or signed HTTP requests or uh subsection, uh uh so there's the core fappy and then there's a couple of sort of additional documents. One of them is about signed HTTP, which uses both HTTP signatures and all of the oauth Jose methods, like you know, jar and charm and Par and all of this other stuff. In order to uh to tie everything together,.

C

Thank you, so flappy has a similar requirement to sign uh to sign the authorization header, but also you know, method, uh method, uh I, don't remember if they do Target URI or just at authorization.

C

Digest if it exists.

C

Pretty sensible set of defaults.

C

And yeah, that's um that's! That's pretty much! The set of changes uh there's a couple of editorial updates, but those are the two. Those are the two big ones.

C

And that should address all of the things that came up in last call, uh both in ganapa and in HTTP Sig, that we depend on.

A

All right looks good, so what I suggest we do is I will send an email to the list saying everything seems to be closed, no issues blah blah blah and if there are no additional comments coming in within the next I, don't know week, we will write shippers document and move it to the ID.

A

Okay, so default yes, but we're still I still want to run it, but by the mailing list.

C

Absolutely.

C

um So hopefully we can get it into at least uh at least 80 review space um before San Francisco um and uh yes, maybe I'm optimistic, but maybe iesg review bye. Then at least for court.

A

Yeah and then we probably don't need to meet in San Francisco, which is yeah interesting.

C

Well, we do have the uh the RS draft, uh not a lot of changes on that, but.

C

uh

A

Any plans on that one before San Francisco.

C

We need to add the uh we've got the token model section, so we need to add this token management. Token. To that, uh that's the only thing that jumps to mind soft.

B

Fabian just came off.

C

Mute though so.

B

Yeah yeah, no there's a few things uh yeah. We could at least publish a new version.

A

Okay sounds good.

C

I, don't think we need a long meeting, though in San Francisco I am planning to be in San Francisco anyway, it's a it's a relatively simple trip. For me, at least it's not International.

A

Yeah, it's a longer trip for neighbor I'm planning to be there.

B

Okay, yeah I won't be there I'm ex. My wife is expecting a child. So oh.

C

Congratulations.

B

Thank you.

A

All right, I think this was it.

B

Thank.

A

You very much.

B

Thanks a lot bye-bye.

C

Bye.